diff --git a/Dockerfile b/Dockerfile index 5bbdb9b..bb07311 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,10 @@ COPY *.ini /usr/local/etc/php/conf.d/ RUN ln -sf tinyfilemanager.php index.php -CMD [ "php", "-S", "[::]:8080", "-t", "/var/www/html" ] +RUN mkdir /certs +COPY startup.sh / + +CMD [ "sh", "/startup.sh" ] EXPOSE 8080 diff --git a/Dockerfile.debug b/Dockerfile.debug index 20fa336..f563467 100644 --- a/Dockerfile.debug +++ b/Dockerfile.debug @@ -29,6 +29,9 @@ COPY debug-files/* /var/www/html/ RUN ln -sf tinyfilemanager.php index.php -CMD [ "php", "-S", "[::]:8080", "-t", "/var/www/html" ] +RUN mkdir /certs +COPY startup.sh / + +CMD [ "sh", "/startup.sh" ] EXPOSE 8080 diff --git a/README-docker.md b/README-docker.md index c9ff24c..372f934 100644 --- a/README-docker.md +++ b/README-docker.md @@ -55,7 +55,7 @@ Then the secret will be read from `filemanager.admin_pass` secret. With docker: ``` docker run -it -p 8111:8080 -v /opt:/opt -e ADMIN_USER=admin -e ADMIN_PASS=password -e ROOT_FS=/opt/ \ - -e SYSLOG_SERVER=192.168.1.131 -e SYSLOG_PORT=1514 -e SYSLOG_PROTO=udp -e SYSLOG_JSON=1 jpralvesatdocker/tinyfilemanager:2.5.2.1 + -e SYSLOG_SERVER=192.168.1.131 -e SYSLOG_PORT=1514 -e SYSLOG_PROTO=udp -e SYSLOG_JSON=1 jpralvesatdocker/tinyfilemanager:2.5.2.3 ``` With docker-compose: @@ -76,7 +76,7 @@ services: - SYSLOG_PORT=1514 - SYSLOG_PROTO=udp - SYSLOG_JSON=1 - image: jpralvesatdocker/tinyfilemanager:2.5.2.1 + image: jpralvesatdocker/tinyfilemanager:2.5.2.3 ``` ## Building images @@ -87,7 +87,7 @@ docker build . -t jpralvesatdocker/tinyfilemanager:latest docker build --build-arg RUNUSER=tinyuser . -t jpralvesatdocker/tinyfilemanager:latest-user ``` -## Adding custom CA certificate to image +## Adding custom CA certificate to image (Option 1) The trusted CA file is the one provided by alpine distro and it is located in `/etc/ssl/certs/ca-certificates.crt`. Replacing this file with a copy of it with the self-signed certificate of the custom CA appended at the end works. @@ -106,5 +106,27 @@ services: - ADMIN_USER=admin - ADMIN_PASS=pass - ROOT_FS=/opt - image: jpralvesatdocker/tinyfilemanager:2.5.2.1 + image: jpralvesatdocker/tinyfilemanager:2.5.2.3 +``` + +## Importing custom CA certs (Option 2) + +With the base image (running with root) it is possible to import custom CAs to the trusted store. +The files with extension .pem or .crt are imported when container starts. + +``` +version: '3.3' + +services: + tinyfilemanager: + ports: + - '8111:8080' + volumes: + - '/opt:/opt' + - './certs/my-custom-cert.crt:/certs/my-custom-cert.crt' + environment: + - ADMIN_USER=admin + - ADMIN_PASS=pass + - ROOT_FS=/opt + image: jpralvesatdocker/tinyfilemanager:2.5.2.3 ``` diff --git a/README.md b/README.md index 1a35776..33f4ffb 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ I give credit to the original author but added the following enhancements: - Docker images ready to be used. More instructions on this [document](README-docker.md). - Ability to change owner of files and folders (Root run image) -- Added dynamic user variables to be used in docker images +- Added dynamic user variables to be used in docker images (with file contents) - Updated external JS/CSS libraries to latest versions - Show binary files in HEX dump format - Support for webp images diff --git a/startup.sh b/startup.sh new file mode 100644 index 0000000..3241924 --- /dev/null +++ b/startup.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if [ "$(id -u)" -eq 0 ]; then + update=0 + for f in /certs/*.pem /certs/*.crt; do + if [ -f "$f" ]; then + bn=$(basename "$f") + update=1 + echo "import cert file ${bn}" + cp "$f" "/usr/local/share/ca-certificates/${bn}.crt" + fi + done + if [ "${update}" = "1" ]; then + update-ca-certificates + fi +else + echo "User cannot import certs." +fi + +exec php -S '[::]:8080' -t /var/www/html diff --git a/tinyfilemanager.php b/tinyfilemanager.php index 6a8b24b..4bbbbfc 100644 --- a/tinyfilemanager.php +++ b/tinyfilemanager.php @@ -16,7 +16,7 @@ $CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols": */ //TFM version -define('VERSION', '2.5.2.2'); +define('VERSION', '2.5.2.3'); //Application Title define('APP_TITLE', 'Tiny File Manager');