Use default node user & dumb-init & remove config assumptions
By default the wiki will run in farm mode with friends security
This commit is contained in:
parent
5e6f732fed
commit
fb81d51e29
30
Dockerfile
30
Dockerfile
|
@ -1,20 +1,16 @@
|
|||
FROM node:10-alpine
|
||||
FROM node:lts-alpine
|
||||
|
||||
RUN adduser -D -h /home/app app \
|
||||
&& apk add --update --no-cache \
|
||||
bash \
|
||||
jq \
|
||||
git
|
||||
WORKDIR /home/app
|
||||
RUN apk add --update --no-cache \
|
||||
dumb-init \
|
||||
git \
|
||||
jq
|
||||
WORKDIR "/home/node"
|
||||
ARG WIKI_PACKAGE=wiki@0.19.0
|
||||
RUN su app -c "npm install -g --prefix . $WIKI_PACKAGE"
|
||||
RUN su app -c "mkdir .wiki"
|
||||
COPY configure-wiki set-owner-name ./
|
||||
RUN chown app configure-wiki set-owner-name
|
||||
VOLUME "/home/app/.wiki"
|
||||
ENV DOMAIN=localhost
|
||||
ENV OWNER_NAME="The Owner"
|
||||
ENV COOKIE=insecure
|
||||
RUN su node -c "npm install -g --prefix . $WIKI_PACKAGE"
|
||||
RUN su node -c "mkdir -p .wiki"
|
||||
VOLUME "/home/node/.wiki"
|
||||
EXPOSE 3000
|
||||
USER app
|
||||
CMD ["/home/app/bin/wiki"]
|
||||
USER node
|
||||
ENV PATH="${PATH}:/home/node/bin"
|
||||
ENTRYPOINT ["dumb-init"]
|
||||
CMD ["wiki", "--farm", "--security_type=friends"]
|
||||
|
|
45
README.md
45
README.md
|
@ -1,38 +1,37 @@
|
|||
# Federated Wiki Farm
|
||||
|
||||
http://fed.wiki.org
|
||||
Start Playing Federated Wiki: http://start.fed.wiki
|
||||
|
||||
Although this container can run alone, I use and develop it with
|
||||
a reverse proxy. See: https://github.com/dobbs/wiki-tls
|
||||
### Run a local wiki farm
|
||||
|
||||
See also http://local-farm.wiki.dbbs.co for many more details.
|
||||
docker run -p 3000:3000 -it --rm \
|
||||
dobbs/farm
|
||||
|
||||
### Get acquainted with wiki.
|
||||
Visit http://localhost:3000 and http://anything.localtest.me:3000
|
||||
|
||||
Launch the container:
|
||||
``` bash
|
||||
docker run -p 3000:3000 -it --rm \
|
||||
dobbs/farm
|
||||
```
|
||||
### Run a local wiki that will survive a reboot
|
||||
|
||||
Visit http://localhost:3000
|
||||
docker run -p 3000:3000 -it --rm \
|
||||
-v ~/.wiki:/home/node/.wiki \
|
||||
dobbs/farm
|
||||
|
||||
### Make your wiki survive a reboot
|
||||
Your wiki pages and configuration will be saved in the ~/.wiki folder.
|
||||
|
||||
Create a volume:
|
||||
# Release Notes for 1.0.0
|
||||
|
||||
``` bash
|
||||
docker volume create dot-wiki
|
||||
```
|
||||
This is a significant **breaking** change from pre-1.0 releases. Especially:
|
||||
|
||||
Launch the container:
|
||||
``` bash
|
||||
docker run -p 3000:3000 -it --rm \
|
||||
-v dot-wiki:/home/app/.wiki \
|
||||
dobbs/farm
|
||||
```
|
||||
* changed the user from `app` (`uid=1001(app) gid=1001(app) groups=1001(app)`)
|
||||
to `node` (`uid=1000(node) gid=1000(node) groups=1000(node),1000(node)`)
|
||||
|
||||
Visit http://localhost:3000
|
||||
* no longer installing `bash`, `configure-wiki`, nor `set-owner-name`
|
||||
|
||||
* no longer creating `/home/app/.wiki/wiki.json`
|
||||
|
||||
Those changes in particular will impose some work on authors upgrading
|
||||
from previous versions.
