aboutsummaryrefslogtreecommitdiff
path: root/Docker
diff options
context:
space:
mode:
Diffstat (limited to 'Docker')
-rw-r--r--Docker/Dockerfile33
-rw-r--r--Docker/Dockerfile-Alpine24
-rw-r--r--Docker/Dockerfile-QEMU-ARM73
-rw-r--r--Docker/README.md12
-rwxr-xr-xDocker/entrypoint.sh11
-rwxr-xr-xDocker/hooks/build21
-rw-r--r--Docker/hooks/post_checkout4
-rwxr-xr-xDocker/hooks/pre_build11
8 files changed, 175 insertions, 14 deletions
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index 661543724..8693bb0f7 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -1,22 +1,39 @@
-FROM ubuntu:18.10
+FROM ubuntu:19.04
ENV TZ UTC
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-RUN apt update && \
- apt install --no-install-recommends -y \
+RUN apt-get update && \
+ apt-get install --no-install-recommends -y \
ca-certificates cron \
apache2 libapache2-mod-php \
- php-curl php-intl php-mbstring php-xml php-zip \
+ php-curl php-gmp php-intl php-mbstring php-xml php-zip \
php-sqlite3 php-mysql php-pgsql && \
- rm -rf /var/lib/apt/lists/
+ rm -rf /var/lib/apt/lists/*
-RUN mkdir -p /var/www/FreshRSS /run/apache2/
+RUN mkdir -p /var/www/FreshRSS/ /run/apache2/
WORKDIR /var/www/FreshRSS
COPY . /var/www/FreshRSS
COPY ./Docker/*.Apache.conf /etc/apache2/sites-available/
+ARG FRESHRSS_VERSION
+ARG SOURCE_BRANCH
+ARG SOURCE_COMMIT
+
+LABEL \
+ org.opencontainers.image.authors="Alkarex" \
+ org.opencontainers.image.description="A self-hosted RSS feed aggregator" \
+ org.opencontainers.image.documentation="https://freshrss.github.io/FreshRSS/" \
+ org.opencontainers.image.licenses="AGPL-3.0" \
+ org.opencontainers.image.revision="${SOURCE_BRANCH}.${SOURCE_COMMIT}" \
+ org.opencontainers.image.source="https://github.com/FreshRSS/FreshRSS" \
+ org.opencontainers.image.title="FreshRSS" \
+ org.opencontainers.image.url="https://freshrss.org/" \
+ org.opencontainers.image.vendor="FreshRSS" \
+ org.opencontainers.image.version="$FRESHRSS_VERSION"
+
RUN a2dismod -f alias autoindex negotiation status && \
a2enmod deflate expires headers mime setenvif && \
a2disconf '*' && \
@@ -35,6 +52,10 @@ ENV CRON_MIN ''
ENTRYPOINT ["./Docker/entrypoint.sh"]
EXPOSE 80
+# hadolint ignore=DL3025
CMD ([ -z "$CRON_MIN" ] || cron) && \
. /etc/apache2/envvars && \
exec apache2 -D FOREGROUND
+
+HEALTHCHECK --start-period=20s --interval=37s --timeout=5s --retries=3 \
+ CMD (php -r "readfile('http://localhost/i/');" | grep -q 'jsonVars') || exit 1
diff --git a/Docker/Dockerfile-Alpine b/Docker/Dockerfile-Alpine
index 589d266e5..ac5d74a43 100644
--- a/Docker/Dockerfile-Alpine
+++ b/Docker/Dockerfile-Alpine
@@ -1,7 +1,7 @@
-FROM alpine:3.9
+FROM alpine:3.10
ENV TZ UTC
-
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN apk add --no-cache \
apache2 php7-apache2 \
php7 php7-curl php7-gmp php7-intl php7-mbstring php7-xml php7-zip \
@@ -14,6 +14,22 @@ WORKDIR /var/www/FreshRSS
COPY . /var/www/FreshRSS
COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
+ARG FRESHRSS_VERSION
+ARG SOURCE_BRANCH
+ARG SOURCE_COMMIT
+
+LABEL \
+ org.opencontainers.image.authors="Alkarex" \
+ org.opencontainers.image.description="A self-hosted RSS feed aggregator" \
+ org.opencontainers.image.documentation="https://freshrss.github.io/FreshRSS/" \
