v2.0.2: Mac permissions issues + README update (#42)

Julien Neuhart · web-flow · commit c540cf0f721e · 2017-08-30T15:44:28.000+02:00
* fixing issues permissions on Mac: closes #41 * updating README: closes #39
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 <h3 align="center">kickoff-docker-php</h3>
 <p align="center">A complete stack for your PHP project powered by Docker</p>
 <p align="center">
-    <a href="https://github.com/thecodingmachine/kickoff-docker-php/tree/v2.0.1"><img src="https://img.shields.io/badge/stable-v2.0.1-green.svg" alt="Stable release: v2.0.1"></a>
+    <a href="https://github.com/thecodingmachine/kickoff-docker-php/tree/v2.0.2"><img src="https://img.shields.io/badge/stable-v2.0.2-green.svg" alt="Stable release: v2.0.2"></a>
     <a href="https://github.com/thecodingmachine/kickoff-docker-php/tree/master"><img src="https://img.shields.io/badge/unstable-master-orange.svg" alt="Unstable release: master"></a>
     <a href="https://travis-ci.org/thecodingmachine/kickoff-docker-php"><img src="https://img.shields.io/travis/thecodingmachine/kickoff-docker-php.svg?label=Travis+CI" alt="Travis CI"></a>
 </p>
@@ -302,6 +302,9 @@ it will ask you the MySQL `root` password
 using `127.0.0.1` (or your server IP) as host and the port defined in the variable `MYSQL_HOST_PORT_TO_MAP` in your
 `.env` file
 
+**Note:** On `production` environments, we strongly advise to not put the MySQL port on a public facing port. 
+This should be used only in others environments.
+
 #### Configuration
 
 | Variable                   | Location             | Description                                                                                                                                                                               |
@@ -377,6 +380,9 @@ Once done, move to the `staging` environment project folder, and update the foll
 * If `MYSQL_ENABLE_PORTS_MAPPING=true` on both your environments, update `MYSQL_HOST_PORT_TO_MAP` in your `staging` 
 environment to another port than the one used by your `production` environment
 
+**Reminder:** On `production` environments, we strongly advise to not put the MySQL port on a public facing port. 
+This should be used only in others environments.
+
 Last but not least, start your `staging` environment by running `orbit run build up`.
 
 **Note:** don't run `kickoff` command, as we only want one Traefik container! 
diff --git a/config/.env.blueprint b/config/.env.blueprint
@@ -142,6 +142,10 @@ MYSQL_ROOT_PASSWORD=admin
 # | If true, it will map the port 3306 of the MySQL container with the host
 # | port defined below.
 # |
+# | On "production" environments, we strongly advise to not put the MySQL
+# | port on a public facing port. This should be used only in others
+# | environments.
+# |
 
 MYSQL_ENABLE_PORTS_MAPPING=true
 MYSQL_HOST_PORT_TO_MAP=3307
diff --git a/config/orbit/orbit-build.yml b/config/orbit/orbit-build.yml
@@ -21,6 +21,7 @@ commands:
     run:
       {{ if eq "true" .EnvFiles.Config.ENABLE_DOCKER_SYNC }}
       - orbit generate -t docker-sync.blueprint.yml -o docker-sync.yml -v Project,config/project.yml -e Config,config/.env
+      - orbit run script-fix-permissions-docker-sync -c config/orbit/orbit-scripts.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
       {{ else if eq "windows" .Os }}
       - cmd.exe /c echo Skipping Docker Sync configuration file generation ...
       {{ else }}
@@ -81,7 +82,7 @@ commands:
   - use: "php-fpm-build"
     run:
       - orbit generate -t modules/php-fpm/docker-compose.blueprint.yml -o modules/php-fpm/docker-compose.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
-      - orbit run script-linux-fix-permissions-php-fpm -c config/orbit/orbit-scripts.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
+      - orbit run script-fix-permissions-php-fpm -c config/orbit/orbit-scripts.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
       - orbit generate -t modules/php-fpm/conf.d/memory-limit.blueprint.ini -o modules/php-fpm/conf.d/memory-limit.ini -e Config,config/.env
       - orbit generate -t modules/php-fpm/php-fpm.d/memory-limit.blueprint.conf -o modules/php-fpm/php-fpm.d/memory-limit.conf -e Config,config/.env
       - orbit generate -t modules/php-fpm/php-fpm.d/security.blueprint.conf -o modules/php-fpm/php-fpm.d/security.conf -e Config,config/.env
@@ -98,7 +99,7 @@ commands:
   - use: "nginx-build"
     run:
       - orbit generate -t modules/nginx/docker-compose.blueprint.yml -o modules/nginx/docker-compose.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
-      - orbit run script-linux-fix-permissions-nginx -c config/orbit/orbit-scripts.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
+      - orbit run script-fix-permissions-nginx -c config/orbit/orbit-scripts.yml -v Project,config/project.yml;Modules,config/modules.yml -e Config,config/.env
       - docker-compose -p {{ .EnvFiles.Config.ENV }}{{ .Values.Project.name }} -f modules/nginx/docker-compose.yml build
 
