diff --git a/Dockerfile b/Dockerfile index d97c5b6..340c523 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.21 # set version label ARG BUILD_DATE @@ -47,6 +47,11 @@ RUN \ echo "**** install composer dependencies ****" && \ composer install -d /app/www/ && \ printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ + echo "**** create symlinks ****" && \ + /bin/bash -c \ + 'dst=(www/themes www/files www/images www/uploads backups www/framework/cache www/framework/sessions www/framework/views log/bookstack/laravel.log www/.env); \ + src=(themes storage/uploads/files storage/uploads/images public/uploads storage/backup storage/framework/cache storage/framework/sessions storage/framework/views storage/logs/laravel.log .env); \ + for i in "${!src[@]}"; do rm -rf /app/www/"${src[i]}" && ln -s /config/"${dst[i]}" /app/www/"${src[i]}"; done' && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 5436878..76bdeb1 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.21 # set version label ARG BUILD_DATE @@ -47,6 +47,11 @@ RUN \ echo "**** install composer dependencies ****" && \ composer install -d /app/www/ && \ printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \ + echo "**** create symlinks ****" && \ + /bin/bash -c \ + 'dst=(www/themes www/files www/images www/uploads backups www/framework/cache www/framework/sessions www/framework/views log/bookstack/laravel.log www/.env); \ + src=(themes storage/uploads/files storage/uploads/images public/uploads storage/backup storage/framework/cache storage/framework/sessions storage/framework/views storage/logs/laravel.log .env); \ + for i in "${!src[@]}"; do rm -rf /app/www/"${src[i]}" && ln -s /config/"${dst[i]}" /app/www/"${src[i]}"; done' && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* \ diff --git a/README.md b/README.md index 094722e..5121a77 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,14 @@ If you wish to use the extra functionality of BookStack such as email, LDAP and The container will copy an exemplary .env file to /config/www/.env on your host system for you to use. +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +### Caveats + +* `/tmp` must be mounted to tmpfs + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -174,6 +182,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e DB_DATABASE=` | Database name | | `-e QUEUE_CONNECTION=` | Set to `database` to enable async actions like sending email or triggering webhooks. See [documentation](https://www.bookstackapp.com/docs/admin/email-webhooks/#async-action-handling). | | `-v /config` | Persistent config files | +| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | ## Environment variables from files (Docker secrets) @@ -337,6 +346,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **17.12.24:** - Rebase to Alpine 3.21. * **11.10.24:** - Default to environment config over .env file config. * **06.09.24:** - Add php-exif for reading image EXIF data. * **27.05.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings. diff --git a/readme-vars.yml b/readme-vars.yml index 208bd19..0f45993 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -35,6 +35,9 @@ param_ports: opt_param_usage_include_env: true opt_param_env_vars: - {env_var: "QUEUE_CONNECTION", env_value: "", desc: "Set to `database` to enable async actions like sending email or triggering webhooks. See [documentation](https://www.bookstackapp.com/docs/admin/email-webhooks/#async-action-handling)."} +readonly_supported: true +readonly_message: | + * `/tmp` must be mounted to tmpfs # application setup block app_setup_block_enabled: true app_setup_block: | @@ -135,6 +138,7 @@ init_diagram: | "bookstack:latest" <- Base Images # changelog changelogs: + - {date: "17.12.24:", desc: "Rebase to Alpine 3.21."} - {date: "11.10.24:", desc: "Default to environment config over .env file config."} - {date: "06.09.24:", desc: "Add php-exif for reading image EXIF data."} - {date: "27.05.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-bookstack-config/run b/root/etc/s6-overlay/s6-rc.d/init-bookstack-config/run index 221ed35..b8e03f0 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-bookstack-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-bookstack-config/run @@ -4,49 +4,20 @@ # create directory structure mkdir -p \ /config/www/{uploads,files,images,themes} \ + /config/www/framework/{cache,sessions,views} \ /config/backups \ /config/log/bookstack +rm -rf /config/www/framework/{cache,sessions,views}/* + # check for .env and copy default if needed if [[ ! -f "/config/www/.env" ]] || [[ ! -s "/config/www/.env" ]]; then cp /app/www/.env.example /config/www/.env fi -# create symlinks -symlinks=( - /app/www/themes - /app/www/storage/uploads/files - /app/www/storage/uploads/images - /app/www/public/uploads - /app/www/.env -) - -for i in "${symlinks[@]}"; do - if [[ -e "${i}" && ! -L "${i}" ]]; then - rm -rf "${i}" - fi - if [[ ! -L "${i}" ]]; then - ln -s /config/www/"$(basename "${i}")" "${i}" - fi -done - -if [[ -e "/app/www/storage/backups" && ! -L "/app/www/storage/backups" ]]; then - rm -rf "/app/www/storage/backups" -fi -if [[ ! -L "/app/www/storage/backups" ]]; then - ln -s "/config/backups" "/app/www/storage/backups" -fi - -if [[ -e "/app/www/storage/logs" && ! -L "/app/www/storage/logs" ]]; then - rm -rf "/app/www/storage/logs" -fi -if [[ ! -L "/app/www/storage/logs" ]]; then - ln -s "/config/log/bookstack" "/app/www/storage/logs" -fi - # Check for app key if [[ -z ${APP_KEY} ]]; then - if ! grep -qE "APP_KEY=[0-9A-Za-z:+\/=]{1,}" /app/www/.env 2> /dev/null || grep -qE "APP_KEY=SomeRandomString" /app/www/.env 2> /dev/null; then + if ! grep -qE "APP_KEY=[0-9A-Za-z:+\/=]{1,}" /config/www/.env 2> /dev/null || grep -qE "APP_KEY=SomeRandomString" /config/www/.env 2> /dev/null; then echo "The application key is missing, halting init!" echo "You can generate a key with: docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey" echo "And apply it to the APP_KEY environment variable." @@ -72,10 +43,10 @@ echo "Waiting for DB to be available" END=$((SECONDS + 30)) while [[ ${SECONDS} -lt ${END} ]] && [[ -n "${DB_HOST+x}" ]]; do if [[ $(/usr/bin/nc -w1 "${DB_HOST}" "${DB_PORT}" | tr -d '\0') ]]; then - if [[ ! -f /dbwait.lock ]]; then + if [[ ! -f /tmp/dbwait.lock ]]; then sleep 5 fi - touch /dbwait.lock + touch /tmp/dbwait.lock break else sleep 1 @@ -87,5 +58,4 @@ php /app/www/artisan migrate --force # permissions lsiown -R abc:abc \ - /app/www/storage \ /config