* Better comments in our Docker images
* Make `cli/access-permissions.sh` compatible with other Apache groups such as `http` for Linux Arch
* Better `/Docker/entrypoint.sh` supporting various Apache configuration paths (and slightly faster).
* Add test image for Linux Arch (not sure we will keep it)
See
* https://github.com/FreshRSS/FreshRSS/pull/8279#issuecomment-3620674818
Better fix instead of https://github.com/FreshRSS/FreshRSS/pull/8216
Based on error message:
Error: in 18+, these Docker images are configured to store database data in a
format which is compatible with "pg_ctlcluster" (specifically, using
major-version-specific directory names). This better reflects how
PostgreSQL itself works, and how upgrades are to be performed.
See also https://github.com/docker-library/postgres/pull/1259
Counter to that, there appears to be PostgreSQL data in:
/var/lib/postgresql/data (unused mount/volume)
This is usually the result of upgrading the Docker image without
upgrading the underlying database using "pg_upgrade" (which requires both
versions).
The suggested container configuration for 18+ is to place a single mount
at /var/lib/postgresql which will then place PostgreSQL data in a
subdirectory, allowing usage of "pg_upgrade --link" without mount point
boundary issues.
See https://github.com/docker-library/postgres/issues/37 for a (long)
discussion around this process, and suggestions for how to do so.
* Rename tls.yml to tls.yaml
Rename tls.yaml so it will be align to the entry in docker-compose-proxy.yml:
volumes:
- ./tls.yaml:/etc/traefik/tls.yaml
To prevent error:
error="error reading configuration file: /etc/traefik/tls.yaml - read /etc/traefik/tls.yaml: is a directory"
* Update example.env
Added option for SERVER_URL
To prevent warning:
WARN[0000] The "SERVER_DNS" variable is not set. Defaulting to a blank string.
* Update example.env
Change SERVER_URL to SERVER_DNS
* Use .yml consistently
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Force our Alpine-based Docker image to PHP 8.4 (default is still PHP 8.3).
Related to the fact that we may have to [revert our Debian image to Debian 12 with PHP 8.2 instead of Debian 13 with PHP 8.4](https://github.com/FreshRSS/FreshRSS/pull/7805), so for the next FreshRSS release, we can offer at least one image with PHP 8.4.
* Optimize how much data needs to be `chown`/`chmod`ed on container startup
This works around an issue where `chmod`/`chown` operations inside a
container can be extremely slow when using the `overlay2` storage
driver, resulting in 10min+ container startup times.
It modifies the owner of the webapp when building the container so that
only the `data` and `extensions` directories (which are commonly mapped
as volumes into the container) have to be modified by the
`access-permissions.sh` script at container startup.
When not running via docker the behaviour of the `access-permissions.sh`
script is unchanged.
* Take DATA_PATH environment variable into account when fixing permissions
* Revert change to using bash for arrays
(the alpine image doesn't include `bash`)
* A few more improvements
* Slightly tweak reapply permissions variable
- lowercase to indicate it's not an env variable
- use 0/1 to address potentially-irrational paranoia about unset variables
* Remove conditional logic to skip reapplying permissions
Also documents why in a comment so it's not missed in the future.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Adds BASE_URL to example .env file
I found without specifying a BASE_URL then the installation command gets confused
❌ FreshRSS error during installation!
FreshRSS error: invalid input: default-user cannot be empty
The provided example base url may not be desired, but the readme should be updated with 'something' to make first use more user friendly.
* Update Docker/README.md
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Apache protect more non-public folders
* Also protect root
* Do the same for /p/
* Simplify Require all denied
In case of Apache 2.2, it will just make an error 500 instead of 403
* .htaccess.dist
* Simplify
* Better comment
* Fix OIDC session params definition
- standardize environment variable names
- group all in the same configuration file
- use mod_auth_openidc default values
- fix `OIDCSessionMaxDuration` because it was not set with the previous
code
- add documentation
* Add double quoting to prevent globbing and word splitting
* Revert line deleted by mistake
* CLI database backup and restore
Can also be used to migrate from one database to another (e.g. MySQL to PostgreSQL) or to ease upgrade to a major PostgreSQL version (e.g. 15 to 16).
* +x
* Fix some cases
* Update to docker-compose-v2
* More documentation
* Fix CLI install with prefix
It was not possible to pass a blank prefix
* Fix regression EXIT_CODE_ALREADY_EXISTS
The dedicated exit code was not sent anymore when a user already exists