|
||||
|
||||
The last non-breaking revision is 0.52.0 https://github.com/dobbs/farm/tree/0.52.0#readme
|
||||
|
||||
# Development
|
||||
|
||||
|
|
|
@ -1,72 +0,0 @@
|
|||
#!/bin/bash -eu
|
||||
set -o pipefail
|
||||
|
||||
main() {
|
||||
initialize-environment-vars
|
||||
assert-file-privileges || report-errors-and-exit
|
||||
ensure-owner-file
|
||||
ensure-config-file
|
||||
show-configs
|
||||
}
|
||||
|
||||
initialize-environment-vars() {
|
||||
ERRORS=''
|
||||
readonly OWNER_FILE=/home/app/.wiki/$DOMAIN.owner.json
|
||||
readonly CONFIG_FILE=/home/app/.wiki/config.json
|
||||
}
|
||||
|
||||
assert-file-privileges() {
|
||||
[ -w /home/app/.wiki ] \
|
||||
|| ERRORS="app cannot write to /home/app/.wiki\n${ERRORS}"
|
||||
|
||||
[ ${#ERRORS} == 0 ]
|
||||
}
|
||||
|
||||
report-errors-and-exit() {
|
||||
echo -e $ERRORS
|
||||
echo "exiting."
|
||||
exit 1
|
||||
}
|
||||
|
||||
ensure-owner-file() {
|
||||
if [ ! -r "$OWNER_FILE" ]; then
|
||||
jq -n --arg name "$OWNER_NAME" --arg secret $(random-string) \
|
||||
'.name = $name | .friend.secret = $secret' > $OWNER_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
ensure-config-file() {
|
||||
if [ ! -r "$CONFIG_FILE" ]; then
|
||||
> $CONFIG_FILE \
|
||||
jq -n -M \
|
||||
--arg admin $(jq -r .friend.secret $OWNER_FILE) \
|
||||
--arg random $(random-string) \
|
||||
--arg cookie $COOKIE \
|
||||
--arg domain $DOMAIN \
|
||||
--arg owner $OWNER_FILE \
|
||||
'
|
||||
.admin = $admin
|
||||
| .autoseed = true
|
||||
| .farm = true
|
||||
| .cookieSecret = $random
|
||||
| .secure_cookie = ("secure" == $cookie)
|
||||
| .security_type = "friends"
|
||||
| .wikiDomains[$domain].id = "/home/app/.wiki/\($domain).owner.json"
|
||||
'
|
||||
|
||||
fi
|
||||
}
|
||||
|
||||
random-string() {
|
||||
node -e 'console.log(require("crypto").randomBytes(64).toString("hex"))'
|
||||
}
|
||||
|
||||
show-configs() {
|
||||
set -x
|
||||
ls -l $OWNER_FILE $CONFIG_FILE
|
||||
cat $OWNER_FILE
|
||||
cat $CONFIG_FILE
|
||||
set +x
|
||||
}
|
||||
|
||||
main
|
|
@ -1,39 +0,0 @@
|
|||
#!/bin/bash -eu
|
||||
set -o pipefail
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $(basename $0) NAME
|
||||
|
||||
replaces the owner's name in $OWNER_FILE
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
main() {
|
||||
initialize-environment-vars $@ || { usage; exit 1; }
|
||||
backup-and-save-name
|
||||
report-success
|
||||
}
|
||||
|
||||
initialize-environment-vars() {
|
||||
readonly OWNER_FILE=/home/app/.wiki/$DOMAIN.owner.json
|
||||
readonly OWNER_BACKUP_FILE=$OWNER_FILE-saved-$(date --iso-8601=minutes)
|
||||
readonly NAME=${@:-missing}
|
||||
[ ! "$NAME" == "missing" ]
|
||||
}
|
||||
|
||||
backup-and-save-name() {
|
||||
mv $OWNER_FILE $OWNER_BACKUP_FILE
|
||||
jq ".name = \"$NAME\"" $OWNER_BACKUP_FILE > $OWNER_FILE
|
||||
}
|
||||
|
||||
report-success() {
|
||||
cat <<EOF
|
||||
Owner's name changed to "$NAME"
|
||||
Previous config is saved in ${OWNER_BACKUP_FILE##$PWD/}
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
main "$@"
|
Loading…
Reference in New Issue