diff options
author | Aeon512 <aeon512@gmail.com> | 2018-02-15 23:54:34 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2018-02-19 15:12:48 +0300 |
commit | a9a18097e6f7b9431e5e34044afe970456faeb39 (patch) | |
tree | e2ef54f76010af83b87717691c70bf4286a10403 | |
parent | 648f53b88d2012e6489838cd898498def0e8f0b0 (diff) |
random password provisioning on boot/startupv0.46.20
During bootup of a new docker image, the redis
password might not match the nextcloud configuration.
Hence, we automatically update the nextcloud configuration.
For the MariaDB password the same method is applied.
Additionaly identical files have been moved to docker-common
to simplify changes in the future
-rw-r--r-- | changelog.md | 6 | ||||
-rw-r--r-- | docker-armhf/debian-ncp/Dockerfile | 2 | ||||
-rw-r--r-- | docker-armhf/lamp/Dockerfile | 2 | ||||
-rw-r--r-- | docker-armhf/nextcloud/Dockerfile | 11 | ||||
-rw-r--r-- | docker-armhf/nextcloudpi/Dockerfile | 2 | ||||
-rwxr-xr-x | docker-common/debian-ncp/run-parts.sh (renamed from docker-armhf/debian-ncp/run-parts.sh) | 0 | ||||
-rwxr-xr-x | docker-common/lamp/010lamp (renamed from docker-armhf/lamp/010lamp) | 0 | ||||
-rwxr-xr-x | docker-common/nextcloud/020nextcloud (renamed from docker-armhf/nextcloud/020nextcloud) | 3 | ||||
-rw-r--r-- | docker-common/nextcloud/ncp-provisioning.sh | 46 | ||||
-rwxr-xr-x | docker-common/nextcloudpi/000ncp (renamed from docker-armhf/nextcloudpi/000ncp) | 0 | ||||
-rw-r--r-- | docker/debian-ncp/Dockerfile | 2 | ||||
-rwxr-xr-x | docker/debian-ncp/run-parts.sh | 47 | ||||
-rwxr-xr-x | docker/lamp/010lamp | 36 | ||||
-rw-r--r-- | docker/lamp/Dockerfile | 2 | ||||
-rwxr-xr-x | docker/nextcloud/020nextcloud | 55 | ||||
-rw-r--r-- | docker/nextcloud/Dockerfile | 11 | ||||
-rwxr-xr-x | docker/nextcloudpi/000ncp | 9 | ||||
-rw-r--r-- | docker/nextcloudpi/Dockerfile | 2 |
18 files changed, 76 insertions, 160 deletions
diff --git a/changelog.md b/changelog.md index 151ebc51..704c4fd2 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,9 @@ -[v0.46.18](https://github.com/nextcloud/nextcloudpi/commit/a3b8829) (2018-02-18) ncp-web: disable event handler after poweroff +[v0.46.20](https://github.com/nextcloud/nextcloudpi/commit/494bb10) (2018-02-15) random password provisioning on boot/startup + +[v0.46.19](https://github.com/nextcloud/nextcloudpi/commit/a57bedb) (2018-02-18) ncp-web: re-style poweroff menu + +[v0.46.18](https://github.com/nextcloud/nextcloudpi/commit/9b78cd6) (2018-02-18) ncp-web: disable event handler after poweroff [v0.46.17](https://github.com/nextcloud/nextcloudpi/commit/91686f2) (2018-02-10) Add dialog for shutdown. diff --git a/docker-armhf/debian-ncp/Dockerfile b/docker-armhf/debian-ncp/Dockerfile index c75a0edb..2e767e09 100644 --- a/docker-armhf/debian-ncp/Dockerfile +++ b/docker-armhf/debian-ncp/Dockerfile @@ -6,4 +6,4 @@ CMD /bin/bash RUN mkdir -p /etc/services-available.d /etc/services-enabled.d -COPY docker-armhf/debian-ncp/run-parts.sh / +COPY docker-common/debian-ncp/run-parts.sh / diff --git a/docker-armhf/lamp/Dockerfile b/docker-armhf/lamp/Dockerfile index 30f96f33..c1119255 100644 --- a/docker-armhf/lamp/Dockerfile +++ b/docker-armhf/lamp/Dockerfile @@ -33,7 +33,7 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \ rm /data/database/ib_logfile*; \ rm /usr/local/etc/lamp.sh -COPY docker/lamp/010lamp /etc/services-enabled.d/ +COPY docker-common/lamp/010lamp /etc/services-enabled.d/ ENTRYPOINT ["/run-parts.sh"] diff --git a/docker-armhf/nextcloud/Dockerfile b/docker-armhf/nextcloud/Dockerfile index 9dc54663..f2ba077e 100644 --- a/docker-armhf/nextcloud/Dockerfile +++ b/docker-armhf/nextcloud/Dockerfile @@ -31,6 +31,11 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \ # specific cleanup apt-get purge -y wget ca-certificates; \ -rm /usr/local/etc/nc-nextcloud.sh - -COPY docker/nextcloud/020nextcloud /etc/services-enabled.d/ +rm /usr/local/etc/nc-nextcloud.sh; \ +sed -i -E "s/^requirepass .*/requirepass default/" /etc/redis/redis.conf; \ +echo -e "[client]\npassword=default" > /root/.my.cnf; \ +chmod 600 /root/.my.cnf + +COPY docker-common/nextcloud/020nextcloud /etc/services-enabled.d/ +COPY docker-common/nextcloud/ncp-provisioning.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/ncp-provisioning.sh diff --git a/docker-armhf/nextcloudpi/Dockerfile b/docker-armhf/nextcloudpi/Dockerfile index 4ea70bc1..7b2fe16a 100644 --- a/docker-armhf/nextcloudpi/Dockerfile +++ b/docker-armhf/nextcloudpi/Dockerfile @@ -73,7 +73,7 @@ rm -rf /usr/share/doc/*; \ rm -f /var/log/alternatives.log /var/log/apt/*; \ rm /var/cache/debconf/*-old; -COPY docker-armhf/nextcloudpi/000ncp /etc/services-enabled.d/ +COPY docker-common/nextcloudpi/000ncp /etc/services-enabled.d/ # 4443 - ncp-web EXPOSE 80 443 4443 diff --git a/docker-armhf/debian-ncp/run-parts.sh b/docker-common/debian-ncp/run-parts.sh index e35ef2af..e35ef2af 100755 --- a/docker-armhf/debian-ncp/run-parts.sh +++ b/docker-common/debian-ncp/run-parts.sh diff --git a/docker-armhf/lamp/010lamp b/docker-common/lamp/010lamp index 9552d848..9552d848 100755 --- a/docker-armhf/lamp/010lamp +++ b/docker-common/lamp/010lamp diff --git a/docker-armhf/nextcloud/020nextcloud b/docker-common/nextcloud/020nextcloud index 0dda6b23..76299b7f 100755 --- a/docker-armhf/nextcloud/020nextcloud +++ b/docker-common/nextcloud/020nextcloud @@ -17,6 +17,9 @@ OCC="$NCDIR/occ" exit 0 } +echo "Provisioning" +/usr/local/bin/ncp-provisioning.sh + echo "Starting Redis" mkdir -p /var/run/redis chown redis /var/run/redis diff --git a/docker-common/nextcloud/ncp-provisioning.sh b/docker-common/nextcloud/ncp-provisioning.sh new file mode 100644 index 00000000..014bd814 --- /dev/null +++ b/docker-common/nextcloud/ncp-provisioning.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# this script runs at startup to provide an unique random passwords for each instance + +## redis provisioning + +REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )" + +### IF redis password is the default one, generate a new one + +[[ "$REDISPASS" == "default" ]] && { + REDISPASS="$( openssl rand -base64 32 )" + echo Provisioning Redis password + sed -i -E "s|^requirepass .*|requirepass $REDISPASS|" /etc/redis/redis.conf +} + +### If there exists already a configuration adjust the password +test -f /data/app/config/config.php && { + echo Updating NextCloud config with Redis password $REDISPASS + sed -i "s|'password'.*|'password' => '$REDISPASS',|" /data/app/config/config.php +} + +## mariaDB provisioning + +DBADMIN=ncadmin +DBPASSWD=$( grep password /root/.my.cnf | cut -d= -f2 ) +[[ "$DBPASSWD" == "default" ]] && { + DBPASSWD=$( openssl rand -base64 32 ) + echo Provisioning MariaDB password + echo -e "[client]\npassword=$DBPASSWD" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql <<EOF +GRANT USAGE ON *.