added envsubst command

damalis · damalis · commit f4e0049225d9 · 2023-01-13T10:23:15.000+03:00
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ If You want to build a website with CakePHP "basic" at short time;
 
 #### Full stack Apache2 CakePHP "basic":
 <p align="left"> <a href="https://www.cakephp.com/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/23666?s=200&v=4" alt="cakephp" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://www.docker.com/" target="_blank" rel="noreferrer"> <img src="https://raw.githubusercontent.com/github/explore/80688e429a7d4ef2fca1e82350fe8e3517d3494d/topics/docker/docker.png" alt="docker" width="40" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://mariadb.org/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/5877084?s=200&v=4" alt="mariadb" height="50" width="50"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://www.apache.org/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/47359?s=200&v=4" alt="apache2" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://www.php.net" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/25158?s=200&v=4" alt="php" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://redis.io" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/1529926?s=200&v=4" alt="redis" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="#" target="_blank" rel="noreferrer"> <img src="https://raw.githubusercontent.com/github/explore/80688e429a7d4ef2fca1e82350fe8e3517d3494d/topics/bash/bash.png" alt="Bash" height="50" width="50" /> </a>&nbsp;&nbsp;&nbsp;
- <a href="https://www.phpmyadmin.net/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/1351977?s=200&v=4" alt="phpmyadmin" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://letsencrypt.org/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/17889013?s=200&v=4" alt="letsencrypt" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://www.portainer.io/?hsLang=en" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/22225832?s=200&v=4" alt="portainer" height="40" width="40"/> </a> </p>
+ <a href="https://www.phpmyadmin.net/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/1351977?s=200&v=4" alt="phpmyadmin" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://letsencrypt.org/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/17889013?s=200&v=4" alt="letsencrypt" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://www.portainer.io/?hsLang=en" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/22225832?s=200&v=4" alt="portainer" height="40" width="40"/> </a>&nbsp;&nbsp;&nbsp; <a href="https://www.offen.dev/" target="_blank" rel="noreferrer"> <img src="https://avatars.githubusercontent.com/u/47735043?s=200&v=4" alt="backup" height="35" width="35"/> </a> </p>
 
 Plus, manage docker containers with Portainer.
 
@@ -16,7 +16,7 @@ Plus, manage docker containers with Portainer.
 - [phpMyAdmin](https://hub.docker.com/r/phpmyadmin/phpmyadmin/)
 - [database](https://hub.docker.com/_/mariadb)
 - [redis](https://hub.docker.com/_/redis)
-- [backup](https://hub.docker.com/r/futurice/docker-volume-backup)
+- [backup](https://hub.docker.com/r/offen/docker-volume-backup)
 
 #### For certbot (letsencrypt) certificate:
 
@@ -257,20 +257,8 @@ The first authorize screen(htpasswd;username or password) and phpmyadmin login s
 
 ### backup
 
-This will back up the all files and folders, once per day, and write it to ./backups with a filename like backup-2022-02-07T16-51-56.tar.gz 
+This will back up the all files and folders in database/dump sql and html volumes, once per day, and write it to ./backups with a filename like backup-2023-01-01T10-18-00.tar.gz
 
-#### example for crontab file on the host machine
+#### can run on a custom cron schedule
 
-##### # old docker backup folder remove
-
-```
-50 23 * * * find ${DIRECTORY_PATH}/backups/backup* -type f -mtime +1 | xargs rm
-```
-
-##### # backup exclude cakephp, backups folders in ${DIRECTORY_PATH}
-
-```
-00 01 * * * tar -czvf ${DIRECTORY_PATH}/backups/'backup-example.com-'$(date +"\%Y-\%m-\%dT\%H-\%M-\%S")'.tar.gz' --exclude='cakephp/app' --exclude='backups' ${DIRECTORY_PATH}
-```
-
-[CronHowto](https://help.ubuntu.com/community/CronHowto)
+```BACKUP_CRON_EXPRESSION: '20 01 * * *'``` the UTC timezone.
diff --git a/cakephp/html/app_local.php.template b/cakephp/html/app_local.php.template
@@ -25,7 +25,7 @@
      *   You should treat it as extremely sensitive data.
      */
     'Security' => [
-        'salt' => env('SECURITY_SALT', '__SALT__'),
+        'salt' => env('SECURITY_SALT', '$RANDOM_VALUE'),
     ],
 
 	/*
@@ -61,10 +61,10 @@
              */
             //'port' => 'non_standard_port_number',
 
-            'username' => 'DB_USER',
-            'password' => 'DB_PASSWORD',
+            'username' => '${DB_USER}',
+            'password' => '${DB_PASSWORD}',
 
