diff --git a/scripts/install.sh b/scripts/install.sh index ed627e517d..48713debf8 100644 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -51,8 +51,14 @@ then fi docker pull bitwarden/setup:$COREVERSION -docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ - dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS -corev $COREVERSION -webv $WEBVERSION +if [ $OS == "lin" ] +then + docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION -e LOCAL_UID=`id -u $USER` \ + dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS -corev $COREVERSION -webv $WEBVERSION +else + docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ + dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS -corev $COREVERSION -webv $WEBVERSION +fi echo "" echo "Setup complete" diff --git a/scripts/run.sh b/scripts/run.sh index 260e7810fd..4ce9e2f559 100644 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -68,28 +68,49 @@ function updateLetsEncrypt() { if [ -d "${OUTPUT_DIR}/letsencrypt/live" ] then docker pull certbot/certbot - docker run -i --rm --name certbot -p 443:443 -p 80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \ + docker run -i --rm --name certbot -p 443:443 -p 80:80 \ + -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \ renew --logs-dir /etc/letsencrypt/logs fi } function updateDatabase() { pullSetup - docker run -i --rm --name setup --network container:bitwarden-mssql -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ - dotnet Setup.dll -update 1 -db 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + if [ $OS == "lin" ] + then + docker run -i --rm --name setup --network container:bitwarden-mssql \ + -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION -e LOCAL_UID=`id -u $USER` \ + dotnet Setup.dll -update 1 -db 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + else + docker run -i --rm --name setup --network container:bitwarden-mssql \ + -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ + dotnet Setup.dll -update 1 -db 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + fi echo "Database update complete" } function update() { pullSetup - docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ - dotnet Setup.dll -update 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + if [ $OS == "lin" ] + then + docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION -e LOCAL_UID=`id -u $USER` \ + dotnet Setup.dll -update 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + else + docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ + dotnet Setup.dll -update 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + fi } function printEnvironment() { pullSetup - docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ - dotnet Setup.dll -printenv 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + if [ $OS == "lin" ] + then + docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION -e LOCAL_UID=`id -u $USER` \ + dotnet Setup.dll -printenv 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + else + docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ + dotnet Setup.dll -printenv 1 -os $OS -corev $COREVERSION -webv $WEBVERSION + fi } function restart() { diff --git a/src/Admin/Dockerfile b/src/Admin/Dockerfile index 0958b2648b..a6777733da 100644 --- a/src/Admin/Dockerfile +++ b/src/Admin/Dockerfile @@ -1,5 +1,10 @@ FROM microsoft/aspnetcore:2.0.5 +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + gosu \ +&& rm -rf /var/lib/apt/lists/* + ENV ASPNETCORE_URLS http://+:5000 WORKDIR /app EXPOSE 5000 @@ -7,12 +12,6 @@ COPY obj/Docker/publish . COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && chown -R bitwarden:bitwarden /app \ - && mkdir -p /etc/bitwarden/core \ - && chown -R bitwarden:bitwarden /etc/bitwarden \ - && chmod +x /entrypoint.sh \ - && chown bitwarden:bitwarden /entrypoint.sh + && chmod +x /entrypoint.sh -USER bitwarden ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Admin/entrypoint.sh b/src/Admin/entrypoint.sh index 38703b5226..5a24189f28 100644 --- a/src/Admin/entrypoint.sh +++ b/src/Admin/entrypoint.sh @@ -1,3 +1,9 @@ #!