mirror
/
friendica-docker
kopia lustrzana https://github.com/friendica/docker
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Porównaj commity

baza: mirror:87724f26881b0f5521a53d0cde86064532f057c7
Gałęzie Tagi
mirror:stable
...
porównaj: mirror:4a709045b07882e63b602c48d0d6054600c5c2df
Gałęzie Tagi
mirror:stable

9 Commity
87724f2688 ... 4a709045b0

Autor SHA1 Wiadomość Data
Hypolite Petovan 4a709045b0
Merge pull request #248 from nupplaphil/feat/error_reporting 
Use production ready php.ini per default
 2024-03-03 00:53:41 -05:00
Philipp 447b53e733
Use production ready php.ini per default 2024-03-02 20:32:45 +01:00
Hypolite Petovan ee363d64de
Merge pull request #246 from nupplaphil/feat/doc 
Add opensocial.at as example
 2024-03-02 08:37:22 -05:00
Philipp 56203fce0e
Merge pull request #247 from nupplaphil/bug/intl 
Fix intlChar
 2024-03-02 09:36:40 +01:00
Philipp 0be4ccaa27
Fix intlChar 2024-03-02 09:33:21 +01:00
Philipp 4b63f12927
Apply suggestions from code review 
Co-authored-by: Hypolite Petovan <hypolite@mrpetovan.com>
 2024-03-02 09:29:47 +01:00
Hypolite Petovan 4196041aee
Merge pull request #245 from nupplaphil/bug/starttls_msmtp 
Fix tls_starttls behavior for msmtp setups
 2024-03-01 17:46:06 -05:00
Philipp 5417ffaa00
Add opensocial.at as example 2024-03-01 23:00:03 +01:00
Philipp 5ed5f9fe77
Fix tls_starttls behavior for msmtp setups 2024-03-01 21:48:19 +01:00
43 zmienionych plików z 657 dodań i 11 usunięć
Pokaż statystyki Expand all files Collapse all files

1
.examples/docker-compose/opensocial.at/.env 100644
Wyświetl plik

@ -0,0 +1 @@
./friendica.conf

49
.examples/docker-compose/opensocial.at/README.md 100644
Wyświetl plik

@ -0,0 +1,49 @@
# Opensocial.at setup
This configuration running at https://opensocial.at is an example of "production-ready" environment.
It focuses on performance and scalability.
## Prerequisites
This setup needs some configuration first to be usable as-is.
1. It uses an external, dedicated database, which is not included here (you can just add a `mariadb` service directly).
2. Avatar caching needs to be enabled
1. Enable the system-config `system.avatar_cache`.
2. Set `avatar_cache_path` to `/var/www/avatar`.
3. It uses a Traefik Docker service as overall reverse proxy for the whole Docker environment.
1. Otherwise, adaptations of the two services `web` and `avatar` are necessary.
## The setup
The setup splits Friendica in as many services as possible.
### Split Frontend & Daemon
This setup splits the frontend services from the background daemon so that it's possible to scale the different aspects of the frontend without harming the state of the cronjob forks of the daemon.
### Redis
Redis is a highly optimized, in-memory key-value storage.
The current setup uses Redis for two features:
- PHP native session handling.
- Friendica-specific session handling.
### [app](./app) (php-fpm)
Each incoming HTTP request is processed by a php-fpm instance.
Thanks to the distributed session handling, it's possible to spawn as many `app` instances as you need.
### [web](./web) (nginx)
This nginx instance is a reverse proxy for incoming HTTP requests.
It serves static resources directly and passes the script requests to the php-fpm instance.
### [avatar](./avatar) (nginx)
This stateless nginx instance serves all avatar pictures of this Friendica node.
### [cron](./app) (php-fpm)
The background daemon, which is based on the same image as the app-image.

