Merge branch 'master' of https://git.lattuga.net/boyska/Feedati

README.md

@@ -3,7 +3,7 @@ FEEDATI
 
 La nuova frontiera dello smanettamento con gli RSS
 
-## Installami
+## Install
 
 Serve installare le seguenti cosucce:
 
@@ -12,7 +12,19 @@ Serve installare le seguenti cosucce:
  - `go get 'github.com/betalo-sweden/await'` (serve Go >= 1.8)
  - [doit](http://pydoit.org/)  (`pip3 install doit==0.31` or `apt-get install python3-doit`)
 
-## Lanciare
+## Some more setup
+
+You need to resolve localhost as `feedati-fe`. Run:
+
+    echo 127.0.0.1   feedati-fe | sudo tee -a /etc/hosts
+
+## Run
 
 Running `doit` is enough.
 It will build images, configure them, then run everything.
+
+## Use
+
+Point your browser to `http://feedati-fe/tt-rss/`.
+
+NO, `http://localhost/` won't work.

doc/HACKING.md

@@ -1,22 +1,37 @@
+Don't even read this if you haven't got README.md right
+
+## Things to setup
+
+If you want to make some contribution to the project, please take some minute setting things up.
+
+Editing file  that are bind-mounted over a container is not totally trivial; if you use vim, please
+`set modeline backupcopy` in your vimrc. This will make your editing a bit more pleasant and avoid [known
+issues](https://github.com/moby/moby/issues/15793). If you don't use vim, check that your editor doesn't
+change inode to editing file, or editing files live from host to container will give you headache.
+
+Please also see [GIT.md](GIT.md) for tips on setting git.
+
+## Coding, running, coding
+
 The instructions in README.md are fine when you only want to run. However, when developing, you might need to
 know some more tricks.
 
 The goal of our build manager (`dodo.py`) is to make a single call to `doit`, without arguments, always a sane
 and correct choice. However that could not always be the case.
 
-Let's organize our explanation into "iteration loops": you are typically developing on some aspect of it, and
+Let's organize our explanation into "iterations": you are typically developing on some aspect of it, and
 not on the entire setup. Based on this, you'll need to do different things.
 
-## Loops
+### Loops
 
-### Hacking code on tt-rss or rss-bridge
+#### Hacking code on tt-rss or rss-bridge
 
 If you are changing PHP code, well, this is the easiest part.
 Run `doit`, and you should have everything running, and logs showing up.
 Then, with your favourite editor, edit the PHP files you prefer. You can then refresh what you want in the
 browser, and everything should be automatically changing. No other action required!
 
-### Changing nginx configuration
+#### Changing nginx configuration
 
 Currently, there is no way to reload nginx, even though it should not be impossible, theoretically, to do it.
 So edit `docker/nginx.conf` with your favourite editor then run `doit`. On the next change, give `ctrl-c` to
@@ -24,7 +39,7 @@ So edit `docker/nginx.conf` with your favourite editor then run `doit`. On the n
 
 This workflow could be improved, being currently a bit too slow for such an easy thing.
 
-### Change some docker file
+#### Change some docker file
 
 When you change the dockerfile you need to build everything again. Doit should notice this, and just running
 `doit` should build everything again. If for some reason this is not the case, `doit clean build` will clean

docker-compose.yml

@@ -18,10 +18,11 @@ services:
         build:
             context: .
             dockerfile: ./docker/Dockerfile-tt-rss
-        container_name: feedati_tt_rss
+        container_name: feedati_tt_php
         volumes:
             - ./tt-rss:/app/public/tt-rss/
             - ./docker/ttrss-config.php:/app/public/tt-rss/config.php:ro
+            - ./docker/ttrss-apache-tt.conf:/etc/apache2/conf.d/tt.conf:ro
         ports:
             - 8000:80
             - 9312:9312
@@ -29,6 +30,18 @@ services:
             - APACHE_SERVER_NAME=tt-rss
             - PHP_DISPLAY_ERRORS=stdout
             - PHP_DISPLAY_STARTUP_ERROR=1
+
+    tt-rss-update:
+        image: feedati/tt-rss:latest
+        volumes:
+            - ./tt-rss:/app/public/tt-rss/
+            - ./docker/ttrss-config.php:/app/public/tt-rss/config.php:ro
+        container_name: feedati_tt_update
+        environment:
+            - PHP_DISPLAY_ERRORS=stdout
+            - PHP_DISPLAY_STARTUP_ERROR=1
+        entrypoint: 'wait-db php7 /app/public/tt-rss/update.php --daemon'
+        ports: []
         depends_on:
             - db
 