/bin/sh -dotnet /app/Admin.dll +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +chown -R bitwarden:bitwarden /app +mkdir -p /etc/bitwarden/core +chown -R bitwarden:bitwarden /etc/bitwarden + +gosu bitwarden:bitwarden dotnet /app/Admin.dll diff --git a/src/Api/Dockerfile b/src/Api/Dockerfile index 6fadf02699..6d64d762d2 100644 --- a/src/Api/Dockerfile +++ b/src/Api/Dockerfile @@ -14,16 +14,9 @@ COPY obj/Docker/publish/Jobs /jobs COPY entrypoint.sh / RUN mv /jobs/crontab /etc/cron.d/bitwarden-cron \ - && chmod 0644 /etc/cron.d/bitwarden-cron \ - && touch /var/log/cron.log + && chmod 0644 /etc/cron.d/bitwarden-cron RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && chown -R bitwarden:bitwarden /app \ - && chown -R bitwarden:bitwarden /jobs \ - && mkdir -p /etc/bitwarden/core \ - && chown -R bitwarden:bitwarden /etc/bitwarden \ - && chmod +x /entrypoint.sh \ - && chown bitwarden:bitwarden /entrypoint.sh + && chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Api/entrypoint.sh b/src/Api/entrypoint.sh index 7dca9d7472..3340be248c 100644 --- a/src/Api/entrypoint.sh +++ b/src/Api/entrypoint.sh @@ -1,5 +1,14 @@ #!/bin/sh +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +touch /var/log/cron.log +chown bitwarden:bitwarden /var/log/cron.log +chown -R bitwarden:bitwarden /app +chown -R bitwarden:bitwarden /jobs +mkdir -p /etc/bitwarden/core +chown -R bitwarden:bitwarden /etc/bitwarden + env >> /etc/environment cron diff --git a/src/Icons/Dockerfile b/src/Icons/Dockerfile index c39c619825..3a9f045af2 100644 --- a/src/Icons/Dockerfile +++ b/src/Icons/Dockerfile @@ -3,6 +3,7 @@ FROM microsoft/aspnetcore:2.0.5 RUN apt-get update \ && apt-get install -y --no-install-recommends \ unzip \ + gosu \ && rm -rf /var/lib/apt/lists/* WORKDIR /tmp @@ -19,11 +20,6 @@ COPY obj/Docker/publish . COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && chown -R bitwarden:bitwarden /app \ - && chown -R bitwarden:bitwarden /etc/iconserver \ - && chmod +x /entrypoint.sh \ - && chown bitwarden:bitwarden /entrypoint.sh + && chmod +x /entrypoint.sh -USER bitwarden ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Icons/entrypoint.sh b/src/Icons/entrypoint.sh index 6e716551ba..e018a0619f 100644 --- a/src/Icons/entrypoint.sh +++ b/src/Icons/entrypoint.sh @@ -1,4 +1,9 @@ #!/bin/sh -/etc/iconserver/iconserver & -dotnet /app/Icons.dll iconsSettings:bestIconBaseUrl=http://localhost:8080 +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +chown -R bitwarden:bitwarden /app +chown -R bitwarden:bitwarden /etc/iconserver + +gosu bitwarden:bitwarden /etc/iconserver/iconserver & +gosu bitwarden:bitwarden dotnet /app/Icons.dll iconsSettings:bestIconBaseUrl=http://localhost:8080 diff --git a/src/Identity/Dockerfile b/src/Identity/Dockerfile index 42670f1f07..a2aea30c73 100644 --- a/src/Identity/Dockerfile +++ b/src/Identity/Dockerfile @@ -1,5 +1,10 @@ FROM microsoft/aspnetcore:2.0.5 +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + gosu \ + && rm -rf /var/lib/apt/lists/* + ENV ASPNETCORE_URLS http://+:5000 WORKDIR /app EXPOSE 5000 @@ -7,13 +12,6 @@ COPY obj/Docker/publish . COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && chown -R bitwarden:bitwarden /app \ - && mkdir -p /etc/bitwarden/identity \ - && mkdir -p /etc/bitwarden/core \ - && chown -R bitwarden:bitwarden /etc/bitwarden \ - && chmod +x /entrypoint.sh \ - && chown bitwarden:bitwarden /entrypoint.sh + && chmod +x /entrypoint.sh -USER bitwarden ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Identity/entrypoint.sh b/src/Identity/entrypoint.sh index 7359bfb8f5..bdd40c6017 100644 --- a/src/Identity/entrypoint.sh +++ b/src/Identity/entrypoint.sh @@ -1,4 +1,12 @@ #!