mykitserver/docker-limesurvey
1
0
Fork 0
mirror of https://github.com/mykitserver/docker-limesurvey.git synced 2025-12-06 16:39:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #156 from martialblog/feature/file-env

Browse Source 
Add support for secrets in files
This commit is contained in:
Markus Opolka
2023-07-11 08:29:36 +02:00
committed by GitHub
parent ecb0c6b188 749137e69c
commit b281762fd1
7 changed files with 168 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
5.0/apache/entrypoint.sh
View File

@@ -1,6 +1,23 @@
#!/bin/bash
# Entrypoint for Docker Container
file_env() {
local v="$1"
local fv="${v}_FILE"
local default="${2:-}"
if [ "${!v:-}" ] && [ "${!fv:-}" ]; then
echo >&2 "$v and $fv are exclusive"
exit 1
fi
local val="$default"
if [ "${!v:-}" ]; then
val="${!v}"
elif [ "${!fv:-}" ]; then
val="$(< "${!fv}")"
fi
export "$v"="$val"
unset "$fv"
}
DB_TYPE=${DB_TYPE:-'mysql'}
DB_HOST=${DB_HOST:-'mysql'}
@@ -9,19 +26,19 @@ DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
file_env 'DB_PASSWORD'
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
file_env 'ENCRYPT_KEYPAIR'
file_env 'ENCRYPT_PUBLIC_KEY'
file_env 'ENCRYPT_SECRET_KEY'
file_env 'ENCRYPT_NONCE'
file_env 'ENCRYPT_SECRET_BOX_KEY'
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
file_env 'ADMIN_PASSWORD'
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
@@ -35,12 +52,12 @@ DEBUG_SQL=${DEBUG_SQL:-0}
LISTEN_PORT=${LISTEN_PORT:-"8080"}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
echo >&2 'Error: Missing DB_PASSWORD or DB_PASSWORD_FILE'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
echo >&2 'Error: Missing ADMIN_PASSWORD or ADMIN_PASSWORD_FILE'
exit 1
fi

35
5.0/fpm-alpine/entrypoint.sh
View File

@@ -1,6 +1,23 @@
#!/bin/bash
# Entrypoint for Docker Container
file_env() {
local v="$1"
local fv="${v}_FILE"
local default="${2:-}"
if [ "${!v:-}" ] && [ "${!fv:-}" ]; then
echo >&2 "$v and $fv are exclusive"
exit 1
fi
local val="$default"
if [ "${!v:-}" ]; then
val="${!v}"
elif [ "${!fv:-}" ]; then
val="$(< "${!fv}")"
fi
export "$v"="$val"
unset "$fv"
}
DB_TYPE=${DB_TYPE:-'mysql'}
DB_HOST=${DB_HOST:-'mysql'}
@@ -9,19 +26,19 @@ DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
file_env 'DB_PASSWORD'
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
file_env 'ENCRYPT_KEYPAIR'
file_env 'ENCRYPT_PUBLIC_KEY'
file_env 'ENCRYPT_SECRET_KEY'
file_env 'ENCRYPT_NONCE'
file_env 'ENCRYPT_SECRET_BOX_KEY'
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
file_env 'ADMIN_PASSWORD'
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
@@ -33,12 +50,12 @@ DEBUG=${DEBUG:-0}
DEBUG_SQL=${DEBUG_SQL:-0}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
echo >&2 'Error: Missing DB_PASSWORD or DB_PASSWORD_FILE'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
echo >&2 'Error: Missing ADMIN_PASSWORD or ADMIN_PASSWORD_FILE'
exit 1
fi

35
5.0/fpm/entrypoint.sh
View File

@@ -1,6 +1,23 @@
#!/bin/bash
# Entrypoint for Docker Container
file_env() {
local v="$1"
local fv="${v}_FILE"
local default="${2:-}"
if [ "${!v:-}" ] && [ "${!fv:-}" ]; then
echo >&2 "$v and $fv are exclusive"
exit 1
fi
local val="$default"
if [ "${!v:-}" ]; then
val="${!v}"
elif [ "${!fv:-}" ]; then
val="$(< "${!fv}")"
fi
export "$v"="$val"
unset "$fv"
}
DB_TYPE=${DB_TYPE:-'mysql'}
DB_HOST=${DB_HOST:-'mysql'}
@@ -9,19 +26,19 @@ DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
file_env 'DB_PASSWORD'
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
file_env 'ENCRYPT_KEYPAIR'
file_env 'ENCRYPT_PUBLIC_KEY'
file_env 'ENCRYPT_SECRET_KEY'
file_env 'ENCRYPT_NONCE'
file_env 'ENCRYPT_SECRET_BOX_KEY'
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
file_env 'ADMIN_PASSWORD'
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
@@ -33,12 +50,12 @@ DEBUG=${DEBUG:-0}
DEBUG_SQL=${DEBUG_SQL:-0}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
echo >&2 'Error: Missing DB_PASSWORD or DB_PASSWORD_FILE'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
echo >&2 'Error: Missing ADMIN_PASSWORD or ADMIN_PASSWORD_FILE'
exit 1
fi

