Docker rewrite 2018

.gitattributes

@@ -3,4 +3,4 @@
 *.jpg binary
 *.git binary
 *.png binary
-*.xcf binary
+*.xcf binary 

.gitignore

@@ -1 +0,0 @@
-line-endings.sh

README.md

@@ -1,87 +1,45 @@
 ## Docker ChurchCRM
 
-This is the Docker Installation of ChurchCRM. This image is the latest release ChurchCRM for Docker. It is installed on Alpine Linux, Apache, PHP7 & is using MariaDB in a separate Alpine container.
+This is the Docker Installation of ChurchCRM. This will build the latest release of ChurchCRM for Docker. It is made with Apache/PHP7/ChurchCRM and MariaDB in 2 separate containers and a third container (nginx working as a reverse proxy) that work together.
 
 ### How To Use
 
-To use, first change your desired database info and **passwords** in the **``.env``** file. *(Download that file from the main ChurchCRM/Docker repository directory)*
+It is necessary to have Docker installed on your system for this to work. See https://www.docker.com/community-edition#/download...
 
-Once complete, Start ChurchCRM in Docker by using the Docker RUN command from the directory that your ``.env`` file resides or by building and starting with docker-compose.
+* Clone this repository.
+* Change your desired **database info** and **passwords** in the crm_secrets.json file. **PLEASE CHANGE**
+* Change your desired SSL setup in the docker_compose.yml file under the nginx: args section. (Read commented lines to see your options)
+* From the command line, navigate to the root folder of your local repository and use docker-compose to build and run ChurchCRM. Run the following commands.
+    - `docker-compose build`
+    - `docker-compose up`
+* You can view your installation of ChurchCRM on Docker by going to https://localhost (or your server's IP address) in a browser.
+* Enter the default login information:
+    - Username: `admin`
+    - Password: `changeme`
+- Once in, you will be prompted to change your password to something more secure.
 
-#### Starting with Docker Run
+### SSL
 
-For example, you can start MariaDB first with the following command. Make sure to **change the passwords** in the ``.env`` file first.
+ChurchCRM for Docker is set to run by default using SSL encryption. There are 3 build options in regards to SSL.
 
-``docker run --name database --env-file .env -d jaskipper/alpine-mariadb``
+* `build`: This option will create an SSL certificate for you. Please fill out your information in the docker_compose.yml file under the nginx: args section.
+* `own`: With this option, you will need to provide your own SSL certificates. Please put your own "server.crt" and "server.key" files in the "buildnginx/conf.d folder. SSL will not work if chooseing this option and not adding the correctly named certificates there.
+* `none`: This will run an installation of ChurchCRM without SSL. You will be able to access your installation at http://localhost (as opposed to https://localhost)
 
-Then start the ChurchCRM container:
+**NOTE** While using SSL on localhost, browsers will prompt with an error/warning that they don't recognize the Certificate Authority *(which is yourself in this case)*. When this occurs, allow the exception and continue to the site.
 
-``docker run --name churchcrm -p 80:80 --link database --env-file .env -d churchcrm/crm``
+### Using a Domain Name instead of https://localhost
 
-Visit your website and you will be up and running. Log in with the default username ``admin`` and password ``changeme`` and then change your admin password on the next screen.
+In order to access ChurchCRM via a domain name other than localhost, set an entry in your local computer's `/etc/hosts` file.
 
-#### Building and Starting with Docker-Compose
+* See https://www.siteground.com/kb/how_to_use_the_hosts_file/ to see where your hosts file is located and how to update.
+* Add an entry in your `hosts` file such as `127.0.0.1     local.churchcrm.io`
+* Once saved you can access your installation by going to `https://local.churchcrm.io` or any domainname that you specified in the hosts file.
 
-To build and run with Docker-Compose, you must have all of the files in the Github repo. Download the Github Docker repository and run ``docker-compose build`` and ``docker-compose up`` from the project folder. **Be SURE to Change Passwords in the .env file before starting your container**.
+### Accessing ChurchCRM from another device
 
-## Environment variables used in the container
+While on the same local network, you can access ChurchCRM by visiting the IP address of the computer running Docker. For example, if your machine's local ip is 192.168.1.3, visiting that address (https://192.168.1.3) from another device will allow you to access ChurchCRM.
 
