Add Dockerfile
This commit is contained in:
81
Dockerfile
Normal file
81
Dockerfile
Normal file
@@ -0,0 +1,81 @@
|
||||
# syntax=docker/dockerfile:1.7
|
||||
|
||||
############################################
|
||||
# Stage 1: fetch source (pin to tag/sha)
|
||||
############################################
|
||||
FROM alpine:3.20 AS source
|
||||
ARG DALOREF=tags/1.3 # <-- pin to a released tag or a specific commit sha
|
||||
ARG MIRROR_URL=https://gitea.portal.tulsacounty.org/external-repos/daloradius.git
|
||||
RUN apk add --no-cache git && \
|
||||
git clone --depth=1 --branch ${DALOREF} ${MIRROR_URL} /src
|
||||
|
||||
############################################
|
||||
# Stage 2: runtime (PHP 8, Apache)
|
||||
############################################
|
||||
FROM php:8.3-apache
|
||||
|
||||
ENV TZ=UTC
|
||||
# Install required libs + php-pear (for DB/Mail/Mail_Mime)
|
||||
RUN apt-get update && apt-get -y upgrade && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates tzdata curl git \
|
||||
libpng-dev libjpeg62-turbo-dev libfreetype6-dev libwebp-dev \
|
||||
libmariadb-dev \
|
||||
php-pear && \
|
||||
rm -rf /var/lib/apt/lists/* && \
|
||||
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone && \
|
||||
update-ca-certificates -f
|
||||
|
||||
# Build php extensions
|
||||
RUN docker-php-ext-configure gd --with-freetype --with-jpeg && \
|
||||
docker-php-ext-install gd mysqli pdo_mysql
|
||||
|
||||
# PEAR packages required by daloRADIUS
|
||||
RUN pear channel-update pear.php.net && \
|
||||
pear install -a -f DB && \
|
||||
pear install -a -f Mail && \
|
||||
pear install -a -f Mail_Mime
|
||||
|
||||
# Copy app (only /app subtree is needed)
|
||||
COPY --from=source /src/app/ /var/www/html/daloradius/
|
||||
|
||||
# Provide a template; render at entrypoint from env
|
||||
COPY --from=source /src/app/common/includes/daloradius.conf.php.sample /opt/daloradius.conf.php.tmpl
|
||||
|
||||
# Optional Apache helper from contrib (if you like what it does), otherwise inline your own vhost
|
||||
COPY --from=source /src/contrib/scripts/apache-config.sh /usr/local/bin/apache-config.sh
|
||||
|
||||
# Minimal hardening: proper ownership
|
||||
RUN chown -R www-data:www-data /var/www/html && \
|
||||
chmod +x /usr/local/bin/apache-config.sh && \
|
||||
a2enmod rewrite
|
||||
|
||||
# Entry script renders config with env vars at runtime
|
||||
COPY <<'EOF' /entrypoint.sh
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
: "${DBHOST:?set DBHOST}"
|
||||
: "${DBNAME:?set DBNAME}"
|
||||
: "${DBUSER:?set DBUSER}"
|
||||
: "${DBPASS:?set DBPASS}"
|
||||
|
||||
# Render config from template (very basic; swap for envsubst/jinja as you wish)
|
||||
sed -e "s|\$configValues\['CONFIG_DB_HOST'\].*|\$configValues['CONFIG_DB_HOST'] = '${DBHOST}';|g" \
|
||||
-e "s|\$configValues\['CONFIG_DB_USER'\].*|\$configValues['CONFIG_DB_USER'] = '${DBUSER}';|g" \
|
||||
-e "s|\$configValues\['CONFIG_DB_PASS'\].*|\$configValues['CONFIG_DB_PASS'] = '${DBPASS}';|g" \
|
||||
-e "s|\$configValues\['CONFIG_DB_NAME'\].*|\$configValues['CONFIG_DB_NAME'] = '${DBNAME}';|g" \
|
||||
/opt/daloradius.conf.php.tmpl > /var/www/html/daloradius/common/includes/daloradius.conf.php
|
||||
|
||||
# Optional Apache config from contrib
|
||||
[ -x /usr/local/bin/apache-config.sh ] && /usr/local/bin/apache-config.sh || true
|
||||
|
||||
exec apachectl -DFOREGROUND
|
||||
EOF
|
||||
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
EXPOSE 80
|
||||
HEALTHCHECK --interval=30s --timeout=3s --retries=5 CMD curl -fsS http://localhost/ || exit 1
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
Reference in New Issue
Block a user