-            'database' => 'DB_NAME',
+            'database' => '${DB_NAME}',
             /*
              * If not using the default 'public' schema with the PostgreSQL driver
              * set it here.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -32,13 +32,16 @@ services:
             retries: 6
             start_period: 60s
         environment:
+            DB_USER: '${DB_USER}'
+            DB_PASSWORD: '${DB_PASSWORD}'
+            DB_NAME: '${DB_NAME}'
             TZ: '${LOCAL_TIMEZONE}'
         labels:            
             - 'docker-volume-backup.stop-during-backup=true'
         command: >
-            bash -c "apt-get -y update && apt-get install -y zip unzip libicu-dev && docker-php-ext-install pdo_mysql intl && if pecl install -p -- redis; then pecl install -o -f redis && rm -rf /tmp/pear && docker-php-ext-enable redis; fi; curl -sS https://getcomposer.org/installer | php && mv composer.phar /usr/local/bin/composer 
-            && if [ -f \"/app/basic/config/app_local.php\" ]; then composer update --prefer-dist cakephp/cakephp:~4.0 --working-dir=/app/basic --no-interaction --ignore-platform-req=ext-intl; else composer create-project --prefer-dist cakephp/app:~4.0 basic --working-dir=/app --no-interaction --ignore-platform-req=ext-intl; fi 
-            && sed \"s/DB_USER/${DB_USER}/;s/DB_PASSWORD/${DB_PASSWORD}/;s/DB_NAME/${DB_NAME}/;s/__SALT__/$$(tr -dc '[:alnum:]' </dev/urandom | head -c 32)/\" ${WEBSERVER_DOC_ROOT}/app_local.php > /app/basic/config/app_local.php; 
+            bash -c "apt-get -y update && apt-get install -y zip unzip libicu-dev gettext-base && docker-php-ext-install pdo_mysql intl && if pecl install -p -- redis; then pecl install -o -f redis && rm -rf /tmp/pear && docker-php-ext-enable redis; fi; curl -sS https://getcomposer.org/installer | php && mv composer.phar /usr/local/bin/composer && 
+            if [ -f \"/app/basic/config/app_local.php\" ]; then composer update --prefer-dist cakephp/cakephp:~4.0 --working-dir=/app/basic --no-interaction --ignore-platform-req=ext-intl; else composer create-project --prefer-dist cakephp/app:~4.0 basic --working-dir=/app --no-interaction --ignore-platform-req=ext-intl; fi && 
+            export RANDOM_VALUE=$(tr -dc '[:alnum:]' </dev/urandom | head -c 32) && envsubst '$${DB_USER},$${DB_PASSWORD},$${DB_NAME},$$RANDOM_VALUE' < ${WEBSERVER_DOC_ROOT}/app_local.php.template > /app/basic/config/app_local.php && 
             grep -qe 'date.timezone = ${LOCAL_TIMEZONE}' ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini || echo 'date.timezone = ${LOCAL_TIMEZONE}' >> ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini; php-fpm"
 