+ org.opencontainers.image.licenses="AGPL-3.0" \
+ org.opencontainers.image.revision="${SOURCE_BRANCH}.${SOURCE_COMMIT}" \
+ org.opencontainers.image.source="https://github.com/FreshRSS/FreshRSS" \
+ org.opencontainers.image.title="FreshRSS" \
+ org.opencontainers.image.url="https://freshrss.org/" \
+ org.opencontainers.image.vendor="FreshRSS" \
+ org.opencontainers.image.version="$FRESHRSS_VERSION"
+
RUN rm -f /etc/apache2/conf.d/languages.conf /etc/apache2/conf.d/info.conf \
/etc/apache2/conf.d/status.conf /etc/apache2/conf.d/userdir.conf && \
sed -r -i "/^\s*LoadModule .*mod_(alias|autoindex|negotiation|status).so$/s/^/#/" \
@@ -32,5 +48,9 @@ ENV CRON_MIN ''
ENTRYPOINT ["./Docker/entrypoint.sh"]
EXPOSE 80
+# hadolint ignore=DL3025
CMD ([ -z "$CRON_MIN" ] || crond -d 6) && \
exec httpd -D FOREGROUND
+
+HEALTHCHECK --start-period=20s --interval=37s --timeout=5s --retries=3 \
+ CMD (php -r "readfile('http://localhost/i/');" | grep -q 'jsonVars') || exit 1
diff --git a/Docker/Dockerfile-QEMU-ARM b/Docker/Dockerfile-QEMU-ARM
new file mode 100644
index 000000000..4d81a23f0
--- /dev/null
+++ b/Docker/Dockerfile-QEMU-ARM
@@ -0,0 +1,73 @@
+# Only relevant for Docker Hub or QEMU multi-architecture builds.
+# Prefer the normal `Dockerfile` if you are building manually on the targeted architecture.
+
+FROM arm32v7/ubuntu:19.04
+
+# Requires ./hooks/*
+COPY ./Docker/qemu-arm-* /usr/bin/
+
+ENV TZ UTC
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+RUN apt-get update && \
+ apt-get install --no-install-recommends -y \
+ ca-certificates cron \
+ apache2 libapache2-mod-php \
+ php-curl php-gmp php-intl php-mbstring php-xml php-zip \
+ php-sqlite3 php-mysql php-pgsql && \
+ rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /var/www/FreshRSS/ /run/apache2/
+WORKDIR /var/www/FreshRSS
+
+COPY . /var/www/FreshRSS
+COPY ./Docker/*.Apache.conf /etc/apache2/sites-available/
+
+ARG FRESHRSS_VERSION
+ARG SOURCE_BRANCH
+ARG SOURCE_COMMIT
+
+LABEL \
+ org.opencontainers.image.authors="Alkarex" \
+ org.opencontainers.image.description="A self-hosted RSS feed aggregator" \
+ org.opencontainers.image.documentation="https://freshrss.github.io/FreshRSS/" \
+ org.opencontainers.image.licenses="AGPL-3.0" \
+ org.opencontainers.image.revision="${SOURCE_BRANCH}.${SOURCE_COMMIT}" \
+ org.opencontainers.image.source="https://github.com/FreshRSS/FreshRSS" \
+ org.opencontainers.image.title="FreshRSS" \
+ org.opencontainers.image.url="https://freshrss.org/" \
+ org.opencontainers.image.vendor="FreshRSS" \
+ org.opencontainers.image.version="$FRESHRSS_VERSION"
+
+RUN a2dismod -f alias autoindex negotiation status && \
+ a2enmod deflate expires headers mime setenvif && \
+ a2disconf '*' && \
+ a2dissite '*' && \
+ a2ensite 'FreshRSS*'
+
+RUN sed -r -i "/^\s*(CustomLog|ErrorLog|Listen) /s/^/#/" /etc/apache2/apache2.conf && \
+ sed -r -i "/^\s*Listen /s/^/#/" /etc/apache2/ports.conf && \
+ touch /var/www/FreshRSS/Docker/env.txt && \
+ echo "17,47 * * * * . /var/www/FreshRSS/Docker/env.txt; \
+ su www-data -s /bin/sh -c 'php /var/www/FreshRSS/app/actualize_script.php' \
+ 2>> /proc/1/fd/2 > /tmp/FreshRSS.log" | crontab -
+
+# Seems needed for arm32v7/ubuntu on Docker Hub
+RUN update-ca-certificates -f
+