-It is recommended that you use the .env file to add your passwords, but you may also add those ENV's with the -e flag with ``docker run -e ...``.
+### DATA STORAGE
 
-### MYSQL_DB_HOST
-This variable defines the host in order for ChurchCRM to be able to connect to the database.
-
-	-e MYSQL_DB_HOST=database *(This is default and recommended to stay that way unless you know what you are doing)*
-
-### MYSQL_ROOT_PASSWORD
-This variable defines the password for the root user in the database, set it with
-
-	-e MYSQL_ROOT_PASSWORD=secretpassword
-
-add quotes if there is spaces or other special character in the password
-
-	-e MYSQL_ROOT_PASSWORD='password with spaces'
-
-### MYSQL_RANDOM_ROOT_PASSWORD
-This variable generate a random password for the root user, add
-
-	-e MYSQL_RANDOM_ROOT_PASSWORD=yes
-
-the password can then be found by looking at the logoutput
-
-	docker logs <container>
-
-### MYSQL_ALLOW_EMPTY_PASSWORD
-This allows the root password to be blank, THIS IS A MAJOR SECURITY RISK, add
-
-	-e MYSQL_ALLOW_EMPTY_PASSWORD=yes
-
-### MYSQL_REMOTE_ROOT
-Normal the root user can only use localhost to access the databases adding
-
-	-e MYSQL_REMOTE_ROOT=yes
-
-allows root access from any host
-
-### MYSQL_DATABASE
-creates a database with the defined name
-
-	-e MYSQL_DATABASE=databasename
-
-### MYSQL_USER
-creates a user with password defined with MYSQL_PASSWORD and full access to the database defined by MYSQL_DATABASE
-
-	-e MYSQL_USER=username
-
-### MYSQL_PASSWORD
-The password for the user defined by MYSQL_USER
-
-	-e MYSQL_PASSWORD=donottell
-
-### CHURCHCRM_ADMIN
-
-To come...
-
-### CHURCHCRM_PASSWORD
-
-To come...
+Running the `docker-compose up` command will create 2 separate Docker data-volumes to store the database and ChurchCRM uploaded photos. When the database and ChurchCRM images and containers are destroyed, rebuilt or updated, the data-volumes will persist unless you remove those volumes.

build-mysql/Dockerfile

@@ -0,0 +1,20 @@
+FROM alpine:latest
+MAINTAINER ChurchCRM
+
+RUN apk update && \
+    apk upgrade && \
+    apk add --no-cache \
+        figlet \
+        jq \
+	      mariadb \
+        mariadb-client \
+        ncurses && \
+	  addgroup mysql mysql && \
+	  mkdir /scripts
+
+COPY ./startup /scripts/startup
+RUN chmod +x /scripts/startup
+
+EXPOSE 3306
+
+ENTRYPOINT ["/scripts/startup"]

