From 3ff7da7e8e123b986975dfe8d278a9de05fb271f Mon Sep 17 00:00:00 2001
From: Hardware <contact@meshup.net>
Date: Sun, 25 Sep 2016 11:22:48 +0200
Subject: [PATCH] fix(): no root processes

---
 Dockerfile             | 69 ++++++++++++++++++++-------------------
 composer               | 10 +++---
 nginx.conf             | 73 ++++++++++++++++++++++--------------------
 php-fpm.conf           |  6 +---
 startup => run.sh      | 20 +++++++-----
 s6.d/.s6-svscan/finish |  2 ++
 s6.d/nginx/run         |  2 ++
 s6.d/php/run           |  2 ++
 supervisord.conf       | 10 ------
 9 files changed, 98 insertions(+), 96 deletions(-)
 rename startup => run.sh (87%)
 create mode 100644 s6.d/.s6-svscan/finish
 create mode 100644 s6.d/nginx/run
 create mode 100644 s6.d/php/run
 delete mode 100644 supervisord.conf

diff --git a/Dockerfile b/Dockerfile
index 365e58f..a389459 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM xataz/alpine:3.4
+FROM alpine:3.4
 MAINTAINER xataz <https://github.com/xataz>
 MAINTAINER hardware <https://github.com/hardware>
 
@@ -7,44 +7,47 @@ ARG VERSION=v0.1.0-beta.5
 ENV GID=991 UID=991
 
 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
-    && apk --no-cache add nginx \
-      curl \
-      supervisor \
-      mariadb-client \
-      php7-phar@commuedge \
-      php7-fpm@commuedge \
-      php7-curl@commuedge \
-      php7-mbstring@commuedge \
-      php7-openssl@commuedge \
-      php7-json@commuedge \
-      php7-pdo_mysql@commuedge \
-      php7-gd@commuedge \
-      php7-dom@commuedge \
-      php7-ctype@commuedge \
-      php7-session@commuedge \
-      php7-opcache@commuedge \
-    && cd /tmp \
-    && ln -s /usr/bin/php7 /usr/bin/php \
-    && curl -s http://getcomposer.org/installer | php \
-    && mv /tmp/composer.phar /usr/bin/composer \
-    && chmod +x /usr/bin/composer \
-    && mkdir -p /flarum/app \
-    && addgroup -g ${GID} flarum && adduser -h /flarum -s /bin/sh -D -G flarum -u ${UID} flarum \
-    && chown -R flarum:flarum /flarum \
-    && su-exec flarum:flarum composer create-project flarum/flarum /flarum/app $VERSION --stability=beta \
-    && composer clear-cache \
-    && rm -rf /flarum/.composer /var/cache/apk/*
+ && apk -U add \
+    nginx \
+    s6 \
+    su-exec \
+    curl \
+    mariadb-client \
+    php7-phar@commuedge \
+    php7-fpm@commuedge \
+    php7-curl@commuedge \
+    php7-mbstring@commuedge \
+    php7-openssl@commuedge \
+    php7-json@commuedge \
+    php7-pdo_mysql@commuedge \
+    php7-gd@commuedge \
+    php7-dom@commuedge \
+    php7-ctype@commuedge \
+    php7-session@commuedge \
+    php7-opcache@commuedge \
+ && cd /tmp \
+ && ln -s /usr/bin/php7 /usr/bin/php \
+ && curl -s http://getcomposer.org/installer | php \
+ && mv /tmp/composer.phar /usr/bin/composer \
+ && chmod +x /usr/bin/composer \
+ && mkdir -p /flarum/app \
+ && chown -R $UID:$GID /flarum \
+ && su-exec $UID:$GID composer create-project flarum/flarum /flarum/app $VERSION --stability=beta \
+ && composer clear-cache \
+ && rm -rf /flarum/.composer /var/cache/apk/*
 
 COPY config.sql /flarum/app/config.sql
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY php-fpm.conf /etc/php7/php-fpm.conf
 COPY opcache.ini /etc/php7/conf.d/00_opcache.ini
-COPY supervisord.conf /etc/supervisor/supervisord.conf
-COPY startup /usr/local/bin/startup
 COPY composer /usr/local/bin/composeur
+COPY s6.d /etc/s6.d
+COPY run.sh /usr/local/bin/run.sh
 
-RUN chmod +x /usr/local/bin/*
+RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
 