15
.examples/docker-compose/opensocial.at/app/Dockerfile 100644
Wyświetl plik

@ -0,0 +1,15 @@
FROM friendica:fpm-alpine
ENV FRIENDICA_UPGRADE=true
ENV PHP_MEMORY_LIMIT 2G
# Use the default production configuration
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
ENV FRIENDICA_PHP_OUT="/var/www/html/php.out"
RUN set -ex; \
touch ${FRIENDICA_PHP_OUT:-"php.out"}; \
chown www-data:www-data ${FRIENDICA_PHP_OUT:-"php.out"};
RUN sed -i 's/access.log = \/proc\/self\/fd\/2/access.log = \/proc\/self\/fd\/1/g' /usr/local/etc/php-fpm.d/docker.conf

18
.examples/docker-compose/opensocial.at/avatar/Dockerfile 100644
Wyświetl plik

@ -0,0 +1,18 @@
FROM nginx:latest
RUN usermod -u 82 www-data
RUN set -ex; \
mkdir -p /var/www/html; \
mkdir -p /etc/nginx/snippets;
COPY ./templates /etc/nginx/conf.d/templates
COPY nginx.conf /etc/nginx/nginx.conf
COPY error-page.html /var/www/html/error-page.html
COPY custom-error-page.conf /etc/nginx/snippets/custom-error-page.conf
COPY *.sh /
RUN chmod +x /*.sh
CMD ["/cmd.sh"]

8
.examples/docker-compose/opensocial.at/avatar/cmd.sh 100644
Wyświetl plik

@ -0,0 +1,8 @@
#!/bin/sh
set -eu
envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active
nginx -qt
until ping app -c1 > /dev/null; do sleep 1; done
exec nginx -g 'daemon off;'

5
.examples/docker-compose/opensocial.at/avatar/custom-error-page.conf 100644
Wyświetl plik

@ -0,0 +1,5 @@
error_page 404 403 500 503 /error-page.html;
location = /error-page.html {
root /var/www/html;
internal;
}

94
.examples/docker-compose/opensocial.at/avatar/error-page.html 100644
Wyświetl plik

@ -0,0 +1,94 @@
<!DOCTYPE html>
<html>
<head>
<style type=text/css>
* {
-webkit-box-sizing: border-box;
box-sizing: border-box;
}
body {
padding: 0;
margin: 0;
}
#notfound {
position: relative;
height: 100vh;
}
#notfound .notfound {
position: absolute;
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
}
.notfound {
max-width: 520px;
width: 100%;
line-height: 1.4;
text-align: center;
}
.notfound .notfound-error {
position: relative;
height: 200px;
margin: 0px auto 20px;
z-index: -1;
}
.notfound .notfound-error h1 {
font-family: 'Montserrat', sans-serif;
font-size: 200px;
font-weight: 300;
margin: 0px;
color: #211b19;
position: absolute;
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
}
@media only screen and (max-width: 767px) {
.notfound .notfound-error h1 {
font-size: 148px;
}
}
@media only screen and (max-width: 480px) {
.notfound .notfound-error {
height: 148px;
margin: 0 auto 10px;
}
.notfound .notfound-error h1 {
font-size: 120px;
font-weight: 200;
}
.notfound .notfound-error h2 {
font-size: 30px;
}
.notfound a {
padding: 7px 15px;
font-size: 24px;
}
}
</style>
</head>
<body>
<div id="notfound">
<div class="notfound">
<h1>Sorry the page can't be loaded!</h1>
<div class="notfound-error">
<p>Contact the site's administrator or support for assistance.</p>
</div>
</div>
</div>
</body>
</html>