build-mysql/startup

@@ -0,0 +1,79 @@
+#!/bin/ash
+
+# parameters
+MYSQL_DATADIR=${MYSQL_DATADIR:-"/var/lib/mysql"}
+
+MYSQL_ROOT_PWD=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_ROOT_PWD')
+MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER')
+MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER_PWD')
+MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER_DB')
+
+if [ $MYSQL_ROOT_PWD = "changeme" ]; then
+    figlet -f colossal "WARNING"
+    red=$(tput setaf 1)    # Red
+    reset=$(tput sgr0)
+    echo "${red}*********************************************"
+    echo "${red}WARNING!!!"
+    echo "${red}YOU DID NOT CHANGE THE MYSQL_ROOT_PWD IN THE crm_secrets.json FILE!!!"
+    echo "${red}This is EXTREMELY insecure. Please go back and change the password to something more secure and re-build your images by running `docker-compose build`"
+    echo "${red}*********************************************"
+    ${reset}
+    echo ""
+fi
+if [ $MYSQL_USER_PWD = "changeme" ]; then
+    figlet -f colossal "WARNING"
+    red=$(tput setaf 1)    # Red
+    reset=$(tput sgr0)
+    echo "${red}*********************************************"
+    echo "${red}WARNING!!!"
+    echo "${red}YOU DID NOT CHANGE THE MYSQL_USER_PWD IN THE crm_secrets.json FILE!!!"
+    echo "${red}This is EXTREMELY insecure. Please go back and change the password to something more secure and re-build your images by running `docker-compose build`"
+    echo "${red}*********************************************"
+    ${reset}
+fi
+
+if [ -d "/run/mysqld" ]; then
+        echo "[i] MySQL directory already present, skipping creation"
+else
+	echo "[i] mysqld not found, creating...."
+	mkdir -p /run/mysqld
+	chown -R mysql:mysql /run/mysqld
+	echo 'Initializing database'
+        mkdir -p "$MYSQL_DATADIR/mysql"
+        chown -R mysql:mysql $MYSQL_DATADIR
+	mysql_install_db --user=mysql --datadir="$MYSQL_DATADIR" --rpm
+	echo 'Database initialized'
+
+	tfile=`mktemp`
+	if [ ! -f "$tfile" ]; then
+	    return 1
+	fi
+
+	cat << EOF > $tfile
+USE mysql;
+SET @@SESSION.SQL_LOG_BIN=0 ;
+FLUSH PRIVILEGES ;
+CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PWD}' ;
+GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_USER_PWD}' ;
+CREATE USER '${MYSQL_USER}'@'localhost' IDENTIFIED BY '${MYSQL_USER_PWD}' ;
+EOF
+
+	if [ "$MYSQL_USER_DB" != "" ]; then
+	    echo "[i] Creating database: $MYSQL_USER_DB"
+	    echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_USER_DB\` CHARACTER SET utf8 COLLATE utf8_general_ci;" >> $tfile
+
+	    if [ "$MYSQL_USER" != "" ]; then
+		#echo "[i] Creating user: $MYSQL_USER with password $MYSQL_USER_PWD"
+		echo "GRANT ALL PRIVILEGES ON \`$MYSQL_USER_DB\`.* to '$MYSQL_USER'@'%' identified by '${MYSQL_USER_PWD}' ;" >> $tfile
+		echo "GRANT ALL PRIVILEGES ON \`$MYSQL_USER_DB\`.* to '$MYSQL_USER'@'localhost' identified by '${MYSQL_USER_PWD}' ;" >> $tfile
+		echo "FLUSH PRIVILEGES ;" >> $tfile
+	    fi
+	fi
+
+	/usr/bin/mysqld --user=mysql --bootstrap --verbose=1 --datadir="$MYSQL_DATADIR" < $tfile
+    rm -f "$tfile"
+fi
+
+exec /usr/bin/mysqld --user=mysql --console --datadir="$MYSQL_DATADIR"

build/Dockerfile

@@ -0,0 +1,69 @@
+FROM httpd:2-alpine
+
+# Install neccessary packages
+RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    echo "@community http://dl-3.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
+    echo "@testing http://dl-3.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
+    apk update --repository http://dl-3.alpinelinux.org/alpine/edge/main \
+               --repository http://dl-3.alpinelinux.org/alpine/edge/community \
+               --repository http://dl-3.alpinelinux.org/alpine/edge/testing && \
+    apk add --upgrade apk-tools@edge && \
+    apk upgrade && \
+    apk add --no-cache \
+    curl \
+    figlet \
+    jq \
+    libressl \
+    ncurses \
+    php7 \
+    php7-apache2 \
+    php7-apcu \
+    php7-curl \
+    php7-exif \
+    php7-fileinfo \
+    php7-gd \
+    php7-gettext \
+    php7-iconv \
+    php7-intl \
+    php7-json \
+    php7-mbstring \
+    php7-mcrypt \
+    php7-mysqli \
+    php7-mysqlnd \
+    php7-pdo \
+    php7-pdo_mysql \
+    php7-phar \
+    php7-session \
+    php7-sqlite3 \
+    php7-xml && \
+    ln -s /usr/lib/apache2/mod_php7.so /usr/local/apache2/modules
+
+# Copy Apache configurations
+COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf
+
+# Download Latest Version of ChurchCRM
+WORKDIR /usr/local/apache2/
+
+RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \
+    wget $crmlatest && \
+    unzip -q *.zip && \
+    rm -R *.zip htdocs && \
+    mv churchcrm htdocs
+
+# Copy CRM setup file into image
+COPY ./configsetup /usr/local/bin
+
+# Set work directory to the web host path
+WORKDIR /usr/local/apache2/htdocs/
+
+# Modify php.ini and set config setup to be an executable
+RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \
+    sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \
+    sed -i "s/zlib.output_compression = Off/zlib.output_compression = On/g" /etc/php7/php.ini && \
+    sed -i "s/;error_log = php_errors.log/error_log = \/proc\/self\/fd\/2/g" /etc/php7/php.ini && \
+    sed -i '/;error_log = syslog/a error_log = \/usr\/local\/apache2\/logs\/php_errors.log' /etc/php7/php.ini && \
+    chmod +x /usr/local/bin/configsetup
+
+# Run the configsetup file on container start
+ENTRYPOINT ["/usr/local/bin/configsetup"]
+CMD ["httpd-foreground"]