diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..bc00a38 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,27 @@ +name: Build & Publish Docker Image + +on: + push: + branches: + - master + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Set output + id: vars + run: echo ::set-output name=tag::$ + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - name: Build and push + id: docker_build + uses: docker/build-push-action@v2 + with: + push: true + tags: diouxx/glpi:latest diff --git a/.gitignore b/.gitignore index 332333c..86a208c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ docker-compose-test.yml +cust-entry.sh +data +start-docker.sh \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 0bd2e29..b424812 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,42 @@ #On choisit une debian -FROM debian:latest +FROM debian:12.5 + +LABEL org.opencontainers.image.authors="github@diouxx.be" -MAINTAINER DiouxX "github@diouxx.be" #Ne pas poser de question à l'installation ENV DEBIAN_FRONTEND noninteractive -#Installation d'apache et de php5 avec extension +#Installation d'apache et de php8.3 avec extension RUN apt update \ -&& apt -y upgrade \ -&& apt -y install \ +&& apt install --yes ca-certificates apt-transport-https lsb-release wget curl \ +&& curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg \ +&& sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' \ +&& apt update \ +&& apt install --yes --no-install-recommends \ apache2 \ -php \ -php-mysql \ -php-ldap \ -php-xmlrpc \ -php-imap \ -curl \ -php-curl \ -php-gd \ -php-mbstring \ -php-xml \ -php-apcu-bc \ +php8.3 \ +php8.3-mysql \ +php8.3-ldap \ +php8.3-xmlrpc \ +php8.3-imap \ +php8.3-curl \ +php8.3-gd \ +php8.3-mbstring \ +php8.3-xml \ php-cas \ +php8.3-intl \ +php8.3-zip \ +php8.3-bz2 \ +php8.3-redis \ cron \ -wget \ jq \ -snmpd +libldap-2.5-0 \ +libldap-common \ +libsasl2-2 \ +libsasl2-modules \ +libsasl2-modules-db \ +&& rm -rf /var/lib/apt/lists/* #Copie et execution du script pour l'installation et l'initialisation de GLPI COPY glpi-start.sh /opt/ diff --git a/README.md b/README.md index 3bbb0f5..d13c27a 100644 --- a/README.md +++ b/README.md @@ -1,70 +1,186 @@ # Project to deploy GLPI with docker -[![](https://images.microbadger.com/badges/version/diouxx/glpi.svg)](http://microbadger.com/images/diouxx/glpi "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/diouxx/glpi.svg)](http://microbadger.com/images/diouxx/glpi "Get your own image badge on microbadger.com") +![Docker Pulls](https://img.shields.io/docker/pulls/diouxx/glpi) ![Docker Stars](https://img.shields.io/docker/stars/diouxx/glpi) [![](https://images.microbadger.com/badges/image/diouxx/glpi.svg)](http://microbadger.com/images/diouxx/glpi "Get your own image badge on microbadger.com") ![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/diouxx/glpi) # Table of Contents -1. [Introduction](#introduction) -2. [Deploy CLI](#deploy-with-CLI) - - [Deploy GLPI without database](#deploy-glpi-without-database) - - [Deploy GLPI with existing database](#deploy-glpi-with-existing-database) - - [Deploy GLPI with database and persistance container data](#deploy-glpi-with-database-and-persistance-container-data) - - [Deploy a specific release of GLPI](#deploy-a-specific-release-of-glpi) -3. [Deploy docker-compose](#deploy-with-docker-compose) -4. [Environnment variables](#environnment-variables) - - [Timezone](#timezone) +- [Project to deploy GLPI with docker](#project-to-deploy-glpi-with-docker) +- [Table of Contents](#table-of-contents) +- [Introduction](#introduction) + - [Default accounts](#default-accounts) +- [Deploy with CLI](#deploy-with-cli) + - [Deploy GLPI](#deploy-glpi) + - [Deploy GLPI with existing database](#deploy-glpi-with-existing-database) + - [Deploy GLPI with database and persistence data](#deploy-glpi-with-database-and-persistence-data) + - [Deploy