* Listen for IPv6 connections
* Added information about LISTEN6 variable
* Make LISTEN variable a comma-separated list of values
* Removed debug commands
* Revert changes
---------
Co-authored-by: Rufubi <>
* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037
* Minor simplification
* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
* API avoid logging passwords
* Strip passwords and tokens from API logs
* Only log failed requests information when in debug mode
* Remove debug SHA
* Clean also Apache logs
* Better comments
* Redact also token parameters
* shfmt
* Simplify whitespace
* redacted
* Docker Alpine timezone for :newest and :oldest
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/4903
Forgot the development images Newest and Oldest
* Uniform timezone behaviour
* shellcheck
* A bit more documentation
* Docker Alpine 3.17
Update alternative Docker image to Alpine 3.17 with PHP 8.1.12 (and still Apache 2.4.54)
https://alpinelinux.org/posts/Alpine-3.17.0-released.html
* Fix developer access rights
Put developer in www-data group
Remove output buffering during auto-install of FreshRSS and auto-creation of the default user.
We were only getting outputs at the end of each command, which was a problem for getting errors and progress, for instance when automatically importing a very large OPML
* Custom logo HTML
Add option for custom HTML logo/title in the main Web UI view.
Can potentially be different per user.
#fix https://github.com/FreshRSS/FreshRSS/pull/3830/files#r850472247
* logo_html in main config
With new `./data/config.custom.php` to provide custom values before install
* Docker documentation
* whitespace
* Auto relax CSP to allow images for HTML logo
* Documentation
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
Should be done during build and not during entrypoint, to avoid modifying a potential volume (e.g. mounting the source code as a volume is used during development).
Adding the crontab as part of the image build makes it more complicated
to add custom entries to the crontab. Adjusting the image and entrypoint
to make it so that the crontab is only added when CRON_MIN is set
simplifies having a custom crontab.
* Improved markdownlint
* Relaxed rules slighlty
* `npm run markdownlint` for automatic tests
* `npm run markdownlint_fix` for automatic syntax fixing
* Applied the fixes on all our Markdown files
* Add .env file for docker-compose (fix#3755)
Adding a .env has the advantage that the configuration can be stored in a separate file and it'll be possible to just get the newest docker-compose.yml file.
* Update documentation for the .env file
* Update Docker/README.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
alpine:3.13 require php5-openssl for some https features.
Otherwise, fail on e.g. the extension page:
```
file_get_contents(): php Unable to find the wrapper "https" - did you
forget to enable it when you configured PHP? in
/var/www/FreshRSS/app/Controllers/extensionController.php on line 45
PHP Warning:
file_get_contents(https://raw.githubusercontent.com/FreshRSS/Extensions/master/extensions.json):
failed to open stream: No such file or directory in
/var/www/FreshRSS/app/Controllers/extensionController.php on line 45
[error] --- Could not fetch available extension from GitHub
```
Does not seem required for newer Alpine versions using PHP7 / PHP8
* Fix nginx config
* Remove `proxy_cookie_path`
* Add `proxy_set_header X-Forwarded-Prefix` for the subdirectory config
* Add nginx config when hosted as domain root
* Add `/` at the end of `proxy_pass`
* Possiblity to autoinstall in Docker Compose
#fix https://github.com/FreshRSS/FreshRSS/issues/3349
It is simply calling our existing CLI: do-install.php and
create-user.php
https://github.com/FreshRSS/FreshRSS/tree/master/cli
FreshRSS will typically be ready a few seconds before the database, so
introduce a tolerance when the database is not available / up (yet) by
trying a few times to connect. Also useful to avoid service interruption
when DB service is restarted.
Example:
```yml
freshrss-app:
image: freshrss/freshrss
container_name:
freshrss-app
hostname: freshrss-app
restart: unless-stopped
ports:
- "8080:80"
depends_on:
- freshrss-db
volumes:
- data:/var/www/FreshRSS/data
-
extensions:/var/www/FreshRSS/extensions
environment:
CRON_MIN:
'*/20'
FRESHRSS_ENV: development
FRESHRSS_INSTALL: |-
--api_enabled
--base_url https://rss.example.net
--db-base freshrss
--db-host freshrss-db
--db-password
freshrss
--db-type pgsql
--db-user freshrss
--default_user admin
--language en
FRESHRSS_USER: |-
--api_password freshrss
--email user@example.net
--language en
--password freshrss
--user admin
TZ:
Europe/Paris
```
* Minor type f in find
* shellcheck
This proposed change includes tweaks to the names of the services and volumes, and adds an explicit label to the postgres and freshrss containers.
Using a more generic "freshrss-db" instead of "freshrss_postgresql" seems more standard among other docker projects and makes it a bit easier to switch databases later.
Removing the "freshrss_" prefix from the volume names solves a problem where the docker-compose automatically prepends a "project name" to volume names upon running "up". So if your docker-compose.yml file is stored in a folder named "freshrss", you would end up with a redundant volume name of "freshrss_freshrss_data".
This also adds a restart policy to the db container.
