diff --git a/.dockerignore b/.dockerignore index d236b92..07d3ff5 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,6 @@ -.drone.yml .git .gitea .gitignore LICENSE.md README.md +docker-compose.yml diff --git a/README.md b/README.md index deb7212..e6093f8 100644 --- a/README.md +++ b/README.md @@ -2,89 +2,67 @@ [Docker](https://hub.docker.com/r/nephatrine/nginx-h5ai/) | [unRAID](https://code.nephatrine.net/NephNET/unraid-containers) -# H5AI Web Index +# NGINX H5AI Web Index This docker container manages the NGINX application with the H5AI PHP web server index application. -Just put files and folders into the volume mapped to `/mnt/media` and they will -be made accessible through the web interface. For private files, you can either -lock them down via the NGINX config or use a container that is not publicly -accessible in the first place. +The `latest` tag points to version `0.31.0-glubsy` and this is the only image +actively being updated. There are tags for older versions, but these may no +longer be using the latest NGINX version, PHP version, or Alpine version and +packages. If using this as a standalone web server, you can configure TLS the same way as the [nginx-ssl](https://code.nephatrine.net/NephNET/docker-nginx-ssl) container. If part of a larger envinronment, we suggest using a separate container as a reverse proxy server and handle TLS there instead. -- [Alpine Linux](https://alpinelinux.org/) w/ [S6 Overlay](https://github.com/just-containers/s6-overlay) -- [NGINX](https://www.nginx.com/) w/ [CertBot](https://certbot.eff.org/) -- [PHP](https://www.php.net/) w/ [H5AI](https://larsjung.de/h5ai/) - -You can spin up a quick temporary test container like this: - -~~~ -docker run --rm -p 80:80 -it nephatrine/nginx-h5ai:latest /bin/bash -~~~ - **Remember to change the password in the h5ai configuration as the info page might expose information about your server that you do not want exposed.** -## Docker Tags +## Docker-Compose -- **nephatrine/nginx-h5ai:latest**: H5AI 0.31.0-glubsy / Alpine Latest +This is an example docker-compose file: -## Configuration Variables +```yaml +services: + h5ai: + image: nephatrine/nginx-h5ai:latest + container_name: h5ai + environment: + TZ: America/New_York + PUID: 1000 + PGID: 1000 + ADMINIP: 127.0.0.1 + TRUSTSN: 192.168.0.0/16 + DNSADDR: "8.8.8.8 8.8.4.4" + ports: + - "8080:80/tcp" + volumes: + - /mnt/containers/h5ai:/mnt/config + - /mnt/containers/public:/mnt/media +``` -You can set these parameters using the syntax ``-e "VARNAME=VALUE"`` on your -``docker run`` command. Some of these may only be used during initial -configuration and further changes may need to be made in the generated -configuration files. +## Publishing Files -- ``ADMINIP``: Administrator IP (*127.0.0.1*) (INITIAL CONFIG) -- ``DNSADDR``: Resolver IPs (*8.8.8.8 8.8.4.4*) (INITIAL CONFIG) -- ``PUID``: Mount Owner UID (*1000*) -- ``PGID``: Mount Owner GID (*100*) -- ``TRUSTSN``: Trusted Subnet (*192.168.0.0/16*) (INITIAL CONFIG) -- ``TZ``: System Timezone (*America/New_York*) +Just put files and folders into the volume mapped to `/mnt/media` and they will +be made accessible through the web interface. For private files, you can either +lock them down via the NGINX config or use a container that is not publicly +accessible in the first place. -## Persistent Mounts +## Server Configuration -You can provide a persistent mountpoint using the ``-v /host/path:/container/path`` -syntax. These mountpoints are intended to house important configuration files, -logs, and application state (e.g. databases) so they are not lost on image -update. +These are the configuration and data files you will likely need to be aware of +and potentially customize. -- ``/mnt/config``: Persistent Data. -- ``/mnt/media``: Indexed Location. +- `/mnt/config/etc/mime.type` +- `/mnt/config/etc/nginx.conf` +- `/mnt/config/etc/nginx.d/*` +- `/mnt/config/www/default/*` +- `/mnt/config/etc/php.d/*` +- `/mnt/config/etc/php.ini` +- `/mnt/config/etc/php-fpm.conf` +- `/mnt/config/etc/php-fpm.d/*` +- `/mnt/media/_h5ai/private/conf/options.json` -Do not share ``/mnt/config`` volumes between multiple containers as they may -interfere with the operation of one another. - -The ``/mnt/media/`` volume will have an `_h5ai` folder created in it, but -otherwise will not be modified. - -You can perform some basic configuration of the container using the files and -directories listed below. - -- ``/mnt/config/etc/crontabs/``: User Crontabs. -- ``/mnt/config/etc/logrotate.conf``: Logrotate Global Configuration. -- ``/mnt/config/etc/logrotate.d/``: Logrotate Additional Configuration. -- ``/mnt/config/etc/mime.type``: NGINX MIME Types. -- ``/mnt/config/etc/nginx.conf``: NGINX Configuration. -- ``/mnt/config/etc/nginx.d/``: NGINX Configuration. -- ``/mnt/config/etc/php.d/*``: PHP Extension Configuration -- ``/mnt/config/etc/php.ini``: PHP General Configuration -- ``/mnt/config/etc/php-fpm.conf``: PHP-FPM General Configuration -- ``/mnt/config/etc/php-fpm.d/*``: PHP-FPM Per-Site Configuration -- ``/mnt/media/_h5ai/private/conf/options.json``: H5AI Configuration - -**[*] Changes to some configuration files may require service restart to take -immediate effect.** - -## Network Services - -This container runs network services that are intended to be exposed outside -the container. You can map these to host ports using the ``-p HOST:CONTAINER`` -or ``-p HOST:CONTAINER/PROTOCOL`` syntax. - -- ``80/tcp``: HTTP Server. This is the default insecure web server. +Modifications to some of these may require a service restart to pull in the +changes made. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..45b696c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,16 @@ +services: + h5ai: + build: . + container_name: h5ai + environment: + TZ: America/New_York + PUID: 1000 + PGID: 1000 + ADMINIP: 127.0.0.1 + TRUSTSN: 192.168.0.0/16 + DNSADDR: "8.8.8.8 8.8.4.4" + ports: + - "8080:80/tcp" + volumes: + - /mnt/containers/h5ai:/mnt/config + - /mnt/containers/public:/mnt/media