Announcement

  •  » Requests
  •  » Official Docker container image

#16 2021-01-31 14:01:54

jobec
Member
2020-08-01
7

Re: Official Docker container image

This is how I build my piwigo docker image. It includes all extensions and themes I need, along with some default configs that can be set from a file.

Code:

FROM php:7.4-apache

ARG PIWIGO_RELEASE=2.10.2

# PHP config
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" && \
    sed -i "s/max_execution_time = 30/max_execution_time = 300/" "$PHP_INI_DIR/php.ini" && \
    sed -i "s/memory_limit = 128M/memory_limit = 512M/" "$PHP_INI_DIR/php.ini" && \
    sed -i "s/max_input_time = 60/max_input_time = 180/" "$PHP_INI_DIR/php.ini" && \
    sed -i "s/post_max_size = 8M/post_max_size = 100M/" "$PHP_INI_DIR/php.ini" && \
    sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 100M/" "$PHP_INI_DIR/php.ini" && \
    sed -i "s/expose_php = On/expose_php = Off/" "$PHP_INI_DIR/php.ini"

# Install external dependencies
RUN set ex && \
    \
    apt-get update && \
    apt-get install -y --no-install-recommends \
        dcraw \
        mediainfo \
        ffmpeg\
        imagemagick \
        libmagickwand-dev \
        unzip \
# GD deps
        zlib1g-dev \
        libpng-dev \
# jpegtran
        libjpeg-turbo-progs \
# pdftoppm
        poppler-utils \
        libfcgi-bin \
        exiftool && \
    rm -rf /var/lib/apt/lists/*

# Extra PHP extensions
RUN set ex && \
    docker-php-ext-install exif && \
    docker-php-ext-enable exif && \
    \
    docker-php-ext-install mysqli && \
    docker-php-ext-enable mysqli && \
    \
    docker-php-ext-install gd && \
    docker-php-ext-enable gd && \
    \
    pecl install imagick && \
    docker-php-ext-enable imagick

# Apache config
ENV APACHE_DOCUMENT_ROOT /var/www

ADD 000-default.conf /etc/apache2/sites-available/000-default.conf

RUN sed -ri -e 's!Listen 80!Listen 8080!g' /etc/apache2/ports.conf && \
    sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf && \
    sed -ri -e 's!ServerSignature On!ServerSignature Off!g' /etc/apache2/conf-available/*.conf && \
    sed -ri -e 's!ServerTokens OS!ServerTokens Prod!g' /etc/apache2/conf-available/*.conf && \
    rm -rf ${APACHE_DOCUMENT_ROOT}/html && \
    a2enmod rewrite && \
    chmod -R 0755 /etc/apache2

# Get and extract piwigo
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/piwigo.zip \
       "http://piwigo.org/download/dlcounter.php?code=${PIWIGO_RELEASE}" && \
    unzip ${APACHE_DOCUMENT_ROOT}/piwigo.zip -d ${APACHE_DOCUMENT_ROOT} && \
    mv ${APACHE_DOCUMENT_ROOT}/piwigo/* ${APACHE_DOCUMENT_ROOT} && \
    rm -f ${APACHE_DOCUMENT_ROOT}/piwigo.zip && \
    rm -rf ${APACHE_DOCUMENT_ROOT}/piwigo

# Add extensions
# --------------
# GThumb+ 2.8.a
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip \
         https://piwigo.org/ext/download.php?rid=5589 && \
    unzip ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip -d ${APACHE_DOCUMENT_ROOT}/plugins && \
    rm -f ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip

# RV Thumbnail Scroller 2.7.a
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip \
         https://piwigo.org/ext/download.php?rid=5086 && \
    unzip ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip -d ${APACHE_DOCUMENT_ROOT}/plugins && \
    rm -f ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip

# Share Album 1.4
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip \
         https://piwigo.org/ext/download.php?rid=7153 && \
    unzip ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip -d ${APACHE_DOCUMENT_ROOT}/plugins && \
    rm -f ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip

# EXIF View 2.9.a
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip \
         https://piwigo.org/ext/download.php?rid=6454 && \
    unzip ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip -d ${APACHE_DOCUMENT_ROOT}/plugins && \
    rm -f ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip

# piwigo-openstreetmap 2.9a
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip \
         https://piwigo.org/ext/download.php?rid=6721 && \
    unzip ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip -d ${APACHE_DOCUMENT_ROOT}/plugins && \
    rm -f ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip

# Social Connect 2.2.5
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip \
         https://piwigo.org/ext/download.php?rid=6132 && \
    unzip ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip -d ${APACHE_DOCUMENT_ROOT}/plugins && \
    rm -f ${APACHE_DOCUMENT_ROOT}/plugins/plugin.zip && \
# Patch the Google provider, it's outdated and not working in the included version
    curl \
      -o ${APACHE_DOCUMENT_ROOT}/plugins/oAuth/include/hybridauth/Hybrid/Providers/Google.php -L \
      https://raw.githubusercontent.com/hybridauth/hybridauth/06909cd8cbc1201f01db8a8d36bc8c06dd27223d/hybridauth/Hybrid/Providers/Google.php


# Bootstrap Darkroom 2.4.4
RUN set ex && \
    curl -L -o ${APACHE_DOCUMENT_ROOT}/themes/theme.zip \
         https://piwigo.org/ext/download.php?rid=7015 && \
    unzip ${APACHE_DOCUMENT_ROOT}/themes/theme.zip -d ${APACHE_DOCUMENT_ROOT}/themes && \
    rm -f ${APACHE_DOCUMENT_ROOT}/themes/theme.zip

# Override some default configs not stored in the DB
# --------------------------------------------------
# Piwigo
ADD config.inc.php ${APACHE_DOCUMENT_ROOT}/local/config/config.inc.php
# GThumb+
ADD GThumb_config_default.inc.php ${APACHE_DOCUMENT_ROOT}/plugins/GThumb/config_default.inc.php
# Bootstrap theme
RUN sed -ri -e "s!PAGE_HEADER => 'jumbotron'!PAGE_HEADER => 'none'!g" ${APACHE_DOCUMENT_ROOT}/themes/bootstrap_darkroom/include/config.php && \
    sed -ri -e "s!CAT_NB_IMAGES => true!CAT_NB_IMAGES => false!g" ${APACHE_DOCUMENT_ROOT}/themes/bootstrap_darkroom/include/config.php && \
    sed -ri -e "s!THUMBNAIL_LINKTO => 'picture'!THUMBNAIL_LINKTO => 'photoswipe'!g" ${APACHE_DOCUMENT_ROOT}/themes/bootstrap_darkroom/include/config.php && \
    sed -ri -e "s!THUMBNAIL_CAPTION => true!THUMBNAIL_CAPTION => false!g" ${APACHE_DOCUMENT_ROOT}/themes/bootstrap_darkroom/include/config.php && \
    sed -ri -e "s!SOCIAL_ENABLED => true!SOCIAL_ENABLED => false!g" ${APACHE_DOCUMENT_ROOT}/themes/bootstrap_darkroom/include/config.php

# Lock down theme and plugin dirs to prevent modification
RUN chmod -R 755 ${APACHE_DOCUMENT_ROOT}/plugins && \
    chmod -R 755 ${APACHE_DOCUMENT_ROOT}/themes

VOLUME ["${APACHE_DOCUMENT_ROOT}/_data", "${APACHE_DOCUMENT_ROOT}/local", "${APACHE_DOCUMENT_ROOT}/galleries", "${APACHE_DOCUMENT_ROOT}/upload"]

WORKDIR ${APACHE_DOCUMENT_ROOT}

EXPOSE 8080

This is piwigo's config.inc.php file:

Code:

<?php
// this permit to show the php errors reporting (see INI 'error_reporting'
// for possible values)
// gives an empty value '' to deactivate
$conf['show_php_errors'] = E_ALL & ~E_NOTICE & ~E_DEPRECATED;

// newcat_default_status : at creation, must a category be public or private
// ? Warning : if the parent category is private, the category is
// automatically create private.
$conf['newcat_default_status'] = 'private';

// meta_ref to reference multiple sets of incorporated pages or elements
// Set it false to avoid referencing in Google, and other search engines.
$conf['meta_ref'] = false;

// does the guest have access ?
// (not a security feature, set your categories "private" too)
// If false it'll be redirected from index.php to identification.php
$conf['guest_access'] = false;

// question_mark_in_urls : the generated urls contain a ? sign. This can be
// changed to false only if the server translates PATH_INFO variable
// (depends on the server AcceptPathInfo directive configuration)
$conf['question_mark_in_urls'] = false;

// php_extension_in_urls : if true, the urls generated for picture and
// category will not contain the .php extension. This will work only if
// .htaccess defines Options +MultiViews parameter or url rewriting rules
// are active.
$conf['php_extension_in_urls'] = false;

// category_url_style : one of 'id' (default) or 'id-name'. 'id-name'
// means that an simplified ascii representation of the category name will
// appear in the url
$conf['category_url_style'] = 'id-name';

// Display a link to subscribe to Piwigo Announcements Newsletter
$conf['show_newsletter_subscription'] = false;

// permitted characters for files/directories during synchronization
$conf['sync_chars_regex'] = '/^[a-zA-Z0-9-_. ]+$/';

// Default behaviour when a new album is created: should the new album inherit the group/user
// permissions from its parent? Note that config is only used for Ftp synchro,
// and if that option is not explicitly transmit when the album is created.
$conf['inheritance_by_default'] = true;

// Size of chunks, in kilobytes. Fast connections will have better
// performances with high values, such as 5000.
$conf['upload_form_chunk_size'] = 5000;

// Log level (OFF, CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG)
// development = DEBUG, production = ERROR
$conf['log_level'] = 'ERROR';

// remember_me_length : time of validity for "remember me" cookies, in
// seconds.
$conf['remember_me_length'] = 17280000;

// session_length : time of validity for normal session, in seconds.
$conf['session_length'] = 172800;

// show_exif_fields : in EXIF fields, you can choose to display fields in
// sub-arrays, for example ['COMPUTED']['ApertureFNumber']. for this, add
// 'COMPUTED;ApertureFNumber' in $conf['show_exif_fields']
//
// The key displayed in picture.php will be $lang['exif_field_Make'] for
// example and if it exists. For compound fields, only take into account the
// last part : for key 'COMPUTED;ApertureFNumber', you need
// $lang['exif_field_ApertureFNumber']
//
// for PHP version newer than 4.1.2 :
// $conf['show_exif_fields'] = array('CameraMake','CameraModel','DateTime');
//
$conf['show_exif_fields'] = array(
    'Make',
    'Model',
    'Artist',
    'ExifVersion',
    'Software',
    'DateTimeOriginal',
    'FNumber',
    'ExposureBiasValue',
    'FILE;FileSize',
    'ExposureTime',
    'Flash',
    'ISOSpeedRatings',
    'FocalLength',
    'FocalLengthIn35mmFilm',
    'WhiteBalance',
    'ExposureMode',
    'MeteringMode',
    'ExposureProgram',
    );
// use_exif: Use EXIF data during database synchronization with files
// metadata
$conf['use_exif'] = true;

// use_exif_mapping: same behaviour as use_iptc_mapping
$conf['use_exif_mapping'] = array(
  'date_creation' => 'DateTimeOriginal',
  'author' => 'Artist',
);

