tinyfilemanager/README-docker.md

# tinyfilemanager

These docker images are the [tinyfilemanager](https://github.com/jpralves/tinyfilemanager) versions.
The original work of tinyfilemanager is from this [site](https://tinyfilemanager.github.io/)

There are two versions of the images:
- tinyfilemanager:VERSION - With the chown capability (php is run with root)
- tinyfilemanager:VERSION-user - php is run under a non-privileged user

There are two additional images, not published, tinyfilemanager:debug and tinyfilemanager:debug-user for debugging purposes.

## Options
- ADMIN_USER - (optional) The username of the admin user
- ADMIN_PASS - (optional) The password (This can be in clear-text or in the encrypted format)
- RO_USER - (optional) The username of the read/only user
- RO_PASS - (optional) The password (This can be in clear-text or in the encrypted format)
- ROOT_FS - (optional) The base of the viewed filesystem
- THEME - (optional) Set the default theme (light/dark)

### Syslog Specific
- SYSLOG_SERVER - Syslog server to send auditing messages
- SYSLOG_PROTO - (optional) Protocol (tcp/udp) for syslog server (default: udp)
- SYSLOG_PORT - (optional) Port for syslog server (default: 514)
- SYSLOG_JSON - (optional) Format messages in json format
- SYSLOG_FACILITY - (optional) Facility to use (default: 13)

### LDAP Specific
- LDAP_URL - URL to LDAP server (ldap://server:port)
- LDAP_BASE_SEARCH - Filter for LDAP search (dc=example,dc=org)
- LDAP_DOMAIN - (optional) LDAP domain prefix for authentication (ex: example)
- LDAP_ADMIN_GROUPS - (optional) LDAP admin groups to match separated by ';' (ex: CN=tinyfilemanager-admins,OU=GROUPS,DC=example,DC=org)
- LDAP_USER_GROUPS - (optional) LDAP user groups to match separated by ';' (ex: CN=tinyfilemanager-users,OU=GROUPS,DC=example,DC=org)
- LDAP_FILTER - (optional) - LDAP authentication attribute (default: "(|(sAMAccountName=%s)(UserPrincipalName=%s))")

For LDAP use the following Environment variables must be defined:
- LDAP_URL
- LDAP_BASE_SEARCH

If you want to use username without domain also define LDAP_DOMAIN (Users will be LDAP_DOMAIN \ username)
If you want to have admin users please define group or groups to match separated by ";"
If LDAP_ADMIN_GROUPS or LDAP_USER_GROUPS are not defined all authenticated users will be accepted as users.
If LDAP_USER_GROUPS is defined all authenticated users must belong to one of the groups in this list.

## Secrets/File support

Additionally the values used can be read from files appending _FILENAME to the environment variable.
Example:
```
ADMIN_PASS_FILENAME=/run/secrets/tinyfilemanager.admin_pass
```
Then the secret will be read from `filemanager.admin_pass` secret.

## Sample execution

With docker:
```
docker run -it -p 8111:8080 -v /opt:/opt -e ADMIN_USER=admin -e ADMIN_PASS=password -e ROOT_FS=/opt/ \
               -e SYSLOG_SERVER=192.168.1.131 -e SYSLOG_PORT=1514 -e SYSLOG_PROTO=udp -e SYSLOG_JSON=1 jpralvesatdocker/tinyfilemanager:2.5.2.1
```

With docker-compose:
```
version: '3.3'

services:
    tinyfilemanager:
        ports:
            - '8111:8080'
        volumes:
            - '/opt:/opt'
        environment:
            - ADMIN_USER=admin
            - ADMIN_PASS=pass
            - ROOT_FS=/opt
            - SYSLOG_SERVER=192.168.1.131
            - SYSLOG_PORT=1514
            - SYSLOG_PROTO=udp
            - SYSLOG_JSON=1
        image: jpralvesatdocker/tinyfilemanager:2.5.2.1
```

## Building images
```
git clone https://github.com/jpralves/tinyfilemanager
cd tinyfilemanager
docker build . -t jpralvesatdocker/tinyfilemanager:latest
docker build --build-arg RUNUSER=tinyuser . -t jpralvesatdocker/tinyfilemanager:latest-user
```

## Adding custom CA certificate to image

The trusted CA file is the one provided by alpine distro and it is located in `/etc/ssl/certs/ca-certificates.crt`.
Replacing this file with a copy of it with the self-signed certificate of the custom CA appended at the end works.

```
version: '3.3'

services:
    tinyfilemanager:
        ports:
            - '8111:8080'
        volumes:
            - '/opt:/opt'
            - './new-ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt'
        environment:
            - ADMIN_USER=admin
            - ADMIN_PASS=pass
            - ROOT_FS=/opt
        image: jpralvesatdocker/tinyfilemanager:2.5.2.1
```
Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00			`# tinyfilemanager`

			`These docker images are the [tinyfilemanager](https://github.com/jpralves/tinyfilemanager) versions.`
			`The original work of tinyfilemanager is from this [site](https://tinyfilemanager.github.io/)`

			`There are two versions of the images:`
Fixed some documentation. 2021-05-20 16:32:03 +02:00			`- tinyfilemanager:VERSION - With the chown capability (php is run with root)`
			`- tinyfilemanager:VERSION-user - php is run under a non-privileged user`
Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00
Fixed problems in creating docker containers with new version of php Added debugging docker images Added a build script Fixed problem with large file uploads Merged updates from tinyfilemanager 2.5.2 2023-12-06 18:15:13 +01:00			`There are two additional images, not published, tinyfilemanager:debug and tinyfilemanager:debug-user for debugging purposes.`

Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00			`## Options`
			`- ADMIN_USER - (optional) The username of the admin user`
			`- ADMIN_PASS - (optional) The password (This can be in clear-text or in the encrypted format)`
			`- RO_USER - (optional) The username of the read/only user`
			`- RO_PASS - (optional) The password (This can be in clear-text or in the encrypted format)`
			`- ROOT_FS - (optional) The base of the viewed filesystem`
Added list of changes in the version. Added specific information about configuring docker images. 2021-05-20 15:35:19 +02:00			`- THEME - (optional) Set the default theme (light/dark)`

			`### Syslog Specific`
			`- SYSLOG_SERVER - Syslog server to send auditing messages`
			`- SYSLOG_PROTO - (optional) Protocol (tcp/udp) for syslog server (default: udp)`
			`- SYSLOG_PORT - (optional) Port for syslog server (default: 514)`
			`- SYSLOG_JSON - (optional) Format messages in json format`
			`- SYSLOG_FACILITY - (optional) Facility to use (default: 13)`

			`### LDAP Specific`
			`- LDAP_URL - URL to LDAP server (ldap://server:port)`
			`- LDAP_BASE_SEARCH - Filter for LDAP search (dc=example,dc=org)`
			`- LDAP_DOMAIN - (optional) LDAP domain prefix for authentication (ex: example)`
			`- LDAP_ADMIN_GROUPS - (optional) LDAP admin groups to match separated by ';' (ex: CN=tinyfilemanager-admins,OU=GROUPS,DC=example,DC=org)`
			`- LDAP_USER_GROUPS - (optional) LDAP user groups to match separated by ';' (ex: CN=tinyfilemanager-users,OU=GROUPS,DC=example,DC=org)`
			`- LDAP_FILTER - (optional) - LDAP authentication attribute (default: "(\|(sAMAccountName=%s)(UserPrincipalName=%s))")`

			`For LDAP use the following Environment variables must be defined:`
			`- LDAP_URL`
			`- LDAP_BASE_SEARCH`

			`If you want to use username without domain also define LDAP_DOMAIN (Users will be LDAP_DOMAIN \ username)`
			`If you want to have admin users please define group or groups to match separated by ";"`
			`If LDAP_ADMIN_GROUPS or LDAP_USER_GROUPS are not defined all authenticated users will be accepted as users.`
			`If LDAP_USER_GROUPS is defined all authenticated users must belong to one of the groups in this list.`
Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00
Added environment variables read from files (secrets). Updated base image to php 8.2.13/apline3.18 2023-12-11 17:47:41 +01:00			`## Secrets/File support`

			`Additionally the values used can be read from files appending _FILENAME to the environment variable.`
			`Example:`
			```
			`ADMIN_PASS_FILENAME=/run/secrets/tinyfilemanager.admin_pass`
			```
			Then the secret will be read from `filemanager.admin_pass` secret.

Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00			`## Sample execution`

			`With docker:`
			```
Fixed problems in creating docker containers with new version of php Added debugging docker images Added a build script Fixed problem with large file uploads Merged updates from tinyfilemanager 2.5.2 2023-12-06 18:15:13 +01:00			`docker run -it -p 8111:8080 -v /opt:/opt -e ADMIN_USER=admin -e ADMIN_PASS=password -e ROOT_FS=/opt/ \`
			`-e SYSLOG_SERVER=192.168.1.131 -e SYSLOG_PORT=1514 -e SYSLOG_PROTO=udp -e SYSLOG_JSON=1 jpralvesatdocker/tinyfilemanager:2.5.2.1`
Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00			```

			`With docker-compose:`
			```
			`version: '3.3'`

			`services:`
			`tinyfilemanager:`
			`ports:`
			`- '8111:8080'`
			`volumes:`
			`- '/opt:/opt'`
			`environment:`
			`- ADMIN_USER=admin`
			`- ADMIN_PASS=pass`
			`- ROOT_FS=/opt`
Fixed problems in creating docker containers with new version of php Added debugging docker images Added a build script Fixed problem with large file uploads Merged updates from tinyfilemanager 2.5.2 2023-12-06 18:15:13 +01:00			`- SYSLOG_SERVER=192.168.1.131`
			`- SYSLOG_PORT=1514`
			`- SYSLOG_PROTO=udp`
			`- SYSLOG_JSON=1`
			`image: jpralvesatdocker/tinyfilemanager:2.5.2.1`
Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00			```

			`## Building images`
			```
			`git clone https://github.com/jpralves/tinyfilemanager`
			`cd tinyfilemanager`
Added list of changes in the version. Added specific information about configuring docker images. 2021-05-20 15:35:19 +02:00			`docker build . -t jpralvesatdocker/tinyfilemanager:latest`
Fixed some documentation. 2021-05-20 16:32:03 +02:00			`docker build --build-arg RUNUSER=tinyuser . -t jpralvesatdocker/tinyfilemanager:latest-user`
Added docker information. Added docker-compose. 2021-03-25 00:41:18 +01:00			```

Fixed problems in creating docker containers with new version of php Added debugging docker images Added a build script Fixed problem with large file uploads Merged updates from tinyfilemanager 2.5.2 2023-12-06 18:15:13 +01:00			`## Adding custom CA certificate to image`

			The trusted CA file is the one provided by alpine distro and it is located in `/etc/ssl/certs/ca-certificates.crt`.
			`Replacing this file with a copy of it with the self-signed certificate of the custom CA appended at the end works.`

			```
			`version: '3.3'`

			`services:`
			`tinyfilemanager:`
			`ports:`
			`- '8111:8080'`
			`volumes:`
			`- '/opt:/opt'`
			`- './new-ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt'`
			`environment:`
			`- ADMIN_USER=admin`
			`- ADMIN_PASS=pass`
			`- ROOT_FS=/opt`
			`image: jpralvesatdocker/tinyfilemanager:2.5.2.1`
			```