@@ -47,11 +60,11 @@ services:
         environment:
             - APACHE_SERVER_NAME=rss-bridge
 
-    feedati_frontend:
-        image: nginx:latest
-        container_name: feedati_frontend
+    feedati-fe:
+        image: httpd:2.4-alpine
+        container_name: feedati_webserver
         volumes:
-            - ./docker/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+            - ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
         ports:
             - 80:80
         depends_on:

docker/Dockerfile-tt-rss

@@ -16,26 +16,21 @@ RUN apk update \
         php7-redis \
         php7-ftp \
  && rm -rf /var/cache/apk/
-COPY docker/setup_openrc.sh /usr/local/bin/
 COPY tt-rss/* /app/public/tt-rss/
-COPY docker/ttrss-openrc-apache /etc/init.d/apache
-COPY docker/ttrss-openrc-ttrssupdate /etc/init.d/ttrssupdate
-COPY docker/ttrss-openrc-ntpd /etc/init.d/ntpd
+COPY docker/wait-db /usr/bin/
+COPY docker/ttrss-apache-tt.conf /etc/apache2/conf.d/tt.conf
+
 RUN mkdir -p /app/public/tt-rss/ /var/cache/tt-rss/images \
         /var/cache/tt-rss/upload /var/cache/tt-rss/export/ \
-        /var/cache/tt-rss/js /var/lock/tt-rss/ \
+        /var/cache/tt-rss/js /var/lock/tt-rss/ /var/lib/tt-rss/feed-icons/ \
     && chown -R apache:root \
         /app/public \
         /var/cache/tt-rss/ \
         /var/lock/tt-rss/ \
-    && /usr/local/bin/setup_openrc.sh \
-    && apk --no-cache add util-linux \
-    && rc-update add ntpd \
-    && rc-update add apache \
- && rc-update add ttrssupdate
-
+        /var/lib/tt-rss/ \
+    && echo -e 'log_errors = On\nerror_log = syslog' >> /etc/php7/php.ini \
+    && sed -i '/^Listen/d' /etc/apache2/httpd.conf \
+ && sed -i -r 's@ErrorLog .*@ErrorLog "/proc/self/fd/2"@i' /etc/apache2/httpd.conf
 
-ENTRYPOINT []
-CMD ["/sbin/init"]
 