 VOLUME /flarum/app/assets
-EXPOSE 8080
-CMD ["/usr/bin/tini","--","startup"]
+
+EXPOSE 8888
+
+CMD ["run.sh"]
diff --git a/composer b/composer
index df35351..3eb0b2e 100644
--- a/composer
+++ b/composer
@@ -20,13 +20,13 @@ package=$2
 cd /flarum/app
 
 # Create custom extensions cache folder and list file
-su-exec flarum:flarum mkdir -p "$CACHE_DIR"
-su-exec flarum:flarum touch "$LIST_FILE"
+su-exec $UID:$GID mkdir -p "$CACHE_DIR"
+su-exec $UID:$GID touch "$LIST_FILE"
 
 case "$action" in
   # Install a flarum extension
   "require")
-    COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec flarum:flarum composer require "$package"
+    COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec $UID:$GID composer require "$package"
     if [ $? -eq 0 ]; then
       echo "$package" >> "$LIST_FILE"
       echo -e "\n${CGREEN}${package} added to flarum.${CEND}"
@@ -38,7 +38,7 @@ case "$action" in
     ;;
   # Remove a flarum extension
   "remove")
-    COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec flarum:flarum composer remove "$package"
+    COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec $UID:$GID composer remove "$package"
     if [ $? -eq 0 ]; then
       sed -i "\|${package}|d" "$LIST_FILE"
       echo -e "\n${CGREEN}${package} removed from flarum${CEND}"
@@ -51,7 +51,7 @@ case "$action" in
     ;;
   # Other composer action
   *)
-    COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec flarum:flarum composer "$@"
+    COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec $UID:$GID composer "$@"
     ;;
 esac
 
diff --git a/nginx.conf b/nginx.conf
index 41c6d7e..5cc6e28 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,5 @@
-user flarum;
 worker_processes auto;
-pid /var/run/nginx.pid;
+pid /tmp/nginx.pid;
 daemon off;
 
 events {
@@ -9,11 +8,12 @@ events {
 }
 
 http {
+
   include /etc/nginx/mime.types;
-  default_type  application/octet-stream;
+  default_type application/octet-stream;
 
   access_log off;
-  error_log /var/log/nginx/error.log error;
+  error_log /tmp/ngx_error.log error;
 
   sendfile on;
   keepalive_timeout 15;
@@ -23,6 +23,12 @@ http {
   tcp_nodelay on;
   server_tokens off;
 
+  fastcgi_temp_path /tmp/fastcgi 1 2;
+  client_body_temp_path /tmp/client_body 1 2;
+  proxy_temp_path /tmp/proxy 1 2;
+  uwsgi_temp_path /tmp/uwsgi 1 2;
+  scgi_temp_path /tmp/scgi 1 2;
+
   gzip on;
   gzip_comp_level 5;
   gzip_min_length 512;
@@ -47,56 +53,53 @@ http {
     image/svg+xml;
 
   server {
-    listen 8080;
+
+    listen 8888;
     root /flarum/app;
     index index.php;
+    charset utf-8;
     client_max_body_size 50M;
 
-    access_log /var/log/nginx/access.log;
-    error_log  /var/log/nginx/error.log error;
-    charset utf-8;
-
     location / {
-        try_files $uri $uri/ /index.php?$query_string;
+      try_files $uri $uri/ /index.php?$query_string;
     }
 
     location /api {
-        try_files $uri $uri/ /api.php?$query_string;
+      try_files $uri $uri/ /api.php?$query_string;
     }
 
     location /admin {
-        try_files $uri $uri/ /admin.php?$query_string;
+      try_files $uri $uri/ /admin.php?$query_string;
     }
 
     location /flarum {
-        deny all;
-        return 404;
-    }
-
-    location ~* \.html$ {
-        expires -1;
-    }
-
-    location ~* \.(css|js|gif|jpe?g|png)$ {
-        expires 1M;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
-    }
-
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass unix:/var/run/php-fpm.sock;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
+      deny all;
+      return 404;
     }
 
     location ~ /\.ht {
         deny all;
     }
+
+    location ~* \.html$ {
+      expires -1;
+    }
+
+    location ~* \.(css|js|gif|jpe?g|png)$ {
+      expires 1M;
+      add_header Pragma public;
+      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    }
+
+    location ~* \.php$ {
+      fastcgi_split_path_info ^(.+.php)(/.+)$;
+      fastcgi_pass unix:/tmp/php-fpm.sock;
+      include fastcgi_params;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_param HTTP_PROXY "";
+      fastcgi_index index.php;
+    }
+
   }
 