+# Useful with the `--squash` build option
+RUN rm /usr/bin/qemu-* /var/www/FreshRSS/Docker/qemu-*
+
+ENV COPY_SYSLOG_TO_STDERR On
+ENV CRON_MIN ''
+ENTRYPOINT ["./Docker/entrypoint.sh"]
+
+EXPOSE 80
+# hadolint ignore=DL3025
+CMD ([ -z "$CRON_MIN" ] || cron) && \
+ . /etc/apache2/envvars && \
+ exec apache2 -D FOREGROUND
+
+HEALTHCHECK --start-period=20s --interval=37s --timeout=5s --retries=3 \
+ CMD (php -r "readfile('http://localhost/i/');" | grep -q 'jsonVars') || exit 1
diff --git a/Docker/README.md b/Docker/README.md
index 9bf20c8c2..c93178ff7 100644
--- a/Docker/README.md
+++ b/Docker/README.md
@@ -1,3 +1,8 @@
+![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/freshrss/freshrss.svg)
+![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/freshrss/freshrss.svg)
+![MicroBadger Size](https://img.shields.io/microbadger/image-size/freshrss/freshrss.svg)
+![Docker Pulls](https://img.shields.io/docker/pulls/freshrss/freshrss.svg)
+
# Deploy FreshRSS with Docker
* See also https://hub.docker.com/r/freshrss/freshrss/
@@ -32,6 +37,7 @@ sudo docker run -d --restart unless-stopped --log-opt max-size=10m \
-p 80:80 \
-p 443:443 \
--name traefik traefik --docker \
+ --loglevel=info \
--entryPoints='Name:http Address::80 Compress:true Redirect.EntryPoint:https' \
--entryPoints='Name:https Address::443 Compress:true TLS TLS.MinVersion:VersionTLS12 TLS.SniStrict:true TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' \
--defaultentrypoints=http,https --keeptrailingslash=true \
@@ -46,7 +52,7 @@ See [more information about Docker and Let’s Encrypt in Træfik](https://docs.
Example using the built-in refresh cron job (see further below for alternatives).
You must first chose a domain (DNS) or sub-domain, e.g. `freshrss.example.net`.
-> **N.B.:** For platforms other than x64 (Intel, AMD), such as ARM (e.g. Raspberry Pi), see the section *Build Docker image* further below.
+> **N.B.:** Default images are for x64 (Intel, AMD) platforms. For ARM (e.g. Raspberry Pi), use the `*-arm` tags. For other platforms, see the section *Build Docker image* further below.
```sh
sudo docker volume create freshrss-data
@@ -69,6 +75,7 @@ sudo docker run -d --restart unless-stopped --log-opt max-size=10m \
`--label traefik.frontend.rule='Host:freshrss.example.net;PathPrefixStrip:/FreshRSS/' \`
* You may remove the `--label traefik.*` lines if you do not use Træfik.
* Add `-p 8080:80 \` if you want to expose FreshRSS locally, e.g. on port `8080`.
+* Replace `freshrss/freshrss` by a more specific tag (see below) such as `freshrss/freshrss:dev` for the development version, or `freshrss/freshrss:arm` for a Raspberry Pi version.
This already works with a built-in **SQLite** database (easiest), but more powerful databases are supported:
@@ -130,9 +137,10 @@ The tags correspond to FreshRSS branches and versions:
* `:latest` (default) is the `master` branch, more stable
* `:dev` is the `dev` branch, rolling release
* `:x.y.z` are specific FreshRSS releases
+* `:arm` or `:*-arm` are the ARM versions (e.g. for Raspberry Pi)
### Linux: Ubuntu vs. Alpine
-Our default image is based on [Ubuntu](https://www.ubuntu.com/server). We offer an alternative based on [Alpine](https://alpinelinux.org/) (with the `-alpine` tag suffix).