70
.examples/docker-compose/opensocial.at/avatar/nginx.conf 100644
Wyświetl plik

@ -0,0 +1,70 @@
##
# Friendica Nginx configuration
# by Olaf Conradi, modified by Philipp Holzer
#
worker_processes 4;
events {
worker_connections 1024;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
map $request_id $formatted_id {
"~*(?<p1>[0-9a-f]{8})(?<p2>[0-9a-f]{4})(?<p3>[0-9a-f]{4})(?<p4>[0-9a-f]{4})(?<p5>.*)$" "${p1}-${p2}-${p3}-${p4}-${p5}";
}
map $http_x_request_id $uuid {
default "${request_id}";
~* "${http_x_request_id}";
}
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format logger-json escape=json '{"source": "nginx", "time": $msec, "resp_body_size": $body_bytes_sent, "host": "$http_host", "address": "$remote_addr", "request_length": $request_length, "method": "$request_method", "uri": "$request_uri", "status": $status, "user_agent": "$http_user_agent", "resp_time": $request_time, "upstream_addr": "$upstream_addr", "request_id": "$uuid"}';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log logger-json;
log_not_found off;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Real-IP;
server {
listen 80;
include /etc/nginx/conf.d/server_name.active;
include /etc/nginx/snippets/custom-error-page.conf;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
add_header X-Request-ID $uuid;
location /avatar/ {
root /var/www/;
}
include mime.types;
# deny access to all dot files
location ~ /\. {
deny all;
}
}
}

1
.examples/docker-compose/opensocial.at/avatar/templates/server_name.template 100644
Wyświetl plik

@ -0,0 +1 @@
server_name ${HOSTNAME};

6
.examples/docker-compose/opensocial.at/config/app/friendica.ini 100644
Wyświetl plik

@ -0,0 +1,6 @@
[PHP]
memory_limit = 8G
upload_max_filesize= 10G
post_max_size = 11G
max_execution_time = 3600
max_input_time = 3600

11
.examples/docker-compose/opensocial.at/config/app/www.overloaded.conf 100644
Wyświetl plik

@ -0,0 +1,11 @@
[www]
pm = dynamic
pm.max_children=100
pm.start_servers=10
pm.min_spare_servers = 4
pm.max_spare_servers = 10
;pm.process_idle_timeout = 10s;
;pm.max_requests = 1000
clear_env = no
catch_workers_output = yes

1
.examples/docker-compose/opensocial.at/config/secrets/mysql_database.txt 100644
Wyświetl plik

@ -0,0 +1 @@
friendica

1
.examples/docker-compose/opensocial.at/config/secrets/mysql_password.txt 100644
Wyświetl plik

@ -0,0 +1 @@
PLEASE_CHANGE_ME

1
.examples/docker-compose/opensocial.at/config/secrets/mysql_root_password.txt 100644
Wyświetl plik

@ -0,0 +1 @@
PLEASE_CHANGE_ME

1
.examples/docker-compose/opensocial.at/config/secrets/mysql_user.txt 100644
Wyświetl plik

@ -0,0 +1 @@
friendica-user

148
.examples/docker-compose/opensocial.at/docker-compose.yml 100644
Wyświetl plik