35
6.0/apache/entrypoint.sh
View File

@@ -1,6 +1,23 @@
#!/bin/bash
# Entrypoint for Docker Container
file_env() {
local v="$1"
local fv="${v}_FILE"
local default="${2:-}"
if [ "${!v:-}" ] && [ "${!fv:-}" ]; then
echo >&2 "$v and $fv are exclusive"
exit 1
fi
local val="$default"
if [ "${!v:-}" ]; then
val="${!v}"
elif [ "${!fv:-}" ]; then
val="$(< "${!fv}")"
fi
export "$v"="$val"
unset "$fv"
}
DB_TYPE=${DB_TYPE:-'mysql'}
DB_HOST=${DB_HOST:-'mysql'}
@@ -9,19 +26,19 @@ DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
file_env 'DB_PASSWORD'
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
file_env 'ENCRYPT_KEYPAIR'
file_env 'ENCRYPT_PUBLIC_KEY'
file_env 'ENCRYPT_SECRET_KEY'
file_env 'ENCRYPT_NONCE'
file_env 'ENCRYPT_SECRET_BOX_KEY'
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
file_env 'ADMIN_PASSWORD'
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
@@ -35,12 +52,12 @@ DEBUG_SQL=${DEBUG_SQL:-0}
LISTEN_PORT=${LISTEN_PORT:-"8080"}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
echo >&2 'Error: Missing DB_PASSWORD or DB_PASSWORD_FILE'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
echo >&2 'Error: Missing ADMIN_PASSWORD or ADMIN_PASSWORD_FILE'
exit 1
fi

35
6.0/fpm-alpine/entrypoint.sh
View File

@@ -1,6 +1,23 @@
#!/bin/bash
# Entrypoint for Docker Container
file_env() {
local v="$1"
local fv="${v}_FILE"
local default="${2:-}"
if [ "${!v:-}" ] && [ "${!fv:-}" ]; then
echo >&2 "$v and $fv are exclusive"
exit 1
fi
local val="$default"
if [ "${!v:-}" ]; then
val="${!v}"
elif [ "${!fv:-}" ]; then
val="$(< "${!fv}")"
fi
export "$v"="$val"
unset "$fv"
}
DB_TYPE=${DB_TYPE:-'mysql'}
DB_HOST=${DB_HOST:-'mysql'}
@@ -9,19 +26,19 @@ DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
file_env 'DB_PASSWORD'
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
file_env 'ENCRYPT_KEYPAIR'
file_env 'ENCRYPT_PUBLIC_KEY'
file_env 'ENCRYPT_SECRET_KEY'
file_env 'ENCRYPT_NONCE'
file_env 'ENCRYPT_SECRET_BOX_KEY'
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
file_env 'ADMIN_PASSWORD'
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
@@ -33,12 +50,12 @@ DEBUG=${DEBUG:-0}
DEBUG_SQL=${DEBUG_SQL:-0}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
echo >&2 'Error: Missing DB_PASSWORD or DB_PASSWORD_FILE'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
echo >&2 'Error: Missing ADMIN_PASSWORD or ADMIN_PASSWORD_FILE'
exit 1
fi

35
6.0/fpm/entrypoint.sh
View File

@@ -1,6 +1,23 @@
#!/bin/bash
# Entrypoint for Docker Container
file_env() {
local v="$1"
local fv="${v}_FILE"
local default="${2:-}"
if [ "${!v:-}" ] && [ "${!fv:-}" ]; then
echo >&2 "$v and $fv are exclusive"
exit 1
fi
local val="$default"
if [ "${!v:-}" ]; then
val="${!v}"
elif [ "${!fv:-}" ]; then
val="$(< "${!fv}")"
fi
export "$v"="$val"
unset "$fv"
}
DB_TYPE=${DB_TYPE:-'mysql'}
DB_HOST=${DB_HOST:-'mysql'}
@@ -9,19 +26,19 @@ DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
file_env 'DB_PASSWORD'
ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
file_env 'ENCRYPT_KEYPAIR'
file_env 'ENCRYPT_PUBLIC_KEY'
file_env 'ENCRYPT_SECRET_KEY'
file_env 'ENCRYPT_NONCE'
file_env 'ENCRYPT_SECRET_BOX_KEY'
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
file_env 'ADMIN_PASSWORD'
BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
@@ -33,12 +50,12 @@ DEBUG=${DEBUG:-0}
DEBUG_SQL=${DEBUG_SQL:-0}
if [ -z "$DB_PASSWORD" ]; then
echo >&2 'Error: Missing DB_PASSWORD'
echo >&2 'Error: Missing DB_PASSWORD or DB_PASSWORD_FILE'
exit 1
fi
if [ -z "$ADMIN_PASSWORD" ]; then
echo >&2 'Error: Missing ADMIN_PASSWORD'
echo >&2 'Error: Missing ADMIN_PASSWORD or ADMIN_PASSWORD_FILE'
exit 1
fi

12
README.md
View File

@@ -133,6 +133,18 @@ If you are running LimeSurvey behind a Reverse Proxy you might need some additio
| ENCRYPT_SECRET_BOX_KEY | Data encryption secret box key (used in 5.0 and higher) |
| LISTEN_PORT | Apache: Listen port. Default: 8080 |
Sensitive information can also be passed `_FILE` to the following environment variables to load the values from the given file path. Example `DB_PASSWORD_FILE=/run/secrets/db_password`.
```
DB_PASSWORD_FILE
ADMIN_PASSWORD_FILE
ENCRYPT_KEYPAIR_FILE
ENCRYPT_PUBLIC_KEY_FILE
ENCRYPT_SECRET_KEY_FILE
ENCRYPT_NONCE_FILE
ENCRYPT_SECRET_BOX_KEY_FILE
```
For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings
# Running LimeSurvey with docker-compose