michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85e2360a905da35bca66d14d057cc10c804d072f
michaelschiemer/docker/php/docker-entrypoint.sh
Michael Schiemer 77abc65cd7
Some checks failed
Deploy Application / deploy (push) Has been cancelled
Details
fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...
2025-11-24 21:28:25 +01:00

64 lines
2.6 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
# This script runs as root to handle Docker volume mounting,
# then switches to appuser for security
# CRITICAL: Do NOT create ANY subdirectories under /var/www/html/storage!
# Docker needs to create the storage directory tree when mounting Named Volumes.
# Creating storage or any storage/* subdirectory here prevents Docker volume mounting.
# Only create directories that are NOT under storage/ and are NOT volume mount points
mkdir -p /var/www/html/var/cache \
/var/www/html/var/logs \
/var/www/html/cache
# Set correct ownership and permissions for appuser
# Volume mount points are created by Docker and will be owned by root initially
# We fix ownership AFTER Docker has mounted them
# Wait for Docker to finish mounting volumes
sleep 1
# NOW we can safely create non-volume storage subdirectories
# Docker has already mounted: storage/logs, storage/cache, storage/queue, storage/discovery, storage/uploads
# We create other directories that are NOT volume mounts:
mkdir -p /var/www/html/storage/analytics 2>/dev/null || true
mkdir -p /var/www/html/storage/sessions 2>/dev/null || true
# Fix ownership for all storage directories (including mounted volumes)
# WICHTIG: Cache-Verzeichnis ben?tigt 775 (Group-writable) f?r Multi-User/Process-Umgebungen
# F?r das L?schen von Cache-Dateien werden nur Verzeichnis-Rechte ben?tigt, nicht Datei-Rechte
if [ -d /var/www/html/storage ]; then
chown -R appuser:appuser /var/www/html/storage 2>/dev/null || true
chmod -R 775 /var/www/html/storage 2>/dev/null || true
fi
chown -R appuser:appuser /var/www/html/var 2>/dev/null || true
chown -R appuser:appuser /var/www/html/cache 2>/dev/null || true
chmod -R 775 /var/www/html/var 2>/dev/null || true
chmod -R 775 /var/www/html/cache 2>/dev/null || true
# Add appuser to docker group if docker socket exists (for Docker CLI access)
if [ -S /var/run/docker.sock ]; then
DOCKER_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo "")
if [ -n "$DOCKER_GID" ] && [ "$DOCKER_GID" != "0" ]; then
# Create docker group with correct GID if it doesn't exist
if ! getent group docker >/dev/null 2>&1; then
groupadd -g "$DOCKER_GID" docker 2>/dev/null || true
fi
# Add appuser to docker group
usermod -aG docker appuser 2>/dev/null || true
fi
fi
# For PHP-FPM, run as root and let it manage user switching internally
# PHP-FPM will drop privileges to the user specified in pool configuration
# For other commands (console.php, etc.), switch to appuser
if [ "$1" = "php-fpm" ]; then
exec "$@"
else
exec gosu appuser "$@"
fi
Reference in New Issue View Git Blame Copy Permalink