 # vim: set ft=dockerfile:

docker/frontend-apache.conf

@@ -0,0 +1,190 @@
+ServerRoot "/usr/local/apache2"
+
+Listen 80
+
+LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule env_module modules/mod_env.so
+#LoadModule expires_module modules/mod_expires.so
+#LoadModule headers_module modules/mod_headers.so
+#LoadModule setenvif_module modules/mod_setenvif.so
+#LoadModule remoteip_module modules/mod_remoteip.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+#LoadModule rewrite_module modules/mod_rewrite.so
+
+<IfModule unixd_module>
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User daemon
+Group daemon
+</IfModule>
+
+ServerAdmin you@example.com
+
+ServerName feedati-fe:80
+
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+DocumentRoot "/usr/local/apache2/htdocs"
+<Directory "/usr/local/apache2/htdocs">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   AllowOverride FileInfo AuthConfig Limit
+    #
+    AllowOverride None
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    Require all granted
+</Directory>
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog /proc/self/fd/2
+
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+
+<IfModule log_config_module>
+    #
+    # The following directives define some format nicknames for use with
+    # a CustomLog directive (see below).
+    #
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+    <IfModule logio_module>
+      # You need to enable mod_logio.c to use %I and %O
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+
+    #
+    # The location and format of the access logfile (Common Logfile Format).
+    # If you do not define any access logfiles within a <VirtualHost>
+    # container, they will be logged here.  Contrariwise, if you *do*
+    # define per-<VirtualHost> access logfiles, transactions will be
+    # logged therein and *not* in this file.
+    #
+    CustomLog /proc/self/fd/1 common
+
+    #
+    # If you prefer a logfile with access, agent, and referer information
+    # (Combined Logfile Format) you can use the following directive.
+    #
+    #CustomLog "logs/access_log" combined
+</IfModule>
+
+<IfModule headers_module>
+    #
+    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
+    # backend servers which have lingering "httpoxy" defects.
+    # 'Proxy' request header is undefined by the IETF, not listed by IANA
+    #
+    RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+    #
+    # TypesConfig points to the file containing the list of mappings from
+    # filename extension to MIME-type.
+    #
+    TypesConfig conf/mime.types
+
+    #
+    # AddType allows you to add to or override the MIME configuration
+    # file specified in TypesConfig for specific file types.
+    #
+    #AddType application/x-gzip .tgz
+    #
+    # AddEncoding allows you to have certain browsers uncompress
+    # information on the fly. Note: Not all browsers support this.
+    #
+    #AddEncoding x-compress .Z
+    #AddEncoding x-gzip .gz .tgz
+    #
+    # If the AddEncoding directives above are commented-out, then you
+    # probably should define those extensions to indicate media types:
+    #
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+
+    #
+    # AddHandler allows you to map certain file extensions to "handlers":
+    # actions unrelated to filetype. These can be either built into the server
+    # or added with the Action directive (see below)
+    #
+    # To use CGI scripts outside of ScriptAliased directories:
+    # (You will also need to add "ExecCGI" to the "Options" directive.)
+    #
+    #AddHandler cgi-script .cgi
+
+    # For type maps (negotiated resources):
+    #AddHandler type-map var
+
+    #
+    # Filters allow you to process content before it is sent to the client.
+    #
+    # To parse .shtml files for server-side includes (SSI):
+    # (You will also need to add "Includes" to the "Options" directive.)
+    #
+    #AddType text/html .shtml
+    #AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+ProxyPreserveHost On
+<Location /tt-rss/>
+ProxyPass http://tt-rss/tt-rss/
+ProxyPassReverse http://tt-rss/tt-rss/
+</Location>
+
+<Location /rss-bridge/>
+ProxyPass http://rss-bridge/
+ProxyPassReverse http://rss-bridge/
+</Location>
+
+# vim: set ft=apache bkc=yes:

docker/nginx.conf

@@ -1,28 +0,0 @@
-server {
-    listen 80;
-    server_name _;
-
-    location = /rss-bridge {
-        rewrite /rss-bridge /rss-bridge/ permanent;
-    }
-
-    location /tt-rss {
-        resolver              127.0.0.11 ipv6=off;
-        proxy_pass            http://tt-rss/tt-rss;
-        proxy_read_timeout    60s;
-        proxy_connect_timeout 4s;
-        proxy_set_header      Host $host;
-        proxy_set_header      X-Real-IP $remote_addr;
-        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-    }
-
-    location /rss-bridge/ {
-        resolver              127.0.0.11 ipv6=off;
-        proxy_pass            http://rss-bridge/;
-        proxy_read_timeout    60s;
-        proxy_connect_timeout 4s;
-        proxy_set_header      Host $host;
-        proxy_set_header      X-Real-IP $remote_addr;
-        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
-    }
-}

docker/ttrss-apache-tt.conf

@@ -0,0 +1,11 @@
+TransferLog "/proc/self/fd/1"
+Listen 0.0.0.0:80
+Alias "/tt-rss/ico" "/var/lib/tt-rss/feed-icons/"
+<Directory "/var/lib/tt-rss/feed-icons">
+Require all granted
+Options -Indexes
+AllowOverride None
+</Directory>
+
+# vim: set bkc=yes ft=apache:
+

docker/ttrss-config.php

@@ -18,7 +18,7 @@
 	// *** Basic settings (important!) ***
 	// ***********************************
 
-	define('SELF_URL_PATH', 'http://feedati_frontend/tt-rss/');
+	define('SELF_URL_PATH', 'http://feedati-fe/tt-rss/');
 	// Full URL of your tt-rss installation. This should be set to the
 	// location of tt-rss directory, e.g. http://example.org/tt-rss/
 	// You need to set this option correctly otherwise several features
@@ -68,7 +68,7 @@
 	define('CACHE_DIR', '/var/cache/tt-rss');
 	// Local cache directory for RSS feed content.
 
