# syntax=docker/dockerfile:1.7 ############################################ # Stage 1: fetch source (pin to tag/sha) ############################################ FROM alpine:3.20 AS source ARG DALOREF=tags/1.3 # <-- pin to a released tag or a specific commit sha ARG MIRROR_URL=https://gitea.portal.tulsacounty.org/external-repos/daloradius.git RUN apk add --no-cache git && \ git clone --depth=1 --branch ${DALOREF} ${MIRROR_URL} /src ############################################ # Stage 2: runtime (PHP 8, Apache) ############################################ FROM php:8.3-apache ENV TZ=UTC # Install required libs + php-pear (for DB/Mail/Mail_Mime) RUN apt-get update && apt-get -y upgrade && \ apt-get install -y --no-install-recommends \ ca-certificates tzdata curl git \ libpng-dev libjpeg62-turbo-dev libfreetype6-dev libwebp-dev \ libmariadb-dev \ php-pear && \ rm -rf /var/lib/apt/lists/* && \ ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone && \ update-ca-certificates -f # Build php extensions RUN docker-php-ext-configure gd --with-freetype --with-jpeg && \ docker-php-ext-install gd mysqli pdo_mysql # PEAR packages required by daloRADIUS RUN pear channel-update pear.php.net && \ pear install -a -f DB && \ pear install -a -f Mail && \ pear install -a -f Mail_Mime # Copy app (only /app subtree is needed) COPY --from=source /src/app/ /var/www/html/daloradius/ # Provide a template; render at entrypoint from env COPY --from=source /src/app/common/includes/daloradius.conf.php.sample /opt/daloradius.conf.php.tmpl # Optional Apache helper from contrib (if you like what it does), otherwise inline your own vhost COPY --from=source /src/contrib/scripts/apache-config.sh /usr/local/bin/apache-config.sh # Minimal hardening: proper ownership RUN chown -R www-data:www-data /var/www/html && \ chmod +x /usr/local/bin/apache-config.sh && \ a2enmod rewrite # Entry script renders config with env vars at runtime COPY <<'EOF' /entrypoint.sh #!/usr/bin/env bash set -euo pipefail : "${DBHOST:?set DBHOST}" : "${DBNAME:?set DBNAME}" : "${DBUSER:?set DBUSER}" : "${DBPASS:?set DBPASS}" # Render config from template (very basic; swap for envsubst/jinja as you wish) sed -e "s|\$configValues\['CONFIG_DB_HOST'\].*|\$configValues['CONFIG_DB_HOST'] = '${DBHOST}';|g" \ -e "s|\$configValues\['CONFIG_DB_USER'\].*|\$configValues['CONFIG_DB_USER'] = '${DBUSER}';|g" \ -e "s|\$configValues\['CONFIG_DB_PASS'\].*|\$configValues['CONFIG_DB_PASS'] = '${DBPASS}';|g" \ -e "s|\$configValues\['CONFIG_DB_NAME'\].*|\$configValues['CONFIG_DB_NAME'] = '${DBNAME}';|g" \ /opt/daloradius.conf.php.tmpl > /var/www/html/daloradius/common/includes/daloradius.conf.php # Optional Apache config from contrib [ -x /usr/local/bin/apache-config.sh ] && /usr/local/bin/apache-config.sh || true exec apachectl -DFOREGROUND EOF RUN chmod +x /entrypoint.sh EXPOSE 80 HEALTHCHECK --interval=30s --timeout=3s --retries=5 CMD curl -fsS http://localhost/ || exit 1 ENTRYPOINT ["/entrypoint.sh"]