   # |--------------------------------------------------------------------------
diff --git a/config/orbit/orbit-scripts.yml b/config/orbit/orbit-scripts.yml
@@ -11,38 +11,51 @@
 commands:
 
   # |--------------------------------------------------------------------------
-  # | orbit run script-linux-fix-permissions-nginx
+  # | orbit run script-fix-permissions-docker-sync
   # |--------------------------------------------------------------------------
   # |
-  # | Fixes "www-data" permissions issues on Linux for NGINX.
+  # | Fixes "www-data" permissions issues with Docker Sync.
   # |
 
-  - use: "script-linux-fix-permissions-nginx"
+  - use: "script-fix-permissions-docker-sync"
     run:
-      {{ if eq "linux" .Os }}
-      - /bin/bash config/scripts/linux-fix-permissions.sh NGINX
+      {{ if and (ne "windows" .Os) (eq "true" .EnvFiles.Config.ENABLE_DOCKER_SYNC) }}
+      - /bin/bash config/scripts/fix-permissions.sh
       {{ else if eq "windows" .Os }}
-      - cmd.exe /c echo Skipping for "www-data" permissions issues on Linux for NGINX container ...
+      - cmd.exe /c echo Skipping UID binding for "www-data" user with Docker Sync ...
       {{ else }}
-      - echo Skipping fix for "www-data" permissions issues on Linux for NGINX container ...
+      - echo Skipping UID binding for "www-data" with Docker Sync ...
       {{ end }}
 
   # |--------------------------------------------------------------------------
-  # | orbit run script-linux-fix-permissions-php-fpm
+  # | orbit run script-fix-permissions-nginx
   # |--------------------------------------------------------------------------
   # |
-  # | Fixes "www-data" permissions issues on Linux for PHP-FPM.
+  # | Fixes "www-data" permissions issues in the NGINX container.
   # |
 
-  - use: "script-linux-fix-permissions-php-fpm"
+  - use: "script-fix-permissions-nginx"
     run:
-      {{ if eq "linux" .Os }}
-      - /bin/bash config/scripts/linux-fix-permissions.sh PHP-FPM
-      {{ else if eq "windows" .Os }}
-      - cmd.exe /c echo Skipping for "www-data" permissions issues on Linux for PHP-FPM container ...
-      {{ else }}
-      - echo Skipping fix for "www-data" permissions issues on Linux for PHP-FPM container ...
-      {{ end }}
+       {{ if ne "windows" .Os }}
+       - /bin/bash config/scripts/fix-permissions.sh NGINX
+       {{ else }}
+       - cmd.exe /c echo Skipping UID binding for "www-data" user in the NGINX container ...
+       {{ end }}
+
+  # |--------------------------------------------------------------------------
+  # | orbit run script-fix-permissions-php-fpm
+  # |--------------------------------------------------------------------------
+  # |
+  # | Fixes "www-data" permissions issues in the PHP-FPM container.
+  # |
+
+  - use: "script-fix-permissions-php-fpm"
+    run:
+       {{ if ne "windows" .Os }}
+       - /bin/bash config/scripts/fix-permissions.sh PHP-FPM
+       {{ else }}
+       - cmd.exe /c echo Skipping UID binding for "www-data" user in the PHP-FPM container ...
+       {{ end }}
 