+Our default image is based on [Ubuntu](https://www.ubuntu.com/server). We offer an alternative based on [Alpine](https://alpinelinux.org/) (with the `*-alpine` tag suffix).
In [our tests](https://github.com/FreshRSS/FreshRSS/pull/2205), Ubuntu is ~3 times faster,
while Alpine is ~2.5 times [smaller on disk](https://hub.docker.com/r/freshrss/freshrss/tags) (and much faster to build).
diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh
index b7a961569..bb0e1bde0 100755
--- a/Docker/entrypoint.sh
+++ b/Docker/entrypoint.sh
@@ -1,15 +1,18 @@
#!/bin/sh
-php -f ./cli/prepare.php > /dev/null
+php -f ./cli/prepare.php >/dev/null
chown -R :www-data .
chmod -R g+r . && chmod -R g+w ./data/
-find /etc/php*/ -name php.ini -exec sed -r -i "\#^;?date.timezone#s#^.*#date.timezone = $TZ#" {} \;
+find /etc/php*/ -name php.ini -exec sed -r -i "\\#^;?date.timezone#s#^.*#date.timezone = $TZ#" {} \;
if [ -n "$CRON_MIN" ]; then
- (echo "export TZ=$TZ" ; echo "export COPY_SYSLOG_TO_STDERR=$COPY_SYSLOG_TO_STDERR") > /var/www/FreshRSS/Docker/env.txt
- crontab -l | sed -r "\#FreshRSS#s#^[^ ]+ #$CRON_MIN #" | crontab -
+ (
+ echo "export TZ=$TZ"
+ echo "export COPY_SYSLOG_TO_STDERR=$COPY_SYSLOG_TO_STDERR"
+ ) >/var/www/FreshRSS/Docker/env.txt
+ crontab -l | sed -r "\\#FreshRSS#s#^[^ ]+ #$CRON_MIN #" | crontab -
fi
exec "$@"
diff --git a/Docker/hooks/build b/Docker/hooks/build
new file mode 100755
index 000000000..84e759a80
--- /dev/null
+++ b/Docker/hooks/build
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+cd ..
+FRESHRSS_VERSION=$(grep "'FRESHRSS_VERSION'" constants.php | cut -d "'" -f4)
+echo "$FRESHRSS_VERSION"
+
+if [[ $DOCKERFILE_PATH == *-ARM ]]; then
+ #TODO: Add --squash --platform arm options when Docker Hub deamon supports them
+ docker build \
+ --build-arg FRESHRSS_VERSION="$FRESHRSS_VERSION" \
+ --build-arg SOURCE_BRANCH="$SOURCE_BRANCH" \
+ --build-arg SOURCE_COMMIT="$SOURCE_COMMIT" \
+ -f "$DOCKERFILE_PATH" -t "$IMAGE_NAME" .
+else
+ #TODO: Add --squash option when Docker Hub deamon supports it
+ docker build \
+ --build-arg FRESHRSS_VERSION="$FRESHRSS_VERSION" \
+ --build-arg SOURCE_BRANCH="$SOURCE_BRANCH" \
+ --build-arg SOURCE_COMMIT="$SOURCE_COMMIT" \
+ -f "$DOCKERFILE_PATH" -t "$IMAGE_NAME" .
+fi
diff --git a/Docker/hooks/post_checkout b/Docker/hooks/post_checkout
new file mode 100644
index 000000000..b33c941e5
--- /dev/null
+++ b/Docker/hooks/post_checkout
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mv ../README.md ../README.en.md
+mv README.md ../
diff --git a/Docker/hooks/pre_build b/Docker/hooks/pre_build
new file mode 100755
index 000000000..b2cda0e48
--- /dev/null
+++ b/Docker/hooks/pre_build
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [[ $DOCKERFILE_PATH == *-ARM ]]; then
+ # https://github.com/balena-io/qemu
+ # Download a local copy of QEMU on Docker Hub build machine
+ curl -LSs 'https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz' | tar -xzv --strip-components=1 --wildcards '*/qemu-*'
+
+ # https://github.com/multiarch/qemu-user-static
+ # Register qemu-*-static for all supported processors except the current one, but also remove all registered binfmt_misc before
+ docker run --rm --privileged multiarch/qemu-user-static:register --reset
+fi
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 14:49:58 +0000