diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..93d38df --- /dev/null +++ b/Dockerfile @@ -0,0 +1,81 @@ +# syntax=docker/dockerfile:1.7 + +############################################ +# Stage 1: fetch source (pin to tag/sha) +############################################ +FROM alpine:3.20 AS source +ARG DALOREF=tags/1.3 # <-- pin to a released tag or a specific commit sha +ARG MIRROR_URL=https://gitea.portal.tulsacounty.org/external-repos/daloradius.git +RUN apk add --no-cache git && \ + git clone --depth=1 --branch ${DALOREF} ${MIRROR_URL} /src + +############################################ +# Stage 2: runtime (PHP 8, Apache) +############################################ +FROM php:8.3-apache + +ENV TZ=UTC +# Install required libs + php-pear (for DB/Mail/Mail_Mime) +RUN apt-get update && apt-get -y upgrade && \ + apt-get install -y --no-install-recommends \ + ca-certificates tzdata curl git \ + libpng-dev libjpeg62-turbo-dev libfreetype6-dev libwebp-dev \ + libmariadb-dev \ + php-pear && \ + rm -rf /var/lib/apt/lists/* && \ + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone && \ + update-ca-certificates -f + +# Build php extensions +RUN docker-php-ext-configure gd --with-freetype --with-jpeg && \ + docker-php-ext-install gd mysqli pdo_mysql + +# PEAR packages required by daloRADIUS +RUN pear channel-update pear.php.net && \ + pear install -a -f DB && \ + pear install -a -f Mail && \ + pear install -a -f Mail_Mime + +# Copy app (only /app subtree is needed) +COPY --from=source /src/app/ /var/www/html/daloradius/ + +# Provide a template; render at entrypoint from env +COPY --from=source /src/app/common/includes/daloradius.conf.php.sample /opt/daloradius.conf.php.tmpl + +# Optional Apache helper from contrib (if you like what it does), otherwise inline your own vhost +COPY --from=source /src/contrib/scripts/apache-config.sh /usr/local/bin/apache-config.sh + +# Minimal hardening: proper ownership +RUN chown -R www-data:www-data /var/www/html && \ + chmod +x /usr/local/bin/apache-config.sh && \ + a2enmod rewrite + +# Entry script renders config with env vars at runtime +COPY <<'EOF' /entrypoint.sh +#!/usr/bin/env bash +set -euo pipefail + +: "${DBHOST:?set DBHOST}" +: "${DBNAME:?set DBNAME}" +: "${DBUSER:?set DBUSER}" +: "${DBPASS:?set DBPASS}" + +# Render config from template (very basic; swap for envsubst/jinja as you wish) +sed -e "s|\$configValues\['CONFIG_DB_HOST'\].*|\$configValues['CONFIG_DB_HOST'] = '${DBHOST}';|g" \ + -e "s|\$configValues\['CONFIG_DB_USER'\].*|\$configValues['CONFIG_DB_USER'] = '${DBUSER}';|g" \ + -e "s|\$configValues\['CONFIG_DB_PASS'\].*|\$configValues['CONFIG_DB_PASS'] = '${DBPASS}';|g" \ + -e "s|\$configValues\['CONFIG_DB_NAME'\].*|\$configValues['CONFIG_DB_NAME'] = '${DBNAME}';|g" \ + /opt/daloradius.conf.php.tmpl > /var/www/html/daloradius/common/includes/daloradius.conf.php + +# Optional Apache config from contrib +[ -x /usr/local/bin/apache-config.sh ] && /usr/local/bin/apache-config.sh || true + +exec apachectl -DFOREGROUND +EOF + +RUN chmod +x /entrypoint.sh + +EXPOSE 80 +HEALTHCHECK --interval=30s --timeout=3s --retries=5 CMD curl -fsS http://localhost/ || exit 1 + +ENTRYPOINT ["/entrypoint.sh"]