diff --git a/Dockerfile b/Dockerfile index 170366c..36815a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ # Stage 1: fetch source (pin to tag/sha) ############################################ FROM alpine:3.20 AS source -ARG DALOREF=master # <-- pin to a released tag or a specific commit sha +ARG DALOREF=master ARG MIRROR_URL=https://gitea.portal.tulsacounty.org/external-repos/daloradius.git RUN apk add --no-cache git && \ git clone --depth=1 --branch ${DALOREF} ${MIRROR_URL} /src @@ -15,42 +15,41 @@ RUN apk add --no-cache git && \ FROM php:8.3-apache ENV TZ=UTC -# Install required libs + php-pear (for DB/Mail/Mail_Mime) + +# System deps (no php-pear package here) RUN apt-get update && apt-get -y upgrade && \ apt-get install -y --no-install-recommends \ ca-certificates tzdata curl git \ libpng-dev libjpeg62-turbo-dev libfreetype6-dev libwebp-dev \ libmariadb-dev \ - php-pear && \ - rm -rf /var/lib/apt/lists/* && \ + && rm -rf /var/lib/apt/lists/* && \ ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone && \ update-ca-certificates -f -# Build php extensions +# PHP extensions RUN docker-php-ext-configure gd --with-freetype --with-jpeg && \ docker-php-ext-install gd mysqli pdo_mysql -# PEAR packages required by daloRADIUS -RUN pear channel-update pear.php.net && \ - pear install -a -f DB && \ - pear install -a -f Mail && \ - pear install -a -f Mail_Mime +# Install PEAR manually, then required PEAR packages +RUN curl -fsSL https://pear.php.net/install-pear-nozlib.phar -o /tmp/pear.phar \ + && php /tmp/pear.phar \ + && rm /tmp/pear.phar \ + && pear channel-update pear.php.net \ + && pear install -a -f DB \ + && pear install -a -f Mail \ + && pear install -a -f Mail_Mime -# Copy app (only /app subtree is needed) +# App COPY --from=source /src/app/ /var/www/html/daloradius/ - -# Provide a template; render at entrypoint from env COPY --from=source /src/app/common/includes/daloradius.conf.php.sample /opt/daloradius.conf.php.tmpl - -# Optional Apache helper from contrib (if you like what it does), otherwise inline your own vhost COPY --from=source /src/contrib/scripts/apache-config.sh /usr/local/bin/apache-config.sh -# Minimal hardening: proper ownership +# Apache + perms RUN chown -R www-data:www-data /var/www/html && \ chmod +x /usr/local/bin/apache-config.sh && \ a2enmod rewrite -# Entry script renders config with env vars at runtime +# Entry script renders config from env COPY <<'EOF' /entrypoint.sh #!/usr/bin/env bash set -euo pipefail @@ -60,22 +59,18 @@ set -euo pipefail : "${DBUSER:?set DBUSER}" : "${DBPASS:?set DBPASS}" -# Render config from template (very basic; swap for envsubst/jinja as you wish) sed -e "s|\$configValues\['CONFIG_DB_HOST'\].*|\$configValues['CONFIG_DB_HOST'] = '${DBHOST}';|g" \ -e "s|\$configValues\['CONFIG_DB_USER'\].*|\$configValues['CONFIG_DB_USER'] = '${DBUSER}';|g" \ -e "s|\$configValues\['CONFIG_DB_PASS'\].*|\$configValues['CONFIG_DB_PASS'] = '${DBPASS}';|g" \ -e "s|\$configValues\['CONFIG_DB_NAME'\].*|\$configValues['CONFIG_DB_NAME'] = '${DBNAME}';|g" \ /opt/daloradius.conf.php.tmpl > /var/www/html/daloradius/common/includes/daloradius.conf.php -# Optional Apache config from contrib [ -x /usr/local/bin/apache-config.sh ] && /usr/local/bin/apache-config.sh || true - exec apachectl -DFOREGROUND EOF RUN chmod +x /entrypoint.sh EXPOSE 80 -HEALTHCHECK --interval=30s --timeout=3s --retries=5 CMD curl -fsS http://localhost/ || exit 1 - +HEALTHCHECK --interval=30s --timeout=5s --retries=5 CMD curl -fsS http://localhost/ || exit 1 ENTRYPOINT ["/entrypoint.sh"]