diff --git a/kanboard.sh b/kanboard.sh index aad6268..5a48e2c 100755 --- a/kanboard.sh +++ b/kanboard.sh @@ -1,64 +1,38 @@ -#!/bin/bash +#!/bin/sh SOURCE_DIR=$(realpath $(dirname "${0}"))/kanboard -# Install dependencies for Kanboard -apt-get -y --no-install-recommends install php7.0-gd php7.0-fpm php7.0-mbstring php7.0-pgsql php7.0-zip - -# Install Kanboard -wget https://github.com/kanboard/kanboard/releases/download/v1.0.47/kanboard-1.0.47.zip -O /srv/kanboard.zip -unzip /srv/kanboard.zip -d /srv -rm -f /srv/kanboard.zip - -# Install plugins -git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_overwrite_translation /srv/kanboard/plugins/Overwrite_translation -git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_coverimage /srv/kanboard/plugins/Coverimage -git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_metadata /srv/kanboard/plugins/Metadata -git clone --depth=1 https://github.com/eSkiSo/Subtaskdate /srv/kanboard/plugins/Subtaskdate -git clone --depth=1 https://github.com/kanboard/plugin-budget /srv/kanboard/plugins/Budget -git clone --depth=1 https://github.com/kanboard/plugin-calendar /srv/kanboard/plugins/Calendar -git clone --depth=1 https://github.com/kanboard/plugin-chat /srv/kanboard/plugins/Chat -git clone --depth=1 https://github.com/kanboard/plugin-gantt /srv/kanboard/plugins/Gantt -git clone --depth=1 https://github.com/kanboard/plugin-gravatar /srv/kanboard/plugins/Gravatar -git clone --depth=1 https://github.com/kanboard/plugin-registration /srv/kanboard/plugins/Registration -git clone --depth=1 https://github.com/kanboard/plugin-sms-2fa /srv/kanboard/plugins/SmsTwoFactor -git clone --depth=1 https://github.com/kanboard/plugin-task-board-date /srv/kanboard/plugins/TaskBoardDate -git clone --depth=1 https://github.com/oliviermaridat/kanboard-milestone-plugin /srv/kanboard/plugins/Milestone -git clone --depth=1 https://github.com/xavividal/kanboard-plugin-relationgraph /srv/kanboard/plugins/Relationgraph +# Build Docker container +docker build -t kanboard ${SOURCE_DIR} # Populate database export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64) -envsubst <${SOURCE_DIR}/tmp/kanboard-createdb.sql >/tmp/kanboard-createdb.sql -sudo -u postgres psql -f /tmp/kanboard-createdb.sql -rm -f /tmp/kanboard-createdb.sql -export PGPASSWORD=${KANBOARD_PWD} -psql -f /srv/kanboard/app/Schema/Sql/postgres.sql kanboard kanboard -unset PGPASSWORD +envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql +docker run --rm kanboard cat /srv/kanboard/app/Schema/Sql/postgres.sql | docker exec -i -e PGPASSWORD=${KANBOARD_PWD} postgres psql kanboard kanboard # Configure Kanboard -envsubst <${SOURCE_DIR}/srv/kanboard/config.php >/srv/kanboard/config.php +mkdir -p /srv/kanboard/conf +mkdir /srv/kanboard/data +envsubst <${SOURCE_DIR}/srv/kanboard/conf/config.php >/srv/kanboard/conf/config.php export KANBOARD_ADMIN_USER=admin export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64) -export KANBOARD_ADMIN_HASH=$(php -r "echo password_hash('${KANBOARD_ADMIN_PWD}', PASSWORD_BCRYPT);") -envsubst <${SOURCE_DIR}/tmp/kanboard-adminpwd.sql >/tmp/kanboard-adminpwd.sql -sudo -u postgres psql -f /tmp/kanboard-adminpwd.sql kanboard +export KANBOARD_ADMIN_HASH=$(docker run --rm kanboard php -r "echo password_hash('${KANBOARD_ADMIN_PWD}', PASSWORD_BCRYPT);") +envsubst <${SOURCE_DIR}/adminpwd.sql | docker exec -i postgres psql kanboard +chown 8009:8009 /srv/kanboard/data -# Create OS user -adduser --system --group --home /srv/kanboard --shell /bin/false kanboard -chown -R kanboard:www-data /srv/kanboard/ +# Create KanBoard service +cp ${SOURCE_DIR}/etc/init.d/kanboard /etc/init.d/kanboard +rc-update add kanboard boot +service kanboard start -# Create PHP and nginx app definition -cp ${SOURCE_DIR}/etc/php/7.0/fpm/pool.d/kanboard.conf /etc/php/7.0/fpm/pool.d/kanboard.conf -cp ${SOURCE_DIR}/etc/nginx/apps-available/kanboard /etc/nginx/apps-available/kanboard -ln -s /etc/nginx/apps-available/kanboard /etc/nginx/apps-enabled/kanboard - -# Restart services -systemctl restart php7.0-fpm -systemctl restart nginx +# Create nginx app definition +cp ${SOURCE_DIR}/etc/nginx/apps/kanboard /etc/nginx/apps/kanboard +cp ${SOURCE_DIR}/etc/nginx/conf.d/kanboard.conf /etc/nginx/conf.d/kanboard.conf +service nginx reload # Install cron job -cp ${SOURCE_DIR}/etc/cron.d/kanboard /etc/cron.d/kanboard +cp ${SOURCE_DIR}/etc/periodic/daily/kanboard /etc/periodic/daily/kanboard # Add portal application definition -portal-app-manager kanboard "/kanboard/" "${KANBOARD_ADMIN_USER}" "${KANBOARD_ADMIN_PWD}" +portal-app-manager kanboard "https://{host}:8409/" "${KANBOARD_ADMIN_USER}" "${KANBOARD_ADMIN_PWD}" portal-app-manager kanboard-mobile diff --git a/kanboard/Dockerfile b/kanboard/Dockerfile new file mode 100644 index 0000000..66176ca --- /dev/null +++ b/kanboard/Dockerfile @@ -0,0 +1,46 @@ +FROM alpine:3.7 +MAINTAINER Disassembler + +RUN \ + # Install PHP runtime + apk --no-cache add nginx php7-fpm s6 + +COPY docker/ / + +RUN \ + # Install runtime dependencies + apk --no-cache add php7 php7-ctype php7-dom php7-gd php7-iconv php7-json php7-mbstring php7-mcrypt php7-opcache php7-openssl php7-pdo_pgsql php7-posix php7-session php7-simplexml php7-sockets php7-xml php7-zip php7-zlib + +RUN \ + # Install build dependencies + apk --no-cache add --virtual .deps git unzip \ + # Download KanBoard + && wget https://github.com/kanboard/kanboard/archive/v1.2.0.zip -O /srv/kanboard.zip \ + && unzip /srv/kanboard.zip -d /srv \ + && mv /srv/kanboard-1.2.0 /srv/kanboard \ + && rm -f /srv/kanboard.zip \ + # Install plugins + && git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_overwrite_translation /srv/kanboard/plugins/Overwrite_translation \ + && git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_coverimage /srv/kanboard/plugins/Coverimage \ + && git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_metadata /srv/kanboard/plugins/Metadata \ + && git clone --depth=1 https://github.com/eSkiSo/Subtaskdate /srv/kanboard/plugins/Subtaskdate \ + && git clone --depth=1 https://github.com/kanboard/plugin-budget /srv/kanboard/plugins/Budget \ + && git clone --depth=1 https://github.com/kanboard/plugin-calendar /srv/kanboard/plugins/Calendar \ + && git clone --depth=1 https://github.com/kanboard/plugin-chat /srv/kanboard/plugins/Chat \ + && git clone --depth=1 https://github.com/kanboard/plugin-gantt /srv/kanboard/plugins/Gantt \ + && git clone --depth=1 https://github.com/kanboard/plugin-gravatar /srv/kanboard/plugins/Gravatar \ + && git clone --depth=1 https://github.com/kanboard/plugin-registration /srv/kanboard/plugins/Registration \ + && git clone --depth=1 https://github.com/kanboard/plugin-sms-2fa /srv/kanboard/plugins/SmsTwoFactor \ + && git clone --depth=1 https://github.com/kanboard/plugin-task-board-date /srv/kanboard/plugins/TaskBoardDate \ + && git clone --depth=1 https://github.com/oliviermaridat/kanboard-milestone-plugin /srv/kanboard/plugins/Milestone \ + && git clone --depth=1 https://github.com/xavividal/kanboard-plugin-relationgraph /srv/kanboard/plugins/Relationgraph \ + # Cleanup + && apk del .deps \ + && find /srv/kanboard -name '.git*' -exec rm -rf {} + \ + && rm -rf /root \ + && mkdir /root + +VOLUME ["/srv/kanboard/app/data"] +EXPOSE 8009 + +CMD ["s6-svscan", "/etc/services.d"] diff --git a/kanboard/tmp/kanboard-adminpwd.sql b/kanboard/adminpwd.sql similarity index 100% rename from kanboard/tmp/kanboard-adminpwd.sql rename to kanboard/adminpwd.sql diff --git a/kanboard/tmp/kanboard-createdb.sql b/kanboard/createdb.sql similarity index 100% rename from kanboard/tmp/kanboard-createdb.sql rename to kanboard/createdb.sql diff --git a/kanboard/docker/etc/nginx/nginx.conf b/kanboard/docker/etc/nginx/nginx.conf new file mode 100644 index 0000000..6475b12 --- /dev/null +++ b/kanboard/docker/etc/nginx/nginx.conf @@ -0,0 +1,61 @@ +user nginx; +pid /run/nginx.pid; +worker_processes 1; +error_log /dev/stderr warn; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + access_log off; + server_tokens off; + client_max_body_size 100m; + keepalive_timeout 65; + sendfile on; + tcp_nodelay on; + + server { + listen 8009; + server_name localhost; + + root /srv/kanboard; + index index.php; + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/kanboard.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + } + + location ~* ^.+\.(log|sqlite)$ { + return 404; + } + + location ~ /\.ht { + return 404; + } + + location ~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$ { + log_not_found off; + expires 7d; + etag on; + } + + gzip on; + gzip_comp_level 3; + gzip_disable "msie6"; + gzip_vary on; + gzip_types text/javascript application/javascript application/json text/xml application/xml application/rss+xml text/css text/plain; + } +} diff --git a/kanboard/docker/etc/php7/php-fpm.conf b/kanboard/docker/etc/php7/php-fpm.conf new file mode 100644 index 0000000..8febac4 --- /dev/null +++ b/kanboard/docker/etc/php7/php-fpm.conf @@ -0,0 +1,13 @@ +[global] +error_log = /proc/self/fd/2 +daemonize = no + +[kanboard] +catch_workers_output = yes +user = nginx +group = nginx +listen.owner = nginx +listen.group = nginx +listen = /var/run/kanboard.sock +pm = ondemand +pm.max_children = 8 diff --git a/kanboard/docker/etc/services.d/.s6-svscan/finish b/kanboard/docker/etc/services.d/.s6-svscan/finish new file mode 100755 index 0000000..78d5fdc --- /dev/null +++ b/kanboard/docker/etc/services.d/.s6-svscan/finish @@ -0,0 +1,3 @@ +#!/bin/sh + +/bin/true diff --git a/kanboard/docker/etc/services.d/nginx/run b/kanboard/docker/etc/services.d/nginx/run new file mode 100755 index 0000000..dff57ac --- /dev/null +++ b/kanboard/docker/etc/services.d/nginx/run @@ -0,0 +1,3 @@ +#!/bin/execlineb -P + +nginx -g "daemon off;" diff --git a/kanboard/docker/etc/services.d/php-fpm/run b/kanboard/docker/etc/services.d/php-fpm/run new file mode 100755 index 0000000..66fe93f --- /dev/null +++ b/kanboard/docker/etc/services.d/php-fpm/run @@ -0,0 +1,3 @@ +#!