-	define('ICONS_DIR', "feed-icons");
+	define('ICONS_DIR', "/var/lib/tt-rss/feed-icons");
 	define('ICONS_URL', "feed-icons");
 	// Local and URL path to the directory, where feed favicons are stored.
 	// Unless you really know what you're doing, please keep those relative

docker/ttrss-openrc-apache

@@ -1,24 +0,0 @@
-#!/sbin/runscript
-
-depend() {
-    need ntpd
-}
-
-
-start() {
-    ebegin "Starting Apache (with wrapper)"
-    start-stop-daemon --background --start --exec /bootstrap/start.sh \
-        --make-pidfile --pidfile /var/run/apache-start.pid
-    eend $?
-}
-
-
-stop() {
-    ebegin "Stopping Apache (with wrapper)"
-    start-stop-daemon --stop --exec /bootstrap/start.sh \
-        --pidfile /var/run/apache-start.pid
-    start-stop-daemon --stop --exec httpd \
-        --pidfile /var/run/apache2/httpd.pid
-    eend $?
-}
-# vim: set ft=sh bkc=yes:

docker/ttrss-openrc-ntpd

@@ -1,12 +0,0 @@
-#!/sbin/openrc-run
-
-name="ntpd"
-description="update clock"
-command="/usr/sbin/ntpd"
-command_user="root"
-pidfile="/run/$name.pid"
-command_args="-s -p $pidfile"
-start_stop_daemon_args=""
-
-
-# vim: set ft=sh bkc=yes:

docker/ttrss-openrc-ttrssupdate

@@ -1,27 +0,0 @@
-#!/sbin/openrc-run
-
-name="ttrssupdate"
-description="continously update tt-rss feeds"
-command="/usr/bin/php7"
-command_args="/app/public/tt-rss/update.php --daemon"
-command_user="apache"
-pidfile="/run/$name.pid"
-command_background=true
-start_stop_daemon_args=""
-
-depend() {
-    need ntpd
-}
-
-start_pre() {
-    for _ in $(seq 1 60); do
-        if env PGPASSWORD=password-dev psql -h db -U ttrss -w ttrss -c "" -q; then
-            return 0
-        fi
-        einfo "Waiting..."
-        sleep 1
-    done
-    einfo "Timeout! postgresql wasn't ready in 60 seconds; aborting ${name} start ($description)"
-    return 1
-}
-# vim: set ft=sh bkc=yes:

docker/wait-db

@@ -0,0 +1,12 @@
+#!/bin/bash
+timeout=60
+for _ in $(seq 1 "$timeout"); do
+    if env PGPASSWORD=password-dev psql -h db -U ttrss -w ttrss -c "" -q 2> /dev/null; then
+        echo "DB ready"
+        exec "$@"
+    fi
+    echo "Waiting..." >&2
+    sleep 1
+done
+echo "Timeout! postgresql wasn't ready in 60 seconds" >&2
+exit 1

dodo.py

@@ -1,4 +1,5 @@
 import subprocess
+import os
 
 from doit.tools import LongRunning
 
@@ -14,11 +15,10 @@ def task_build():
     '''builda il container docker'''
     return {
         'uptodate': [up2date_anyimages],
-        'file_dep': ['docker-compose.yml', 'docker/Dockerfile-tt-rss',
-                     'docker/ttrss-openrc-apache',
-                     'docker/ttrss-openrc-ttrssupdate',
-                     'rss-bridge/Dockerfile'
-                     ],
+        'file_dep': ['docker-compose.yml',
+                     'rss-bridge/Dockerfile',
+                    ] + [os.path.join('docker', fname)
+                         for fname in os.listdir('docker')],
         'actions': [COMPOSE + ' build'],
         'clean': [run_task_func(task__build_rm),
                   run_task_func(task__build_rmi)],
@@ -87,10 +87,8 @@ def task_dbprepare():
 
 def task__fix_perms():
     '''fix permissions for shared www dir'''
+    # currently empty, but keeping it for later use
     return {
-        'actions': [
-            'chmod -R 777 tt-rss/feed-icons/ || true'
-        ]
     }