docker-privatebin/Dockerfile

FROM alpine:latest
MAINTAINER Jeroen Geusebroek <me@jeroengeusebroek.nl>

ARG VERSION=1.3.3

ENV GID=991 UID=991

RUN apk -U add \
    curl \
    nginx \
    php7-fpm \
    php7-gd \
    php7-json \
    php7-pdo \
    php7-pdo_mysql \
    php7-pdo_pgsql \
    supervisor \
    ca-certificates \
    tar \
    gnupg \
 && mkdir -p privatebin/data \
 && export GNUPGHOME="$(mktemp -d)" \
 && gpg2 --list-public-keys || /bin/true \
 && curl -s https://privatebin.info/key/release.asc | gpg2 --import - \
 && curl -Lso privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/$VERSION/PrivateBin-$VERSION.tar.gz.asc \
 && curl -Lso privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz \
 && gpg2 --verify privatebin.tar.gz.asc \
 && rm -rf "$GNUPGHOME" /var/www/* \
 && cd /var/www \
 && tar -xzf /privatebin.tar.gz --strip 1 \
 && mv cfg/conf.sample.php /privatebin/ \
 && mv cfg /privatebin/ \
 && mv lib /privatebin \
 && mv tpl /privatebin \
 && mv vendor /privatebin \
 && sed -i "s#define('PATH', '');#define('PATH', '/privatebin/');#" index.php \
 && apk del tar ca-certificates curl gnupg \
 && rm -f /privatebin.tar.gz* *.md /var/cache/apk/*

COPY files/nginx.conf /etc/nginx/nginx.conf
COPY files/php-fpm.conf /etc/php7/php-fpm.conf
COPY files/supervisord.conf /usr/local/etc/supervisord.conf
COPY entrypoint.sh /

# Mark dirs as volumes that need to be writable, allows running the container --read-only
VOLUME [ "/privatebin/data", "/privatebin/cfg", "/etc", "/tmp", "/var/lib/nginx/tmp", "/run", "/var/log" ]

EXPOSE 80
LABEL description "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data."
CMD ["/entrypoint.sh"]
Initial commit 2017-01-03 22:27:16 +01:00			`FROM alpine:latest`
			`MAINTAINER Jeroen Geusebroek <me@jeroengeusebroek.nl>`

Fix nginx tmp permissions (probably because of a volume). #12 2020-10-07 20:40:10 +02:00			`ARG VERSION=1.3.3`
Initial commit 2017-01-03 22:27:16 +01:00
			`ENV GID=991 UID=991`

			`RUN apk -U add \`
			`curl \`
			`nginx \`
			`php7-fpm \`
			`php7-gd \`
			`php7-json \`
Add MySQL support 2018-03-19 09:43:07 +01:00			`php7-pdo \`
			`php7-pdo_mysql \`
Add pdo_pgsql for postgres support 2020-08-06 12:14:54 +02:00			`php7-pdo_pgsql \`
Initial commit 2017-01-03 22:27:16 +01:00			`supervisor \`
			`ca-certificates \`
			`tar \`
adding signature check for PrivateBin archive, securing installation by splitting web root from libraries and data 2018-06-05 07:34:09 +02:00			`gnupg \`
			`&& mkdir -p privatebin/data \`
			`&& export GNUPGHOME="$(mktemp -d)" \`
			`&& gpg2 --list-public-keys \|\| /bin/true \`
new release 1.2.1 2018-08-11 23:37:03 +02:00			`&& curl -s https://privatebin.info/key/release.asc \| gpg2 --import - \`
adding signature check for PrivateBin archive, securing installation by splitting web root from libraries and data 2018-06-05 07:34:09 +02:00			`&& curl -Lso privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/$VERSION/PrivateBin-$VERSION.tar.gz.asc \`
			`&& curl -Lso privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz \`
			`&& gpg2 --verify privatebin.tar.gz.asc \`
			`&& rm -rf "$GNUPGHOME" /var/www/* \`
			`&& cd /var/www \`
			`&& tar -xzf /privatebin.tar.gz --strip 1 \`
			`&& mv cfg/conf.sample.php /privatebin/ \`
			`&& mv cfg /privatebin/ \`
			`&& mv lib /privatebin \`
			`&& mv tpl /privatebin \`
			`&& mv vendor /privatebin \`
			`&& sed -i "s#define('PATH', '');#define('PATH', '/privatebin/');#" index.php \`
			`&& apk del tar ca-certificates curl gnupg \`
			`&& rm -f /privatebin.tar.gz* .md /var/cache/apk/`
Initial commit 2017-01-03 22:27:16 +01:00
			`COPY files/nginx.conf /etc/nginx/nginx.conf`
			`COPY files/php-fpm.conf /etc/php7/php-fpm.conf`
			`COPY files/supervisord.conf /usr/local/etc/supervisord.conf`
			`COPY entrypoint.sh /`

Version bump and fixes #10. 2020-01-17 11:36:26 +01:00			`# Mark dirs as volumes that need to be writable, allows running the container --read-only`
			`VOLUME [ "/privatebin/data", "/privatebin/cfg", "/etc", "/tmp", "/var/lib/nginx/tmp", "/run", "/var/log" ]`
Initial commit 2017-01-03 22:27:16 +01:00
			`EXPOSE 80`
			`LABEL description "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data."`
ensuring that container can run read-only and logs are forwarded to docker logs, fixes for latest alpine and cleanup 2018-06-05 06:55:45 +02:00			`CMD ["/entrypoint.sh"]`