/bin/execlineb -P + +php-fpm7 -F diff --git a/kanboard/etc/cron.d/kanboard b/kanboard/etc/cron.d/kanboard deleted file mode 100644 index d7ccc99..0000000 --- a/kanboard/etc/cron.d/kanboard +++ /dev/null @@ -1 +0,0 @@ -0 8 * * * kanboard /srv/kanboard/cli cronjob >/dev/null diff --git a/kanboard/etc/init.d/kanboard b/kanboard/etc/init.d/kanboard new file mode 100755 index 0000000..3427d60 --- /dev/null +++ b/kanboard/etc/init.d/kanboard @@ -0,0 +1,17 @@ +#!/sbin/openrc-run + +description="KanBoard docker container" + +depend() { + need docker net + use dns logger netmount + after postgres +} + +start() { + /usr/bin/docker run -d --rm --name kanboard --link=postgres -p 127.0.0.1:9009:8009 -v /srv/kanboard/data:/srv/kanboard/app/data -v /srv/kanboard/conf/config.php:/srv/kanboard/config.php kanboard +} + +stop() { + /usr/bin/docker stop kanboard +} diff --git a/kanboard/etc/nginx/apps-available/kanboard b/kanboard/etc/nginx/apps-available/kanboard deleted file mode 100644 index ab82062..0000000 --- a/kanboard/etc/nginx/apps-available/kanboard +++ /dev/null @@ -1,12 +0,0 @@ -location /kanboard { - alias /srv/kanboard; - index index.php; - try_files = $uri $uri/ /kanboard/index.php; - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_param SERVER_NAME $http_host; - fastcgi_pass unix:/run/php/kanboard.sock; - } -} diff --git a/kanboard/etc/nginx/apps/kanboard b/kanboard/etc/nginx/apps/kanboard new file mode 100644 index 0000000..61f87b2 --- /dev/null +++ b/kanboard/etc/nginx/apps/kanboard @@ -0,0 +1,9 @@ +access_log /var/log/nginx/kanboard.access.log; +error_log /var/log/nginx/kanboard.error.log; + +location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:9009; +} diff --git a/kanboard/etc/nginx/conf.d/kanboard.conf b/kanboard/etc/nginx/conf.d/kanboard.conf new file mode 100644 index 0000000..cb4d094 --- /dev/null +++ b/kanboard/etc/nginx/conf.d/kanboard.conf @@ -0,0 +1,11 @@ +server { + listen 8009; + listen [::]:8009; + include apps/kanboard; +} + +server { + listen 8409 ssl http2; + listen [::]:8409 ssl http2; + include apps/kanboard; +} diff --git a/kanboard/etc/periodic/daily/kanboard b/kanboard/etc/periodic/daily/kanboard new file mode 100755 index 0000000..005b7a1 --- /dev/null +++ b/kanboard/etc/periodic/daily/kanboard @@ -0,0 +1,3 @@ +#!/bin/sh + +docker exec kanboard /srv/kanboard/cli cronjob >/dev/null diff --git a/kanboard/etc/php/7.0/fpm/pool.d/kanboard.conf b/kanboard/etc/php/7.0/fpm/pool.d/kanboard.conf deleted file mode 100644 index 342d334..0000000 --- a/kanboard/etc/php/7.0/fpm/pool.d/kanboard.conf +++ /dev/null @@ -1,12 +0,0 @@ -[kanboard] -user = kanboard -group = kanboard - -listen = /run/php/kanboard.sock -listen.owner = www-data -listen.group = www-data - -pm = ondemand -pm.max_children = 8 - -php_admin_value[open_basedir] = /srv/kanboard:/tmp diff --git a/kanboard/srv/kanboard/config.php b/kanboard/srv/kanboard/conf/config.php similarity index 99% rename from kanboard/srv/kanboard/config.php rename to kanboard/srv/kanboard/conf/config.php index a725d2c..59eae1d 100644 --- a/kanboard/srv/kanboard/config.php +++ b/kanboard/srv/kanboard/conf/config.php @@ -68,7 +68,7 @@ define('DB_USERNAME', 'kanboard'); define('DB_PASSWORD', '${KANBOARD_PWD}'); // Mysql/Postgres hostname -define('DB_HOSTNAME', 'localhost'); +define('DB_HOSTNAME', 'postgres'); // Mysql/Postgres database name define('DB_NAME', 'kanboard');