@ -0,0 +1,148 @@
version: '3'
services:
redis:
image: redis
restart: always
volumes:
- friendica-redis-vol-1:/data
command:
- --save 60 1
- --loglevel warning
app:
build: ./app
restart: always
command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
deploy:
replicas: 3
resources:
limits:
cpus: '5.00'
memory: '10g'
reservations:
cpus: '1.00'
memory: '1.5g'
depends_on:
- redis
volumes:
- friendica-vol-1:/var/www/html
- friendica-avatar-1:/var/www/avatar
- ./config/app/www.overload.conf:/usr/local/etc/php-fpm.d/www.overload.conf:ro
- ./config/app/friendica.ini:/usr/local/etc/php/conf.d/friendica.ini:ro
environment:
- MYSQL_USER_FILE=/run/secrets/mysql_user
- MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
- MYSQL_DATABASE_FILE=/run/secrets/mysql_database
- MYSQL_HOST=${DBHOST}
- MYSQL_PORT=${DBPORT}
- FRIENDICA_ADMIN_MAIL=${MAILNAME}
- FRIENDICA_TZ=${TZ}
- FRIENDICA_LANG=${LANGUAGE}
- FRIENDICA_UPDATE=true
- SITENAME=${SITENAME}
- SMTP=${SMTP}
- SMTP_DOMAIN=${SMTP_DOMAIN}
- SMTP_AUTH_USER=${SMTP_AUTH_USER}
- SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
- SMTP_TLS=${SMTP_TLS}
- SMTP_STARTTLS=${SMTP_STARTTLS}
- REDIS_HOST=redis
- FRIENDICA_DISTRIBUTED_CACHE_DRIVER=redis
- FRIENDICA_LOGGER=syslog
- FRIENDICA_SYSLOG_FLAGS=39
- FRIENDICA_DATA=Filesystem
- FRIENDICA_DEBUGGING=true
secrets:
- mysql_database
- mysql_user
- mysql_password
cron:
build: ./app
restart: always
volumes:
- friendica-vol-1:/var/www/html
- friendica-avatar-1:/var/www/avatar
- ./config/app/www.overloaded.conf:/usr/local/etc/php-fpm.d/www.overloaded.conf:ro
- ./config/app/friendica.ini:/usr/local/etc/php/conf.d/friendica.ini:ro
environment:
- SITENAME=${SITENAME}
- SMTP=${SMTP}
- SMTP_DOMAIN=${SMTP_DOMAIN}
- SMTP_AUTH_USER=${SMTP_AUTH_USER}
- SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
- SMTP_TLS=${SMTP_TLS}
- SMTP_STARTTLS=${SMTP_STARTTLS}
- MYSQL_HOST=${DBHOST}
- MYSQL_PORT=${DBPORT}
- MYSQL_USERNAME=${DBUSER}
- MYSQL_PASSWORD=${DBPASS}
- MYSQL_DATABASE=${DBDATA}
- FRIENDICA_ADMIN_MAIL=${MAILNAME}
- FRIENDICA_DISTRIBUTED_CACHE_DRIVER=redis
- FRIENDICA_DEBUGGING=true
- FRIENDICA_LOGLEVEL=notice
- FRIENDICA_LOGGER=syslog
- FRIENDICA_SYSLOG_FLAGS=39
depends_on:
- app
entrypoint: /cron.sh
avatar:
build: ./avatar
deploy:
replicas: 3
restart: on-failure:3
volumes:
- friendica-avatar-1:/var/www/avatar:ro
environment:
- HOSTNAME=${HOSTNAME}
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.avatar.entrypoints=websecure"
- "traefik.http.routers.domain.rule=(Host(`www.your.domain`) || Host(`your.domain`)) && PathPrefix(`/avatar`)"
- "traefik.http.routers.domain.middlewares=https-chain@file"
- "traefik.http.routers.domain.tls=true"
- "traefik.http.routers.domain.tls.certresolver=default"
web:
build: ./web
restart: always
deploy:
replicas: 3
volumes:
- friendica-vol-1:/var/www/html:ro
environment:
- HOSTNAME=${HOSTNAME}
depends_on:
- app
networks:
- web
- default
labels:
- "traefik.enable=true"
- "traefik.http.routers.yourdomain.entrypoints=websecure"
- "traefik.http.routers.yourdomain.rule=Host(`www.your.domain`) || Host(`your.domain`)"
- "traefik.http.routers.yourdomain.middlewares=https-chain@file"
- "traefik.http.routers.yourdomain.tls=true"
- "traefik.http.routers.yourdomain.tls.certresolver=default"
secrets:
mysql_database:
file: ./config/secrets/mysql_database.txt
mysql_user:
file: ./config/secrets/mysql_user.txt
mysql_password:
file: ./config/secrets/mysql_password.txt
volumes:
friendica-avatar-1:
friendica-vol-1:
friendica-redis-vol-1:
networks:
web:
external: true

