ampache · scufre · May 22, 2023 · May 25, 2023
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,5 @@
 3.7.0.tar.gz
 data/config/ampache.cfg.php
 data/log/*
-data/mysql/*
 data/media/*
 nohup.out
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,8 @@
+FROM golang:1.19 AS build-supercronic-stage
+
+RUN git clone https://github.com/aptible/supercronic.git /tmp/supercronic
+RUN cd /tmp/supercronic && CGO_ENABLED=0 GOOS=linux go build
+
 FROM debian:stable
 LABEL maintainer="lachlan-00"
 
@@ -66,6 +71,8 @@ RUN     apt-get -q -q update \
     &&  find /var/www -type d -name ".git*" -print0 | xargs -0 rm -rf {} \
     &&  chown -R www-data:www-data /var/www \
     &&  chmod -R 775 /var/www \
+    &&  sed -i 's#/var/run/apache2#/tmp/apache2#' /etc/apache2/envvars \
+    &&  sed -i 's#/var/log/apache2#/var/log/ampache#' /etc/apache2/envvars \
     &&  rm -rf /var/cache/* /tmp/* /var/tmp/* /root/.cache /var/www/docs /var/www/.tx \
     &&  echo '30 * * * *   /usr/local/bin/ampache_cron.sh' | crontab -u www-data - \
     &&  sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen \
@@ -86,9 +93,12 @@ COPY data/apache2/php.ini /etc/php/8.1/apache2/
 COPY data/config/ampache.cfg.* /var/tmp/
 COPY data/logrotate.d/* /etc/logrotate.d/
 COPY data/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+COPY data/mysql/my.cnf /etc/mysql/my.cnf
+COPY --from=build-supercronic-stage /tmp/supercronic/supercronic /usr/local/bin/supercronic
+COPY data/supercronic/crontab /etc/crontab
 
 RUN  chown www-data:www-data /var/tmp/ampache.cfg.* \
     &&  chmod +x /usr/local/bin/*.sh
 
 ENTRYPOINT ["docker-entrypoint.sh"]
-CMD ["run.sh"]
+CMD ["/usr/local/bin/run.sh"]
diff --git a/data/apache2/php.ini b/data/apache2/php.ini
@@ -1062,7 +1062,7 @@ cli_server.color = On
 [Pdo_mysql]
 ; Default socket name for local MySQL connects.  If empty, uses the built-in
 ; MySQL defaults.
-pdo_mysql.default_socket=
+pdo_mysql.default_socket=/tmp/mysql/mysqld.sock
 
 [Phar]
 ; https://php.net/phar.readonly
@@ -1175,7 +1175,7 @@ mysqli.default_port = 3306
 ; Default socket name for local MySQL connects.  If empty, uses the built-in
 ; MySQL defaults.
 ; https://php.net/mysqli.default-socket
-mysqli.default_socket =
+mysqli.default_socket = /tmp/mysql/mysqld.sock
 
 ; Default host for mysqli_connect() (doesn't apply in safe mode).
 ; https://php.net/mysqli.default-host

diff --git a/data/bin/create_mysql_admin_user.sh b/data/bin/create_mysql_admin_user.sh
@@ -1,6 +1,11 @@
 #!/bin/bash
 
-mysqld_safe &
+if [ "$(id -u)" = '0' ]; then
+    user=www-data
+else
+    user=$(id -u)
+fi
+mysqld_safe --user $user &
 sleep 5
 
 RET=1

diff --git a/data/bin/cron.sh b/data/bin/cron.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-cron -f
+exec supercronic /etc/crontab
diff --git a/data/bin/docker-entrypoint.sh b/data/bin/docker-entrypoint.sh
@@ -2,18 +2,19 @@
 
 set -e
 
-if [ -n "$GID" ]; then
-    groupmod -o -g "$GID" www-data
-fi
-
-if [ -n "$UID" ]; then
-    usermod -o -u "$UID" www-data
+if [ -n "$UID" ] && [ -n "$GID" ] && [ "$(id -u)" = '0' ]; then
+    userdel www-data
+    groupadd -o -g "$GID" www-data
+    useradd -o -M -u "$UID" -g "$GID" www-data
 fi
 