     webserver:
@@ -99,6 +102,7 @@ services:
             - backend
             - frontend
         volumes:
+            - 'phpmyadmin:${WEBSERVER_DOC_ROOT}/sql'
             - type: bind
               source: ./phpmyadmin/apache2/sites-available/default-ssl.conf
               target: '${APACHE_CONFDIR_PREFIX}/sites-available/default-ssl.conf'            
@@ -119,10 +123,10 @@ services:
         restart: unless-stopped
         ports:
             - '9090:443'
-        #links:
-        #    - database
+        links:
+            - database
         environment:
-            #PMA_HOST: database
+            PMA_HOST: 'database'
             PMA_PMADB: 'phpmyadmin'
             PMA_CONTROLUSER: '${PMA_CONTROLUSER}'
             PMA_CONTROLPASS: '${PMA_CONTROLPASS}'
@@ -131,7 +135,7 @@ services:
             MEMORY_LIMIT: '${PMA_MEMORY_LIMIT}'
             TZ: '${LOCAL_TIMEZONE}'
         command: >
-            bash -c "echo ${PMA_HTPASSWD_USERNAME}:phpmyadmin:$$( printf \"%s:%s:%s\" \"${PMA_HTPASSWD_USERNAME}\" \"phpmyadmin\" \"${PMA_HTPASSWD_PASSWORD}\" | md5sum | awk '{print $$1}' ) > ${PMA_CONF_FOLDER}/.htpasswd 
+            bash -c "apt-get -y update && apt-get install -y gettext-base && envsubst < ${WEBSERVER_DOC_ROOT}/sql/create_tables.sql.template > ${WEBSERVER_DOC_ROOT}/sql/create_tables.sql && echo ${PMA_HTPASSWD_USERNAME}:phpmyadmin:$$( printf \"%s:%s:%s\" \"${PMA_HTPASSWD_USERNAME}\" \"phpmyadmin\" \"${PMA_HTPASSWD_PASSWORD}\" | md5sum | awk '{print $$1}' ) > ${PMA_CONF_FOLDER}/.htpasswd 
             && printf 'AuthType Digest\\nAuthName \"phpmyadmin\"\\nAuthDigestProvider file\\nAuthUserFile ${PMA_CONF_FOLDER}/.htpasswd\\nRequire valid-user\\n' > ${WEBSERVER_DOC_ROOT}/.htaccess && a2enmod auth_digest; 
             mkdir -p ${WEBSERVER_DOC_ROOT}/../upload && chown www-data:www-data ${WEBSERVER_DOC_ROOT}/../upload && chmod a+w ${WEBSERVER_DOC_ROOT}/../upload; mkdir -p ${WEBSERVER_DOC_ROOT}/../save && chown www-data:www-data ${WEBSERVER_DOC_ROOT}/../save && chmod a+w ${WEBSERVER_DOC_ROOT}/../save; 
             grep -qxF 'ServerName 127.0.0.1' ${APACHE_CONFDIR_PREFIX}/apache2.conf || echo -e '\\nServerName 127.0.0.1' >> ${APACHE_CONFDIR_PREFIX}/apache2.conf; grep -qe 'date.timezone = ${LOCAL_TIMEZONE}' ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini || echo 'date.timezone = ${LOCAL_TIMEZONE}' >> ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini; 
@@ -144,9 +148,11 @@ services:
             - backend
         volumes:
             - 'db:/var/lib/mysql'
+            - 'db-backup-data:/tmp/backup'
             - type: bind
               source: ./database/conf.d/z-mysql.cnf
               target: '${MYSQL_CONF_PREFIX}/z-mysql.cnf'
+            - 'phpmyadmin:/docker-entrypoint-initdb.d'
         hostname: database
         restart: unless-stopped
         ports:
@@ -161,6 +167,8 @@ services:
             TZ: '${LOCAL_TIMEZONE}'
         labels:            
             - "docker-volume-backup.stop-during-backup=true"
+            - "docker-volume-backup.archive-pre=/bin/sh -c 'mysqldump -uroot -p${MYSQL_ROOT_PASSWORD} --all-databases > /tmp/backup/db_backup_data.sql'"
+            - "docker-volume-backup.exec-label=database"
         command: "--character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --default-authentication-plugin=mysql_native_password"
     
     redis:
@@ -185,24 +193,26 @@ services:
         command: "redis-server ${REDIS_CONF_PREFIX}/redis/redis.conf"
         
     backup:
-        image: 'futurice/docker-volume-backup'
+        image: offen/docker-volume-backup:latest
         container_name: backup
         networks:
             - backend
         volumes:
-            - '/var/run/docker.sock:/var/run/docker.sock:ro'
             - 'html:/backup/html:ro'
             - 'db:/backup/db:ro'
+            - 'db-backup-data:/backup/db-backup-data:ro'
+            - '/var/run/docker.sock:/var/run/docker.sock:ro'
             - type: bind
               source: ./backups
               target: /archive
         hostname: backup
         restart: unless-stopped
         environment:
-            BACKUP_WAIT_SECONDS: 120
             BACKUP_CRON_EXPRESSION: '20 01 * * *'
             BACKUP_FILENAME: 'backup-%Y-%m-%dT%H-%M-%S.tar.gz'
-            TZ: '${LOCAL_TIMEZONE}'    
+            BACKUP_RETENTION_DAYS: '7'
+            EXEC_LABEL: 'database'
+            #BACKUP_EXCLUDE_REGEXP: 'folder|folder|file|\\.log$$'    
 
 networks:
     backend: null
@@ -225,6 +235,15 @@ volumes:
             o: bind
     db:
         name: ${DATABASE_CONT_NAME}-data
+    db-backup-data:
+        name: ${DATABASE_CONT_NAME}-backup-data
+    phpmyadmin:
+        name: phpmyadmin-sql
+        driver: local
+        driver_opts:
+            type: none
+            device: ${DIRECTORY_PATH}/phpmyadmin/sql
+            o: bind
     dtredis:
         name: redis-data
     certbot-etc:
diff --git a/phpmyadmin/config.user.inc.php b/phpmyadmin/config.user.inc.php
@@ -9,4 +9,3 @@
 
 $cfg['CheckConfigurationPermissions'] = false;
 $cfg['ShowPhpInfo'] = true;
-$cfg['Servers'][1]['host'] = 'database';
diff --git a/phpmyadmin/sql/create_tables.sql.template b/phpmyadmin/sql/create_tables.sql.template

Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,3 @@`
`9`	`9`
`10`	`10`	`$cfg['CheckConfigurationPermissions'] = false;`
`11`	`11`	`$cfg['ShowPhpInfo'] = true;`
`12`		`-$cfg['Servers'][1]['host'] = 'database';`