26
.examples/docker-compose/opensocial.at/friendica.conf 100644
Wyświetl plik

@ -0,0 +1,26 @@
# ------------------------------
# friendica configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
HOSTNAME=example.org
# ------------------------------
# SQL database configuration
# ------------------------------
DBHOST=db
DBPORT=3306
SITENAME="My SiteName"
# Your timezone
TZ=Europe/Berlin
MAILNAME=admin@philipp.info
SMTP=mail
SMTP_DOMAIN=my.domain
SMTP_AUTH_USER=smtp_user
SMTP_AUTH_PASS=smpt_pass
SMTP_TLS=true
SMTP_STARTTLS=true
LANGUAGE=de

11
.examples/docker-compose/opensocial.at/web/Dockerfile 100644
Wyświetl plik

@ -0,0 +1,11 @@
FROM nginx:latest
RUN usermod -u 82 www-data
COPY ./templates /etc/nginx/conf.d/templates
COPY nginx.conf /etc/nginx/nginx.conf
COPY *.sh /
RUN chmod +x /*.sh
CMD ["/cmd.sh"]

8
.examples/docker-compose/opensocial.at/web/cmd.sh 100644
Wyświetl plik

@ -0,0 +1,8 @@
#!/bin/sh
set -eu
envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active
nginx -qt
until ping app -c1 > /dev/null; do sleep 1; done
exec nginx -g 'daemon off;'

123
.examples/docker-compose/opensocial.at/web/nginx.conf 100644
Wyświetl plik

@ -0,0 +1,123 @@
##
# Friendica Nginx configuration
# by Olaf Conradi, modified by Philipp Holzer
#
#worker_processes 4;
events {
worker_connections 1024;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
map $request_id $formatted_id {
"~*(?<p1>[0-9a-f]{8})(?<p2>[0-9a-f]{4})(?<p3>[0-9a-f]{4})(?<p4>[0-9a-f]{4})(?<p5>.*)$" "${p1}-${p2}-${p3}-${p4}-${p5}";
}
map $http_x_request_id $uuid {
default "${request_id}";
~* "${http_x_request_id}";
}
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format logger-json escape=json '{"source": "nginx", "time": $msec, "resp_body_size": $body_bytes_sent, "host": "$http_host", "address": "$remote_addr", "request_length": $request_length, "method": "$request_method", "uri": "$request_uri", "status": $status, "user_agent": "$http_user_agent", "resp_time": $request_time, "upstream_addr": "$upstream_addr", "request_id": "$uuid"}';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log logger-json;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Real-IP;
upstream php-handler {
server app:9000;
}
server {
listen 80;
include /etc/nginx/conf.d/server_name.active;
index index.php;
root /var/www/html;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
proxy_set_header X-Request-ID $uuid;
add_header X-Request-ID $uuid;
# rewrite to front controller as default rule
location / {
try_files $uri /index.php?pagename=$uri&$args;
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
try_files $uri /index.php?pagename=$uri&$args;
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
#location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
include mime.types;
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this
# server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
# another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-handler;
fastcgi_read_timeout 300;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_X_REQUEST_ID $uuid;
}
# deny access to all dot files
location ~ /\. {
deny all;
}
}
}

1
.examples/docker-compose/opensocial.at/web/templates/server_name.template 100644
Wyświetl plik

@ -0,0 +1 @@
server_name ${HOSTNAME};

2
2023.12/apache/Dockerfile
Wyświetl plik

@ -93,6 +93,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -146,6 +147,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2023.12/apache/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2023.12/fpm-alpine/Dockerfile
Wyświetl plik

@ -79,6 +79,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -127,6 +128,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2023.12/fpm-alpine/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2023.12/fpm/Dockerfile
Wyświetl plik

@ -93,6 +93,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -146,6 +147,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2023.12/fpm/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2024.03-dev/apache/Dockerfile
Wyświetl plik

@ -93,6 +93,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -146,6 +147,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2024.03-dev/apache/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2024.03-dev/fpm-alpine/Dockerfile
Wyświetl plik

