mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-02-06 11:31:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
5cb49094b83582093c2cb06eeb7d2fbd4bcba080
FreshRSS/Docker/entrypoint.sh
Carey Metcalfe bb659ee27a Optimize how much data needs to be chown/chmoded on container startup (#7793) 
* Optimize how much data needs to be `chown`/`chmod`ed on container startup

This works around an issue where `chmod`/`chown` operations inside a
container can be extremely slow when using the `overlay2` storage
driver, resulting in 10min+ container startup times.

It modifies the owner of the webapp when building the container so that
only the `data` and `extensions` directories (which are commonly mapped
as volumes into the container) have to be modified by the
`access-permissions.sh` script at container startup.

When not running via docker the behaviour of the `access-permissions.sh`
script is unchanged.

* Take DATA_PATH environment variable into account when fixing permissions

* Revert change to using bash for arrays

(the alpine image doesn't include `bash`)

* A few more improvements

* Slightly tweak reapply permissions variable

- lowercase to indicate it's not an env variable
- use 0/1 to address potentially-irrational paranoia about unset variables

* Remove conditional logic to skip reapplying permissions

Also documents why in a comment so it's not missed in the future.

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
2025-08-08 13:36:57 +02:00

90 lines
3.0 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/sh
ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime
echo "$TZ" >/etc/timezone
find /etc/php*/ -type f -name php.ini -exec sed -i -E \
-e "\\#^;?date.timezone#s#^.*#date.timezone = $TZ#" \
-e "\\#^;?post_max_size#s#^.*#post_max_size = 32M#" \
-e "\\#^;?upload_max_filesize#s#^.*#upload_max_filesize = 32M#" {} \;
if [ -n "$LISTEN" ]; then
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^Listen#s#^.*#Listen $LISTEN#" {} \;
fi
if [ -n "$TRUSTED_PROXY" ]; then
if [ "$TRUSTED_PROXY" = "0" ]; then
# Disable RemoteIPHeader and RemoteIPInternalProxy
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "/^\s*RemoteIP.*$/s/^/#/" {} \;
else
# Custom list for RemoteIPInternalProxy
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^\s*RemoteIPInternalProxy#s#^.*#\tRemoteIPInternalProxy $TRUSTED_PROXY#" {} \;
fi
fi
if [ -n "$OIDC_ENABLED" ] && [ "$OIDC_ENABLED" -ne 0 ]; then
# Default values
export OIDC_SESSION_INACTIVITY_TIMEOUT="${OIDC_SESSION_INACTIVITY_TIMEOUT:-300}"
export OIDC_SESSION_MAX_DURATION="${OIDC_SESSION_MAX_DURATION:-27200}"
export OIDC_SESSION_TYPE="${OIDC_SESSION_TYPE:-server-cache}"
# Debian
(which a2enmod >/dev/null && a2enmod -q auth_openidc) ||
# Alpine
(mv /etc/apache2/conf.d/mod-auth-openidc.conf.bak /etc/apache2/conf.d/mod-auth-openidc.conf && echo 'Enabling module auth_openidc.')
if [ -n "$OIDC_SCOPES" ]; then
# Compatibility with : as separator instead of space
OIDC_SCOPES=$(echo "$OIDC_SCOPES" | tr ':' ' ')
export OIDC_SCOPES
fi
fi
if [ -n "$CRON_MIN" ]; then
awk -v RS='\0' '!/^(FRESHRSS_INSTALL|FRESHRSS_USER|HOME|PATH|PWD|SHLVL|TERM|_)=/ {gsub("\047", "\047\\\047\047"); print "export \047" $0 "\047"}' /proc/self/environ >/var/www/FreshRSS/Docker/env.txt
sed </etc/crontab.freshrss.default \
-r "s#^[^ ]+ #$CRON_MIN #" | crontab -
fi
./cli/access-permissions.sh --only-userdirs
php -f ./cli/prepare.php >/dev/null
if [ -n "$FRESHRSS_INSTALL" ]; then
# shellcheck disable=SC2046
php -f ./cli/do-install.php -- \
$(eval "echo \"$FRESHRSS_INSTALL\"" | sed -r 's/[\r\n]+/\n/g' | paste -s -)
EXITCODE=$?
if [ $EXITCODE -eq 3 ]; then
echo ' FreshRSS already installed; no change performed.'
elif [ $EXITCODE -eq 0 ]; then
echo '✅ FreshRSS successfully installed.'
else
echo '❌ FreshRSS error during installation!'
exit $EXITCODE
fi
fi
if [ -n "$FRESHRSS_USER" ]; then
# shellcheck disable=SC2046
php -f ./cli/create-user.php -- \
$(eval "echo \"$FRESHRSS_USER\"" | sed -r 's/[\r\n]+/\n/g' | paste -s -)
EXITCODE=$?
if [ $EXITCODE -eq 3 ]; then
echo ' FreshRSS user already exists; no change performed.'
elif [ $EXITCODE -eq 0 ]; then
echo '✅ FreshRSS user successfully created.'
./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user
else
echo '❌ FreshRSS error during the creation of a user!'
exit $EXITCODE
fi
fi
# Fix permissions of data added by prepare.php as well as a potential
# installation/user setup
./cli/access-permissions.sh --only-userdirs
exec "$@"
Reference in New Issue View Git Blame Copy Permalink