 # Re-set permission to the `www-data` user if current user is root
 # This avoids permission denied if the data volume is mounted by root
 if [ "$1" = '/usr/local/bin/run.sh' ] && [ "$(id -u)" = '0' ]; then
-    chown -R www-data:www-data /var/www/config /var/log/ampache
+    chown -R www-data:www-data /var/www/config /var/log/ampache /var/lib/mysql
+    chown www-data:www-data /var/www/public/play/.htaccess /var/www/public/rest/.htaccess /var/www/public/channel/.htaccess
+    chown www-data:www-data /var/tmp/ampache.cfg.*
+    rm -fr /var/lib/php/sessions/* && chown www-data:www-data /var/lib/php/sessions
     exec gosu www-data "$@"
 else
   exec "$@"

diff --git a/data/bin/mysql.sh b/data/bin/mysql.sh
@@ -1,3 +1,7 @@
 #!/bin/sh
-
-exec mysqld_safe --syslog
+if [ "$(id -u)" = '0' ]; then
+    user=www-data
+else
+    user=$(id -u)
+fi
+exec mysqld_safe --user $user
diff --git a/data/bin/run.sh b/data/bin/run.sh
@@ -1,9 +1,16 @@
 #!/bin/bash
 
+mkdir /tmp/mysql /tmp/apache2
+chmod 750 /tmp/mysql /tmp/apache2
 if [[ ! -d /var/lib/mysql/mysql ]]; then
     echo "=> An empty or uninitialized MySQL volume is detected in $VOLUME_HOME"
     echo "=> Installing MySQL ..."
-    mysql_install_db --auth-root-authentication-method=normal --user=mysql
+    if [ "$(id -u)" = '0' ]; then
+        user=www-data
+    else
+        user=$(id -u)
+    fi
+    mysql_install_db --auth-root-authentication-method=normal --user $user
     echo "=> Done!"
     create_mysql_admin_user.sh
 else

diff --git a/data/mysql/my.cnf b/data/mysql/my.cnf
@@ -0,0 +1,50 @@
+# /etc/mysql/mariadb.cnf
+[client-server]
+# Port or socket location where to connect
+# port = 3306
+socket = /tmp/mysql/mysqld.sock
+
+# /etc/mysql/conf.d/mysqldump.cnf
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+# /etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf
+[mysqld_safe]
+nice = 0
+skip_log_error
+syslog
+
+# /etc/mysql/mariadb.conf.d/50-server.cnf
+# this is only for the mysqld standalone daemon
+[mysqld]
+#
+# * Basic Settings
+#
+pid-file                = /tmp/mysql/mysqld.pid
+basedir                 = /usr
+datadir                 = /var/lib/mysql
+tmpdir                  = /tmp
+lc-messages-dir         = /usr/share/mysql
+lc-messages             = en_US
+skip-external-locking
+log-error               = /var/log/ampache/mysqld.log
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = 127.0.0.1
+
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+expire_logs_days        = 10
+
+#
+# * Character sets
+#
+
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
diff --git a/data/supercronic/crontab b/data/supercronic/crontab
@@ -0,0 +1 @@
+30 * * * *   /usr/local/bin/ampache_cron.sh
diff --git a/data/supervisord/supervisord.conf b/data/supervisord/supervisord.conf
@@ -1,8 +1,7 @@
 [supervisord]
 nodaemon=true
-user=root
 loglevel=info
-logfile=/var/log/supervisor/supervisord.log
+logfile=/var/log/ampache/supervisord.log
 pidfile=/tmp/supervisord.pid
 
 [program:cron]