 }
diff --git a/php-fpm.conf b/php-fpm.conf
index 0aa738a..21c43ac 100644
--- a/php-fpm.conf
+++ b/php-fpm.conf
@@ -2,11 +2,7 @@
 daemonize = no
 
 [www]
-user = flarum
-group = flarum
-listen = /var/run/php-fpm.sock
-listen.owner = flarum
-listen.group = flarum
+listen = /tmp/php-fpm.sock
 pm = dynamic
 pm.max_children = 5
 pm.start_servers = 2
diff --git a/startup b/run.sh
similarity index 87%
rename from startup
rename to run.sh
index 5823384..98e3a32 100644
--- a/startup
+++ b/run.sh
@@ -23,6 +23,9 @@ if [ -z "$FORUM_URL" ]; then
   exit 1
 fi
 
+# Set permissions
+chown -R $UID:$GID /flarum /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
+
 cd /flarum/app/
 
 # Installation settings
@@ -44,12 +47,11 @@ EOF
 sed -i -e 's|InfoCommand::class,||g' \
        -e "s|\['config' => \$app->make('flarum.config')\]|['config' => \$app->isInstalled() ? \$app->make('flarum.config') : []]|g" vendor/flarum/core/src/Console/Server.php
 
-# Set permissions
-chown -R flarum:flarum .
-
 # if no installation was performed before
 if [ ! -e 'assets/rev-manifest.json' ]; then
 
+  echo "[INFO] First launch, installing flarum..."
+
   # Mail settings
   sed -i -e "s|{{ DB_NAME }}|${DB_NAME}|g" \
          -e "s|{{ MAIL_FROM }}|${MAIL_FROM}|g" \
@@ -60,11 +62,13 @@ if [ ! -e 'assets/rev-manifest.json' ]; then
          -e "s|{{ MAIL_ENCR }}|${MAIL_ENCR}|g" config.sql
 
   # Install flarum
-  su-exec flarum:flarum php flarum install --file config.yml
+  su-exec $UID:$GID php flarum install --file config.yml
 
   # Define flarum settings in database
   mysql -h"${DB_HOST}" -u"${DB_USER}" -p"${DB_PASS}" "${DB_NAME}" < config.sql
 
+  echo "[INFO] Installation done, launch flarum..."
+
 else
 
   echo "[INFO] Flarum already installed, init app..."
@@ -87,7 +91,7 @@ else
          -e '/$this->createAdminUser();/ s/^/#/' vendor/flarum/core/src/Install/Console/InstallCommand.php
 
   # Init flarum (without steps above)
-  su-exec flarum:flarum php flarum install --file config.yml
+  su-exec $UID:$GID php flarum install --file config.yml
 
   # Composer cache dir and packages list paths
   CACHE_DIR=/flarum/app/assets/.extensions
@@ -98,7 +102,7 @@ else
     echo "[INFO] Install extra bundled extensions"
     while read extension; do
       echo "[INFO] -------------- Install extension : ${extension} --------------"
-      COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec flarum:flarum composer require "$extension"
+      COMPOSER_CACHE_DIR="$CACHE_DIR" su-exec $UID:$GID composer require "$extension"
     done < "$LIST_FILE"
     echo "[INFO] Install extra bundled extensions. DONE."
   fi
@@ -116,7 +120,7 @@ fi
 rm -f config.sql config.yml
 
 # Set permissions
-chown -R flarum:flarum /flarum /var/lib/nginx
+chown -R $UID:$GID /flarum
 
 # RUN !
-exec supervisord -c /etc/supervisor/supervisord.conf
+exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d
diff --git a/s6.d/.s6-svscan/finish b/s6.d/.s6-svscan/finish
new file mode 100644
index 0000000..039e4d0
--- /dev/null
+++ b/s6.d/.s6-svscan/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 0
diff --git a/s6.d/nginx/run b/s6.d/nginx/run
new file mode 100644
index 0000000..eaf8049
--- /dev/null
+++ b/s6.d/nginx/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec nginx
diff --git a/s6.d/php/run b/s6.d/php/run
new file mode 100644
index 0000000..e238021
--- /dev/null
+++ b/s6.d/php/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec php-fpm7
diff --git a/supervisord.conf b/supervisord.conf
deleted file mode 100644
index a65aaf9..0000000
--- a/supervisord.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-[supervisord]
-logfile = /tmp/supervisord.log
-pidfile = /tmp/supervisord.pid
-nodaemon=true
-
-[program:php-fpm]
-command=php-fpm7
-
-[program:nginx]
-command=nginx