a specific release of GLPI](#deploy-a-specific-release-of-glpi) +- [Deploy with docker-compose](#deploy-with-docker-compose) + - [Deploy without persistence data ( for quickly test )](#deploy-without-persistence-data--for-quickly-test-) + - [Deploy a specific release](#deploy-a-specific-release) + - [Deploy with persistence data](#deploy-with-persistence-data) + - [mariadb.env](#mariadbenv) + - [docker-compose .yml](#docker-compose-yml) +- [Environnment variables](#environnment-variables) + - [TIMEZONE](#timezone) # Introduction -Install and run an GLPI instance with docker. +Install and run an GLPI instance with docker + +## Default accounts + +More info in the 📄[Docs](https://glpi-install.readthedocs.io/en/latest/install/wizard.html#end-of-installation) + +| Login/Password | Role | +|-------------------- |------------------- | +| glpi/glpi | admin account | +| tech/tech | technical account | +| normal/normal | "normal" account | +| post-only/postonly | post-only account | # Deploy with CLI -## Deploy GLPI without database +## Deploy GLPI ```sh -docker run --name glpi -p 80:80 -d diouxx/glpi +docker run --name mariadb -e MARIADB_ROOT_PASSWORD=diouxx -e MARIADB_DATABASE=glpidb -e MARIADB_USER=glpi_user -e MARIADB_PASSWORD=glpi -d mariadb:10.7 +docker run --name glpi --link mariadb:mariadb -p 80:80 -d diouxx/glpi ``` ## Deploy GLPI with existing database ```sh -docker run --name glpi --link yourdatabase:mysql -p 80:80 -d diouxx/glpi +docker run --name glpi --link yourdatabase:mariadb -p 80:80 -d diouxx/glpi ``` -## Deploy GLPI with database and persistance container data +## Deploy GLPI with database and persistence data -For an usage on production environnement or daily usage, it's recommanded to use a data container for persistent data. +For an usage on production environnement or daily usage, it's recommanded to use container with volumes to persistent data. -* First, create data container +* First, create MariaDB container with volume ```sh -docker create --name glpi-data --volume /var/www/html/glpi:/var/www/html/glpi busybox /bin/true +docker run --name mariadb -e MARIADB_ROOT_PASSWORD=diouxx -e MARIADB_DATABASE=glpidb -e MARIADB_USER=glpi_user -e MARIADB_PASSWORD=glpi --volume /var/lib/mysql:/var/lib/mysql -d mariadb:10.7 ``` -* Then, you link your data container with GLPI container +* Then, create GLPI container with volume and link MariaDB container ```sh -docker run --name glpi --hostname glpi --link mysql:mysql --volumes-from glpi-data -p 80:80 -d diouxx/glpi +docker run --name glpi --link mariadb:mariadb --volume /var/www/html/glpi:/var/www/html/glpi -p 80:80 -d diouxx/glpi ``` Enjoy :) ## Deploy a specific release of GLPI Default, docker run will use the latest release of GLPI. -For an usage on production environnement, it's recommanded to use the latest release. +For an usage on production environnement, it's recommanded to set specific release. Here an example for release 9.1.6 : ```sh -docker run --name glpi --hostname glpi --link mysql:mysql --volumes-from glpi-data -p 80:80 --env "VERSION_GLPI=9.1.6" -d diouxx/glpi +docker run --name glpi --hostname glpi --link mariadb:mariadb --volume /var/www/html/glpi:/var/www/html/glpi -p 80:80 --env "VERSION_GLPI=9.1.6" -d diouxx/glpi ``` # Deploy with docker-compose -To deploy with docker compose, you use *docker-compose.yml* and *mysql.env* file. -You can modify **_mysql.env_** to personalize settings like : +## Deploy without persistence data ( for quickly test ) +```yaml +version: "3.8" + +services: +#MariaDB Container + mariadb: + image: mariadb:10.7 + container_name: mariadb + hostname: mariadb + environment: + - MARIADB_ROOT_PASSWORD=password + - MARIADB_DATABASE=glpidb + - MARIADB_USER=glpi_user + - MARIADB_PASSWORD=glpi + +#GLPI Container + glpi: + image: diouxx/glpi + container_name : glpi + hostname: glpi + ports: + - "80:80" +``` + +## Deploy a specific release + +```yaml +version: "3.8" + +services: +#MariaDB Container + mariadb: + image: mariadb:10.7 + container_name: mariadb + hostname: mariadb + environment: + - MARIADB_ROOT_PASSWORD=password + - MARIADB_DATABASE=glpidb + - MARIADB_USER=glpi_user + - MARIADB_PASSWORD=glpi + +#GLPI Container + glpi: + image: diouxx/glpi + container_name : glpi + hostname: glpi + environment: + - VERSION_GLPI=9.5.6 + ports: + - "80:80" +``` + +## Deploy with persistence data + +To deploy with docker compose, you use *docker-compose.yml* and *mariadb.env* file. +You can modify **_mariadb.env_** to personalize settings like : -* MySQL root password +* MariaDB root password * GLPI database * GLPI user database * GLPI user password + +### mariadb.env +``` +MARIADB_ROOT_PASSWORD=diouxx +MARIADB_DATABASE=glpidb +MARIADB_USER=glpi_user +MARIADB_PASSWORD=glpi +``` + +### docker-compose .yml +```yaml +version: "3.2" + +services: +#MariaDB Container + mariadb: + image: mariadb:10.7 + container_name: mariadb + hostname: mariadb + volumes: + - /var/lib/mysql:/var/lib/mysql + env_file: + - ./mariadb.env + restart: always + +#GLPI Container + glpi: + image: diouxx/glpi + container_name : glpi + hostname: glpi + ports: + - "80:80" + volumes: + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /var/www/html/glpi/:/var/www/html/glpi + environment: + - TIMEZONE=Europe/Brussels + restart: always +``` + To deploy, just run the following command on the same directory as files ```sh @@ -78,13 +194,13 @@ If you need to set timezone for Apache and PHP From commande line ```sh -docker run --name glpi --hostname glpi --link mysql:mysql --volumes-from glpi-data -p 80:80 --env "TIMEZONE=Europe/Brussels" -d diouxx/glpi +docker run --name glpi --hostname glpi --link mariadb:mariadb --volumes-from glpi-data -p 80:80 --env "TIMEZONE=Europe/Brussels" -d diouxx/glpi ``` From docker-compose Modify this settings -```yml +```yaml environment: TIMEZONE=Europe/Brussels -``` \ No newline at end of file +``` diff --git a/docker-compose.yml b/docker-compose.yml index 3a5ec77..edd2f30 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,15 +1,16 @@ -version: "3" +version: "3.2" services: -#Mysql Container - mysql: - image: mysql:5.7.23 - container_name: mysql - hostname: mysql +#MariaDB Container + mariadb: + image: mariadb:10.7 + container_name: mariadb + hostname: mariadb volumes: - /var/lib/mysql:/var/lib/mysql env_file: - - ./mysql.env + - ./mariadb.env + restart: always #GLPI Container glpi: @@ -18,12 +19,10 @@ services: hostname: glpi ports: - "80:80" - links: - - mysql:mysql volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - /var/www/html/glpi/:/var/www/html/glpi environment: - TIMEZONE=Europe/Brussels - restart: always \ No newline at end of file + restart: always diff --git a/glpi-start.sh b/glpi-start.sh index 2a74219..0600d63 100644 --- a/glpi-start.sh +++ b/glpi-start.sh @@ -5,11 +5,14 @@ && VERSION_GLPI=$(curl -s https://api.github.com/repos/glpi-project/glpi/releases/latest | grep tag_name | cut -d '"' -f 4) if [[ -z "${TIMEZONE}" ]]; then echo "TIMEZONE is unset"; -else echo "date.timezone = \"$TIMEZONE\"" > /etc/php/7.0/apache2/conf.d/timezone.ini; +else +echo "date.timezone = \"$TIMEZONE\"" > /etc/php/8.3/apache2/conf.d/timezone.ini; +echo "date.timezone = \"$TIMEZONE\"" > /etc/php/8.3/cli/conf.d/timezone.ini; fi -SRC_GLPI=$(curl -s https://api.github.com/repos/glpi-project/glpi/releases/tags/${VERSION_GLPI} | jq .assets[0].browser_download_url | tr -d \") -TAR_GLPI=$(basename ${SRC_GLPI}) +#Enable session.cookie_httponly +sed -i 's,session.cookie_httponly = *\(on\|off\|true\|false\|0\|1\)\?,session.cookie_httponly = on,gi' /etc/php/8.3/apache2/php.ini + FOLDER_GLPI=glpi/ FOLDER_WEB=/var/www/html/ @@ -17,7 +20,7 @@ FOLDER_WEB=/var/www/html/ if !