   # |--------------------------------------------------------------------------
   # | orbit run script-traefik-self-signed-certificate
diff --git a/config/scripts/fix-permissions.sh b/config/scripts/fix-permissions.sh
@@ -8,17 +8,18 @@ sedi()
     sed --version >/dev/null 2>&1 && sed -i -- "$@" || sed -i "" "$@";
 }
 
-# permissions issues workaround for Linux
+# permissions issues workaround
 NEW_UID=$(id -u);
-NEW_GID=$(id -g);
-echo "Setting UID ($NEW_UID) and GID ($NEW_GID) to \"www-data\" user in $1 container ...";
 
 if [ "$1" == "NGINX" ]; then
+    echo "Setting UID ($NEW_UID) to \"www-data\" user in $1 container ...";
     sedi "s/\${UID}/$NEW_UID/g" ${ROOT}/modules/nginx/docker-compose.yml;
-    sedi "s/\${GID}/$NEW_GID/g" ${ROOT}/modules/nginx/docker-compose.yml;
-else
+elif [ "$1" == "PHP-FPM" ]; then
+    echo "Setting UID ($NEW_UID) to \"www-data\" user in $1 container ...";
     sedi "s/\${UID}/$NEW_UID/g" ${ROOT}/modules/php-fpm/docker-compose.yml;
-    sedi "s/\${GID}/$NEW_GID/g" ${ROOT}/modules/php-fpm/docker-compose.yml;
+else
+    echo "Setting UID ($NEW_UID) to \"www-data\" user in Docker Sync configuration file ...";
+    sedi "s/\${UID}/$NEW_UID/g" ${ROOT}/docker-sync.yml;
 fi;
 
 exit 0;
diff --git a/docker-sync.blueprint.yml b/docker-sync.blueprint.yml
@@ -6,5 +6,6 @@ options:
 syncs:
   {{ .EnvFiles.Config.ENV }}{{ .Values.Project.name }}_sync_app:
     src: './app/'
+    sync_userid: ${UID}
     sync_strategy: {{ if eq "darwin" .Os }}'native_osx'{{ else }}'unison'{{ end }}
     sync_excludes: ['.idea']
diff --git a/modules/nginx/Dockerfile b/modules/nginx/Dockerfile
@@ -10,8 +10,7 @@ FROM nginx:1.12-alpine
 
 # 82 is the standard uid/gid for "www-data" in Alpine
 ARG UID=82
-ARG GID=82
 
-RUN addgroup -g $GID -S www-data &&\
+RUN addgroup -g 82 -S www-data &&\
     adduser -u $UID -D -S -G www-data www-data &&\
     rm /etc/nginx/conf.d/default.conf
diff --git a/modules/nginx/docker-compose.blueprint.yml b/modules/nginx/docker-compose.blueprint.yml
@@ -8,8 +8,7 @@ services:
     build:
       context: .
       args:
-        - UID={{ if eq "linux" .Os }}${UID}{{ else }}82{{ end }}
-        - GID={{ if eq "linux" .Os }}${GID}{{ else }}82{{ end }}
+        - UID={{ if ne "windows" .Os }}${UID}{{ else }}82{{ end }}
     container_name: {{ .EnvFiles.Config.ENV }}-{{ .Values.Project.name }}-nginx
     restart: {{ if and (ne "local" .EnvFiles.Config.ENV) (eq false .Values.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }}
     labels:
diff --git a/modules/php-fpm/docker-compose.blueprint.yml b/modules/php-fpm/docker-compose.blueprint.yml
@@ -12,8 +12,7 @@ services:
     networks:
       - backend
     environment:
-      - UID={{ if eq "linux" .Os }}${UID}{{ else }}82{{ end }}
-      - GID={{ if eq "linux" .Os }}${GID}{{ else }}82{{ end }}
+      - UID={{ if ne "windows" .Os }}${UID}{{ else }}82{{ end }}
     labels:
       - traefik.enable=false
     volumes:
diff --git a/modules/php-fpm/docker-entrypoint.sh b/modules/php-fpm/docker-entrypoint.sh
@@ -1,7 +1,6 @@
 #!/bin/sh
 
 usermod -u $UID www-data;
-groupmod -u $GID www-data;
 chown -R www-data:www-data /var/www/html;
 
 exec php-fpm;
