diff --git a/.env.example b/.env.example index 4cc1a33..5ecca18 100644 --- a/.env.example +++ b/.env.example @@ -4,6 +4,10 @@ TAG=latest # set timezone to get correct log timestamp TZ=ETC/UTC +# container uid and gid (must match the owner of mounted directories) +GODOXY_UID=1000 +GODOXY_GID=1000 + # API JWT Configuration (common) # generate secret with `openssl rand -base64 32` GODOXY_API_JWT_SECRET= diff --git a/compose.example.yml b/compose.example.yml index acb49e3..09ec757 100755 --- a/compose.example.yml +++ b/compose.example.yml @@ -1,17 +1,46 @@ --- services: + socket-proxy: + container_name: socket-proxy + image: lscr.io/linuxserver/socket-proxy:latest + environment: + - ALLOW_START=1 + - ALLOW_STOP=1 + - ALLOW_RESTARTS=1 + - CONTAINERS=1 + - EVENTS=1 + - PING=1 + - POST=1 + - VERSION=1 + volumes: + - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock + restart: unless-stopped + tmpfs: + - /run + ports: + - 127.0.0.1:2375:2375 + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:2375"] + interval: 1m30s + timeout: 30s + retries: 5 + start_period: 30s frontend: image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest} container_name: godoxy-frontend restart: unless-stopped network_mode: host # do not change this env_file: .env + user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000} + security_opt: + - no-new-privileges:true + cap_drop: + - all depends_on: - app environment: + HOSTNAME: 127.0.0.1 PORT: ${GODOXY_FRONTEND_PORT:-3000} - - # modify below to fit your needs labels: proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy} proxy.godoxy.port: ${GODOXY_FRONTEND_PORT:-3000} @@ -29,11 +58,19 @@ services: restart: always network_mode: host # do not change this env_file: .env + user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000} + security_opt: + - no-new-privileges:true + cap_drop: + - all + cap_add: + - NET_BIND_SERVICE + environment: + - DOCKER_HOST=127.0.0.1:2375 volumes: - - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock - ./config:/app/config - ./logs:/app/logs - - ./error_pages:/app/error_pages + - ./error_pages:/app/error_pages:ro - ./data:/app/data # To use autocert, certs will be stored in "./certs". diff --git a/scripts/setup.sh b/scripts/setup.sh index b6e2853..c5d8036 100755 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -36,6 +36,7 @@ COMPOSE_FILE_NAME="compose.yml" COMPOSE_EXAMPLE_FILE_NAME="compose.example.yml" CONFIG_FILE_NAME="config.yml" CONFIG_EXAMPLE_FILE_NAME="config.example.yml" +REQUIRED_DIRECTORIES=("config" "logs" "error_pages" "data" "certs") echo "Setting up GoDoxy" echo "Branch: ${BRANCH}" @@ -149,12 +150,20 @@ get_timezone() { fi } +# check if running user is root +if [ "$EUID" -ne 0 ]; then + echo "Error: Please run this script as root" + exit 1 +fi + check_pkg "openssl" "openssl" check_pkg "docker" "docker-ce" # Setup required configurations -# 1. Config base directory -mkdir_if_not_exists "$CONFIG_BASE_PATH" +# 1. Setup required directories +for dir in "${REQUIRED_DIRECTORIES[@]}"; do + mkdir_if_not_exists "$dir" +done # 2. .env file fetch_file "$DOT_ENV_EXAMPLE_PATH" "$DOT_ENV_PATH" @@ -222,4 +231,10 @@ EOF fi fi +# 7. setup permission + +echo "Setting up permissions" +chown -R 1000:1000 . +chmod -R 644 . + echo "Setup finished"