// send_bcc_mail_webmaster: send bcc mail to webmaster. Set true for debug
// or test.
$conf['send_bcc_mail_webmaster'] = false;

// define the name of sender mail: if value is empty, gallery title is used
$conf['mail_sender_name'] = 'photos.xxx.xxx';

// define the email of sender mail: if value is empty, webmaster email is used
$conf['mail_sender_email'] = '';

// set true to allow text/html emails
$conf['mail_allow_html'] = true;

// smtp configuration (work if fsockopen function is allowed for smtp port)
// smtp_host: smtp server host
//  if null, regular mail function is used
//   format: hoststring[:port]
//   exemple: smtp.pwg.net:21
// smtp_user/smtp_password: user & password for smtp authentication
$conf['smtp_host'] = 'smtp.xxxxx.xx:25';
$conf['smtp_user'] = '';
$conf['smtp_password'] = '';

// 'ssl' or 'tls'
$conf['smtp_secure'] = null;

// show_iptc: Show IPTC metadata on picture.php if asked by user
$conf['show_iptc'] = true;

// use_iptc: Use IPTC data during database synchronization with files
// metadata
$conf['use_iptc'] = true;

// 'small', 'medium' or 'large'
$conf['derivative_default_size'] = 'large';

// Support X-Forwarded-Proto header for HTTPS detection
if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
    $_SERVER['HTTPS'] = 'on';
}
// Support for X-Forwarded-For header
if ($_SERVER['HTTP_X_FORWARDED_FOR']) {
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
?>

And Apache's config:

Code:

<VirtualHost *:8080>
  ServerAdmin webmaster@localhost
  DocumentRoot ${APACHE_DOCUMENT_ROOT}
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Needed for nicer URLs
    RewriteEngine on
    RewriteRule ^/index/(.*)     /index.php/$1                           [QSA,L]
    RewriteRule ^/picture/(.*)   /picture.php/$1                         [QSA,L]
    RewriteRule ^/i/(.*)         /i.php/$1                               [QSA,L]
    RewriteRule ^/osmmap/(.*)    /plugins/piwigo-openstreetmap/osmmap2.php?$1    [QSA,L]
</VirtualHost>

This I eventually run as a non-root user alongside a mariaDB container and I mount the volumes mentioned in the Dockerfile to folders on my server. Allowing me to take backups of photos and such.

And in the end, it's all behind a Caddy server providing HTTPS for my site.

There's a bit more to it then the stuff above, but in the end everything, from creating users, volumes, backups, etc etc is all setup from an Ansible playbook which I run against my server. In theory this allows me to completely replace my server with a new one, run the playbook, recover backups and be up and running again.

But most importantly, it add security because the PHP files are not writeable any more. If someone manages to login as an admin in my piwigo install, they cannot start injecting PHP code or do other things. And because it's all in a container running as a non-root user, they also cannot investigate what else is running on my server.

Offline

 

#17 2021-01-31 14:12:12

jobec
Member
2020-08-01
7

Re: Official Docker container image

Oh, and incase you wonder, I didn't test this for piwigo 11.1.0 yet. Not all plugins I use are already listed as supporting the new version.

But then again, apart from database migrations, this container approach would allow me to roll back to the previous piwigo version within seconds. Including any modified themes/plugins.

Offline

 

#18 2021-02-04 15:37:29

nlb
Member
2021-01-28
1

Re: Official Docker container image

Thanks for your work and your share ! maybe i will test it and give you some returns.
See you

Offline

 

#19 2021-02-21 14:07:01

jobec
Member
2020-08-01
7

Re: Official Docker container image

Just FYI: the above docker file also works for 11.3.0
I just updated my installation with it, and it works fine (ignoring some plugin issues)

Offline

 

#20 2021-03-06 12:38:05

tommi
Member
a galaxy far, far away
2021-01-07
8

Re: Official Docker container image

+1

Offline

 
  •  » Requests
  •  » Official Docker container image

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2021 · Contact