(grep -q "TLS_REQCERT" /etc/ldap/ldap.conf) then echo "TLS_REQCERT isn't present" - echo -e "TLS_REQCERT\tnever" >> /etc/ldap/ldap.conf + echo -e "TLS_REQCERT\tnever" >> /etc/ldap/ldap.conf fi #Téléchargement et extraction des sources de GLPI @@ -25,34 +28,46 @@ if [ "$(ls ${FOLDER_WEB}${FOLDER_GLPI})" ]; then echo "GLPI is already installed" else + SRC_GLPI=$(curl -s https://api.github.com/repos/glpi-project/glpi/releases/tags/${VERSION_GLPI} | jq .assets[0].browser_download_url | tr -d \") + TAR_GLPI=$(basename ${SRC_GLPI}) + wget -P ${FOLDER_WEB} ${SRC_GLPI} tar -xzf ${FOLDER_WEB}${TAR_GLPI} -C ${FOLDER_WEB} rm -Rf ${FOLDER_WEB}${TAR_GLPI} chown -R www-data:www-data ${FOLDER_WEB}${FOLDER_GLPI} fi -#Modification du vhost par défaut -echo -e "\n\tDocumentRoot /var/www/html/glpi\n\n\t\n\t\tAllowOverride All\n\t\tOrder Allow,Deny\n\t\tAllow from all\n\t\n\n\tErrorLog /var/log/apache2/error-glpi.log\n\tLogLevel warn\n\tCustomLog /var/log/apache2/access-glpi.log combined\n" > /etc/apache2/sites-available/000-default.conf +#Adapt the Apache server according to the version of GLPI installed +## Extract local version installed +LOCAL_GLPI_VERSION=$(ls ${FOLDER_WEB}/${FOLDER_GLPI}/version) +## Extract major version number +LOCAL_GLPI_MAJOR_VERSION=$(echo $LOCAL_GLPI_VERSION | cut -d. -f1) +## Remove dots from version string +LOCAL_GLPI_VERSION_NUM=${LOCAL_GLPI_VERSION//./} -#Activation du module rewrite d'apache -a2enmod rewrite && service apache2 restart && service apache2 stop +## Target value is GLPI 1.0.7 +TARGET_GLPI_VERSION="10.0.7" +TARGET_GLPI_VERSION_NUM=${TARGET_GLPI_VERSION//./} +TARGET_GLPI_MAJOR_VERSION=$(echo $TARGET_GLPI_VERSION | cut -d. -f1) -###################### -# CRON CONFIGURATION # -###################### -#Add scheduled task by cron and enable -echo "*/2 * * * * www-data /usr/bin/php /var/www/html/glpi/front/cron.php &>/dev/null" >> /etc/cron.d/glpi +# Compare the numeric value of the version number to the target number +if [[ $LOCAL_GLPI_VERSION_NUM -lt $TARGET_GLPI_VERSION_NUM || $LOCAL_GLPI_MAJOR_VERSION -lt $TARGET_GLPI_MAJOR_VERSION ]]; then + echo -e "\n\tDocumentRoot /var/www/html/glpi\n\n\t\n\t\tAllowOverride All\n\t\tOrder Allow,Deny\n\t\tAllow from all\n\t\n\n\tErrorLog /var/log/apache2/error-glpi.log\n\tLogLevel warn\n\tCustomLog /var/log/apache2/access-glpi.log combined\n" > /etc/apache2/sites-available/000-default.conf +else + set +H + echo -e "\n\tDocumentRoot /var/www/html/glpi/public\n\n\t\n\t\tRequire all granted\n\t\tRewriteEngine On\n\t\tRewriteCond %{REQUEST_FILENAME} !-f\n\t\n\t\tRewriteRule ^(.*)$ index.php [QSA,L]\n\t\n\n\tErrorLog /var/log/apache2/error-glpi.log\n\tLogLevel warn\n\tCustomLog /var/log/apache2/access-glpi.log combined\n" > /etc/apache2/sites-available/000-default.conf +fi +#Add scheduled task by cron and enable +echo "*/2 * * * * www-data /usr/bin/php /var/www/html/glpi/front/cron.php &>/dev/null" > /etc/cron.d/glpi #Start cron service service cron start -###################### -# SNMP CONFIGURATION # -###################### -#Replace Listen localhot SNMP and restart service -sed -ie "s/agentAddress udp:127.0.0.1:161/agentAdrress udp:161/g" /etc/snmp/snmpd.conf +#Activation du module rewrite d'apache +a2enmod rewrite && service apache2 restart && service apache2 stop -service snmpd restart +#Fix to really stop apache +pkill -9 apache #Lancement du service apache au premier plan /usr/sbin/apache2ctl -D FOREGROUND diff --git a/mariadb.env b/mariadb.env new file mode 100644 index 0000000..43cb75a --- /dev/null +++ b/mariadb.env @@ -0,0 +1,4 @@ +MARIADB_ROOT_PASSWORD=diouxx +MARIADB_DATABASE=glpidb +MARIADB_USER=glpi_user +MARIADB_PASSWORD=glpi \ No newline at end of file diff --git a/mysql.env b/mysql.env deleted file mode 100644 index 8862982..0000000 --- a/mysql.env +++ /dev/null @@ -1,4 +0,0 @@ -MYSQL_ROOT_PASSWORD=diouxx -MYSQL_DATABASE=glpidb -MYSQL_USER=glpi_user -MYSQL_PASSWORD=glpi