george/docker-privatebin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adding signature check for PrivateBin archive, securing installation by splitting web root from libraries and data

Browse Source
This commit is contained in:
El RIDO
2018-06-05 07:34:09 +02:00
parent cf7d8e1e48
commit 5808886738
3 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
Dockerfile
View File

@@ -10,20 +10,31 @@ RUN apk -U add \
nginx \
php7-fpm \
php7-gd \
php7-mcrypt \
php7-json \
php7-pdo \
php7-pdo_mysql \
supervisor \
ca-certificates \
tar \
&& mkdir privatebin && cd privatebin \
&& curl -L -o privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz \
&& tar xvzf privatebin.tar.gz --strip 1 \
&& rm privatebin.tar.gz \
&& mv cfg/conf.sample.php /privatebin \
&& apk del tar ca-certificates curl libcurl \
&& rm -f /var/cache/apk/*
gnupg \
&& mkdir -p privatebin/data \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg2 --list-public-keys || /bin/true \
&& curl -s https://privatebin.info/key/rugk.asc | gpg2 --import - \
&& curl -Lso privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/$VERSION/PrivateBin-$VERSION.tar.gz.asc \
&& curl -Lso privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz \
&& gpg2 --verify privatebin.tar.gz.asc \
&& rm -rf "$GNUPGHOME" /var/www/* \
&& cd /var/www \
&& tar -xzf /privatebin.tar.gz --strip 1 \
&& mv cfg/conf.sample.php /privatebin/ \
&& mv cfg /privatebin/ \
&& mv lib /privatebin \
&& mv tpl /privatebin \
&& mv vendor /privatebin \
&& sed -i "s#define('PATH', '');#define('PATH', '/privatebin/');#" index.php \
&& apk del tar ca-certificates curl gnupg \
&& rm -f /privatebin.tar.gz* *.md /var/cache/apk/*
COPY files/nginx.conf /etc/nginx/nginx.conf
COPY files/php-fpm.conf /etc/php7/php-fpm.conf

2
files/nginx.conf
View File

@@ -48,7 +48,7 @@ http {
server {
listen 80;
root /privatebin;
root /var/www;
index index.php index.html;
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {

2
files/php-fpm.conf
View File

@@ -11,4 +11,4 @@ pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
chdir = /var/www