@ -79,6 +79,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -127,6 +128,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2024.03-dev/fpm-alpine/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2024.03-dev/fpm/Dockerfile
Wyświetl plik

@ -93,6 +93,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -146,6 +147,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2024.03-dev/fpm/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2024.03-rc/apache/Dockerfile
Wyświetl plik

@ -93,6 +93,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -146,6 +147,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2024.03-rc/apache/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2024.03-rc/fpm-alpine/Dockerfile
Wyświetl plik

@ -79,6 +79,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -127,6 +128,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2024.03-rc/fpm-alpine/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
2024.03-rc/fpm/Dockerfile
Wyświetl plik

@ -93,6 +93,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -146,6 +147,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

4
2024.03-rc/fpm/setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi

2
Dockerfile-alpine.template
Wyświetl plik

@ -78,6 +78,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -126,6 +127,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

2
Dockerfile-debian.template
Wyświetl plik

@ -92,6 +92,7 @@ RUN set -ex; \
pcntl \
ldap \
gmp \
intl \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
@ -145,6 +146,7 @@ RUN set -ex; \
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
} > /usr/local/etc/php/conf.d/friendica.ini; \
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \

7
README.md
Wyświetl plik

@ -123,11 +123,16 @@ The following environment variables are possible for the SMTP examples.
- `SMTP_DOMAIN` The sender domain. (**required** - e.g. `friendica.local`)
- `SMTP_FROM` Sender user-part of the address. (Default: `no-reply` - e.g. no-reply@friendica.local)
- `SMTP_TLS` Use TLS for connecting the SMTP Mail-Gateway. (Default: empty)
- `SMTP_STARTTLS` Use STARTTLS for connecting the SMTP Mail-Gateway. (Default: empty)
- `SMTP_STARTTLS` Use STARTTLS for connecting the SMTP Mail-Gateway. (Default: `On`)
- `SMTP_AUTH` Auth mode for the SMTP Mail-Gateway. (Default: `On`)
- `SMTP_AUTH_USER` Username for the SMTP Mail-Gateway. (Default: empty)
- `SMTP_AUTH_PASS` Password for the SMTP Mail-Gateway. (Default: empty)
**Addition to STARTTLS**
the `tls_starttls` setting is either `On` or `Off`, but never unset.
That's because in case it's unset, `starttls` would be activated by default (which would need additional configuration like a separate port).
## Database settings
You have to add the Friendica container to the same network as the running database container, e. g. `--network some-network`, and then use `mysql` as the database host on setup.

4
docker-setup_msmtp.sh
Wyświetl plik

@ -7,6 +7,8 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
smtp_from="${SMTP_FROM:=no-reply}"
smtp_auth="${SMTP_AUTH:=on}"
# https://github.com/friendica/docker/issues/233
smtp_starttls="${SMTP_STARTTLS:=on}"
# Setup MSMTP
usermod --comment "$(echo "$SITENAME" | tr -dc '[:print:]')" root
@ -26,7 +28,7 @@ if [ -n "${SMTP_DOMAIN+x}" ] && [ -n "${SMTP+x}" ] && [ "${SMTP}" != "localhost"
echo "from \"$smtp_from@$SMTP_DOMAIN\""
echo "tls_certcheck off" # No certcheck because of internal docker mail-hostnames
if [ -n "${SMTP_TLS+x}" ]; then echo "tls on"; fi
if [ -n "${SMTP_STARTTLS+x}" ]; then echo "tls_starttls on"; fi
echo "tls_starttls $smtp_starttls";
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "auth $smtp_auth"; fi
if [ -n "${SMTP_AUTH_USER+x}" ]; then echo "user \"$SMTP_AUTH_USER\""; fi
if [ -n "${SMTP_AUTH_PASS+x}" ]; then echo "password \"$SMTP_AUTH_PASS\""; fi