* TO '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; +DROP USER '$DBADMIN'@'localhost'; +CREATE USER '$DBADMIN'@'localhost' IDENTIFIED BY '$DBPASSWD'; +GRANT ALL PRIVILEGES ON nextcloud.* TO $DBADMIN@localhost; +EXIT +EOF +} + +test -f /data/app/config/config.php && { + echo Updating NextCloud config with MariaDB password $DBPASSWD + sed -i "s|'dbpassword' =>.*|'dbpassword' => '$DBPASSWD',|" /data/app/config/config.php +} + +exit 0 diff --git a/docker-armhf/nextcloudpi/000ncp b/docker-common/nextcloudpi/000ncp index f23f0183..f23f0183 100755 --- a/docker-armhf/nextcloudpi/000ncp +++ b/docker-common/nextcloudpi/000ncp diff --git a/docker/debian-ncp/Dockerfile b/docker/debian-ncp/Dockerfile index 6caf7825..0345eb45 100644 --- a/docker/debian-ncp/Dockerfile +++ b/docker/debian-ncp/Dockerfile @@ -6,4 +6,4 @@ CMD /bin/bash RUN mkdir -p /etc/services-available.d /etc/services-enabled.d -COPY docker/debian-ncp/run-parts.sh / +COPY docker-common/debian-ncp/run-parts.sh / diff --git a/docker/debian-ncp/run-parts.sh b/docker/debian-ncp/run-parts.sh deleted file mode 100755 index e35ef2af..00000000 --- a/docker/debian-ncp/run-parts.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -cleanup() -{ - for file in $( ls -1rv /etc/services-enabled.d ); do - /etc/services-enabled.d/"$file" stop "$1" - done - exit -} - -trap cleanup SIGTERM - -cat > /usr/local/sbin/update-rc.d <<'EOF' -#!/bin/bash -FILE=/etc/services-available.d/???"$1" - -test -f $FILE || { - echo "$1 doesn't exist" - exit 1 -} - -[[ "$2" == "enable" ]] && { - ln -sf $FILE /etc/services-enabled.d/$( basename $FILE ) - echo "enabled $1" - exit 0 -} - -[[ "$2" == "disable" ]] && { - rm -f /etc/services-enabled.d/$( basename $FILE ) - echo "disabled $1" - exit 0 -} -EOF -chmod +x /usr/local/sbin/update-rc.d - -# Iterate only over 000* entries which might setup environment -for file in $( ls -1v /etc/services-enabled.d | grep 000* ); do - /etc/services-enabled.d/"$file" start "$1" -done - -# Iterate over remaining entries -for file in $( ls -1v -I 000* /etc/services-enabled.d ); do - /etc/services-enabled.d/"$file" start "$1" -done - -echo "Init done" -while true; do sleep 0.5; done # do nothing, just wait for trap from 'docker stop' diff --git a/docker/lamp/010lamp b/docker/lamp/010lamp deleted file mode 100755 index 9552d848..00000000 --- a/docker/lamp/010lamp +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -source /usr/local/etc/library.sh - -set -e - -[[ "$1" == "stop" ]] && { - echo "Stopping apache" - apachectl graceful-stop - echo "Stopping PHP-fpm" - killall php-fpm7.0 - echo "Stopping mariaDB" - mysqladmin -u root shutdown - echo "LAMP cleanup complete" - exit 0 -} - -# MOVE CONFIGS TO PERSISTENT VOLUME -persistent_cfg /etc/apache2 - -echo "Starting PHP-fpm" -php-fpm7.0 & - -echo "Starting Apache" -/usr/sbin/apache2ctl start - -echo "Starting mariaDB" -mysqld & - -# wait for mariadb -while :; do - [[ -S /var/run/mysqld/mysqld.sock ]] && break - sleep 0.5 -done - -exit 0 diff --git a/docker/lamp/Dockerfile b/docker/lamp/Dockerfile index 86418ef4..6e937edb 100644 --- a/docker/lamp/Dockerfile +++ b/docker/lamp/Dockerfile @@ -33,7 +33,7 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \ rm /data/database/ib_logfile*; \ rm /usr/local/etc/lamp.sh -COPY docker/lamp/010lamp /etc/services-enabled.d/ +COPY docker-common/lamp/010lamp /etc/services-enabled.d/ ENTRYPOINT ["/run-parts.sh"] diff --git a/docker/nextcloud/020nextcloud b/docker/nextcloud/020nextcloud deleted file mode 100755 index 0dda6b23..00000000 --- a/docker/nextcloud/020nextcloud +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -source /usr/local/etc/library.sh - -set -e - -NCDIR=/var/www/nextcloud -OCC="$NCDIR/occ" - -[[ "$1" == "stop" ]] && { - echo "stopping Cron..." - killall cron - echo "stopping Redis..." - killall redis-server - echo "stopping Postfix..." - postfix stop - exit 0 -} - -echo "Starting Redis" -mkdir -p /var/run/redis -chown redis /var/run/redis -sudo -u redis redis-server /etc/redis/redis.conf - -echo "Starting Cron" -cron - -echo "Starting Postfix" -postfix start - - -# INIT DATABASE AND NEXTCLOUD CONFIG (first run) -test -f /data/app/config/config.php || { - echo "Uninitialized instance, running nc-init..." - source /usr/local/etc/library.sh - cd /usr/local/etc/ - activate_script nc-init.sh -} - -# Trusted Domain ( local IP ) -IFACE=$( ip r | grep "default via" | awk '{ print $5 }' ) -IP=$( ip a show dev "$IFACE" | grep global | grep -oP '\d{1,3}(.\d{1,3}){3}' | head -1 ) -sudo -u www-data php "$OCC" config:system:set trusted_domains 1 --value="$IP" - -# Trusted Domain ( as an argument ) -[[ "$@" != "" ]] && { - IP=$( grep -oP '\d{1,3}(\.\d{1,3}){3}' <<< "$2" ) # validate that the first argument is a valid IP - if [[ "$IP" != "" ]]; then - sudo -u www-data php "$OCC" config:system:set trusted_domains 6 --value="$IP" - else - echo "First argument must be an IP address to include as a Trusted domain. Ignoring" - fi -} - -exit 0 diff --git a/docker/nextcloud/Dockerfile b/docker/nextcloud/Dockerfile index f8ad4012..f5e4390e 100644 --- a/docker/nextcloud/Dockerfile +++ b/docker/nextcloud/Dockerfile @@ -31,6 +31,11 @@ rm -f /var/log/alternatives.log /var/log/apt/*; \ # specific cleanup apt-get purge -y wget ca-certificates; \ -rm /usr/local/etc/nc-nextcloud.sh - -COPY docker/nextcloud/020nextcloud /etc/services-enabled.d/ +rm /usr/local/etc/nc-nextcloud.sh; \ +sed -i -E "s/^requirepass .*/requirepass default/" /etc/redis/redis.conf; \ +echo -e "[client]\npassword=default" > /root/.my.cnf; \ +chmod 600 /root/.my.cnf + +COPY docker-common/nextcloud/020nextcloud /etc/services-enabled.d/ +COPY docker-common/nextcloud/ncp-provisioning.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/ncp-provisioning.sh diff --git a/docker/nextcloudpi/000ncp b/docker/nextcloudpi/000ncp deleted file mode 100755 index f23f0183..00000000 --- a/docker/nextcloudpi/000ncp +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -source /usr/local/etc/library.sh - -# INIT NCP CONFIG (first run) -persistent_cfg /usr/local/etc/nextcloudpi-config.d /data/ncp -persistent_cfg /etc/services-enabled.d - -exit 0 diff --git a/docker/nextcloudpi/Dockerfile b/docker/nextcloudpi/Dockerfile index 834669ed..a4662a1c 100644 --- a/docker/nextcloudpi/Dockerfile +++ b/docker/nextcloudpi/Dockerfile @@ -80,7 +80,7 @@ rm -rf /usr/share/doc/*; \ rm -f /var/log/alternatives.log /var/log/apt/*; \ rm /var/cache/debconf/*-old; -COPY docker/nextcloudpi/000ncp /etc/services-enabled.d/ +COPY docker-common/nextcloudpi/000ncp /etc/services-enabled.d/ # 4443 - ncp-web EXPOSE 80 443 4443 |