[mass update] fix supporting multiple domains while enforcing ssl

Re: coop-cloud/recipes-catalogue-json#4

.drone.yml

@@ -3,10 +3,12 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: selfoss
+      networks:
+       - proxy
       deploy_key:
         from_secret: drone_ssh_swarm_test
     environment:
@@ -22,11 +24,17 @@ trigger:
     - main
 ---
 kind: pipeline
-name: recipe release
+name: generate recipe catalogue
 steps:
   - name: release a new version
-    image: thecoopcloud/drone-abra:latest
+    image: plugins/downstream
     settings:
-      command: recipe selfoss release
-      deploy_key:
-        from_secret: abra_bot_deploy_key
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - toolshed/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -15,8 +15,7 @@ SELFOSS_DB_TYPE=sqlite
 # Set these two variables to enable authentication
 SELFOSS_USERNAME=
 SELFOSS_PASSWORD=
-# The recommended /password hash script currently seems broken; use this instead:
-# 	http://www.passwordtool.hu/php5-password-hash-generator
+# Visit /password on your instance to generate a password hash
 
 # Options are EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, None
 SELFOSS_LOGGER_LEVEL=ERROR

README.md

@@ -7,7 +7,7 @@
 <!-- metadata -->
 * **Category**: Apps
 * **Status**: 1, alpha
-* **Image**: [`akito13/selfoss`](https://hub.docker.com/r/akito13/selfoss), 2, 3rd-party
+* **Image**: [`rsprta/selfoss`](https://hub.docker.com/r/rsprta/selfoss), 2, 3rd-party
 * **Healthcheck**: Yes
 * **Backups**: No
 * **Email**: No
@@ -21,9 +21,9 @@
 2. Deploy [`coop-cloud/traefik`][cc-traefik]
 3. `abra app new selfoss --secrets` (optionally with `--pass` if you'd like
    to save secrets in `pass`)
-4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
+4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app YOURAPPDOMAIN deploy`
+5. `abra app deploy YOURAPPDOMAIN`
 6. Open the configured domain in your browser to finish set-up
 
 [Selfoss]: https://www.selfoss.aditu.de/

abra.sh

@@ -1 +1 @@
-export ENTRYPOINT_CONF_VERSION=v7
+export ENTRYPOINT_CONF_VERSION=v9

compose.yml

@@ -1,7 +1,7 @@
 version: '3.8'
 services:
   app:
-    image: akito13/selfoss:0.2.0
+    image: rsprta/selfoss:2.19
     volumes:
       - selfoss:/selfoss/data
     environment:
@@ -13,9 +13,11 @@ services:
       - SELFOSS_DB_TYPE
       - SELFOSS_LOGGER_LEVEL
       # Not working yet :/
-      #- SELFOSS_WALLABAG
-      #- SELFOSS_WALLABAG_VERSION
+      - SELFOSS_WALLABAG
+      - SELFOSS_WALLABAG_VERSION
+      - SELFOSS_MASTODON
       - SELFOSS_SHARE
+      - SELFOSS_BASE_URL=https://${DOMAIN}/
     #secrets:
     # TODO 3wc: see above note about issue #3
     #- selfoss_password
@@ -27,7 +29,7 @@ services:
       - proxy
     entrypoint: /docker-entrypoint.sh
     healthcheck:
-      test: ["CMD", "wget", "-qO", "-", "http://localhost:8888"]
+      test: ["CMD", "wget", "-qO", "-", "http://127.0.0.1:8888"]
       interval: 30s
       timeout: 10s
       retries: 10
@@ -44,8 +46,8 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
         - "coop-cloud.${STACK_NAME}.version=0.1.0+0.2.0"
 networks:
   proxy:

entrypoint.sh.tmpl

@@ -1,46 +1,24 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 
 configure_php() {
 	# 3wc: these changes allow environment variables to propagate to PHP; Selfoss
 	# already loads its config from environment variables but unless we make these
 	# changes, it can't access them. See 
 	#	https://github.com/docker-library/php/pull/93/files
-	if ! grep -q '^clear_env = no' /etc/php7/php-fpm.d/www.conf; then
-		sed -i 's/;clear_env = no/clear_env = no/' /etc/php7/php-fpm.d/www.conf
+	if ! grep -q '^clear_env = no' /etc/php8/php-fpm.d/www.conf; then
+		sed -i 's/;clear_env = no/clear_env = no/' /etc/php8/php-fpm.d/www.conf
 	fi
-	if ! grep -q '^clear_env = no' /etc/php7/php-fpm.conf; then
-		echo 'clear_env = no' >> /etc/php7/php-fpm.conf 
+	if ! grep -q '^clear_env = no' /etc/php8/php-fpm.conf; then
+		echo 'clear_env = no' >> /etc/php8/php-fpm.conf 
 	fi
-	if ! grep -q 'variables_order = "EGPCS"' /etc/php7/php.ini; then
+	if ! grep -q 'variables_order = "EGPCS"' /etc/php8/php.ini; then
 		sed -i 's/variables_order = "GPCS"/variables_order = "EGPCS"/g' \
-			/etc/php7/php.ini
+			/etc/php8/php.ini
 	fi
 }
-
-file_env() {
-	# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
-	# 	https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
-	local var="$1"
-	local fileVar="${var}_FILE"
-	local def="${2:-}"
-
-	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-		exit 1
-	fi
-	local val="$def"
-	if [ "${!var:-}" ]; then
-		val="${!var}"
-	elif [ "${!fileVar:-}" ]; then
-		val="$(< "${!fileVar}")"
-	fi
-	export "$var"="$val"
-	unset "$fileVar"
-}
-
 load_vars() {
-	file_env "SELFOSS_PASSWORD"
-	file_env "SELFOSS_DB_PASSWORD"
+	#export SELFOSS_PASSWORD=$(cat $SELFOSS_PASSWORD_FILE)
+	export SELFOSS_DB_PASSWORD=$(cat $SELFOSS_DB_PASSWORD_FILE)
 }
 
 main() {