/bin/sh +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +mkdir -p /etc/bitwarden/identity +mkdir -p /etc/bitwarden/core +chown -R bitwarden:bitwarden /etc/bitwarden + cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx -dotnet /app/Identity.dll +chown -R bitwarden:bitwarden /app + +gosu bitwarden:bitwarden dotnet /app/Identity.dll diff --git a/util/Attachments/Dockerfile b/util/Attachments/Dockerfile index ce41cdf2b4..e9e2a5401f 100644 --- a/util/Attachments/Dockerfile +++ b/util/Attachments/Dockerfile @@ -1,16 +1,15 @@ FROM bitwarden/server +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + gosu \ +&& rm -rf /var/lib/apt/lists/* + ENV ASPNETCORE_URLS http://+:5000 EXPOSE 5000 COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && chown -R bitwarden:bitwarden /bitwarden_server \ - && mkdir -p /etc/bitwarden/core/attachments \ - && chown -R bitwarden:bitwarden /etc/bitwarden \ - && chmod +x /entrypoint.sh \ - && chown bitwarden:bitwarden /entrypoint.sh + && chmod +x /entrypoint.sh -USER bitwarden ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/Attachments/entrypoint.sh b/util/Attachments/entrypoint.sh index 2561b22f88..fd0805f4e6 100644 --- a/util/Attachments/entrypoint.sh +++ b/util/Attachments/entrypoint.sh @@ -1,3 +1,10 @@ #!/bin/sh -dotnet /bitwarden_server/Server.dll /contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +chown -R bitwarden:bitwarden /bitwarden_server +mkdir -p /etc/bitwarden/core/attachments +chown -R bitwarden:bitwarden /etc/bitwarden + +gosu bitwarden:bitwarden dotnet /bitwarden_server/Server.dll \ + /contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true diff --git a/util/MsSql/Dockerfile b/util/MsSql/Dockerfile index 28ffe38b4a..85a32c36cf 100644 --- a/util/MsSql/Dockerfile +++ b/util/MsSql/Dockerfile @@ -6,26 +6,14 @@ RUN apt-get update \ gosu \ && rm -rf /var/lib/apt/lists/* -RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden +RUN groupadd -g 999 bitwarden COPY crontab /etc/cron.d/bitwarden-cron -RUN chmod 0644 /etc/cron.d/bitwarden-cron \ - && touch /var/log/cron.log \ - && chown bitwarden:bitwarden /var/log/cron.log - +RUN chmod 0644 /etc/cron.d/bitwarden-cron COPY backup-db.sql / COPY backup-db.sh / COPY entrypoint.sh / -RUN mkdir -p /etc/bitwarden/mssql/backups \ - && chown -R bitwarden:bitwarden /etc/bitwarden \ - && mkdir -p /var/opt/mssql/data \ - && chown -R bitwarden:bitwarden /var/opt/mssql \ - && chmod +x /entrypoint.sh \ - && chmod +x /backup-db.sh \ - && chown bitwarden:bitwarden /entrypoint.sh \ - && chown bitwarden:bitwarden /backup-db.sh \ - && chown bitwarden:bitwarden /backup-db.sql - +RUN chmod +x /entrypoint.sh \ + && chmod +x /backup-db.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/MsSql/entrypoint.sh b/util/MsSql/entrypoint.sh index 00fb8a97c5..36d324f63c 100644 --- a/util/MsSql/entrypoint.sh +++ b/util/MsSql/entrypoint.sh @@ -1,7 +1,17 @@ #!/bin/sh +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +touch /var/log/cron.log +chown bitwarden:bitwarden /var/log/cron.log +mkdir -p /etc/bitwarden/mssql/backups +chown -R bitwarden:bitwarden /etc/bitwarden +mkdir -p /var/opt/mssql/data +chown -R bitwarden:bitwarden /var/opt/mssql +chown bitwarden:bitwarden /backup-db.sh +chown bitwarden:bitwarden /backup-db.sql + env >> /etc/environment cron -chown -R bitwarden:bitwarden /var/opt/mssql gosu bitwarden:bitwarden /opt/mssql/bin/sqlservr diff --git a/util/Nginx/Dockerfile b/util/Nginx/Dockerfile index 0ed9b32495..43801113fd 100644 --- a/util/Nginx/Dockerfile +++ b/util/Nginx/Dockerfile @@ -1,25 +1,16 @@ FROM nginx:1.12 +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + gosu \ +&& rm -rf /var/lib/apt/lists/* + COPY nginx.conf /etc/nginx COPY proxy.conf /etc/nginx COPY mime.types /etc/nginx COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && mkdir -p /etc/bitwarden/nginx \ - && chown -R bitwarden:bitwarden /etc/bitwarden \ - && mkdir /etc/letsencrypt \ - && chown -R bitwarden:bitwarden /etc/letsencrypt \ - && mkdir /etc/ssl \ - && chown -R bitwarden:bitwarden /etc/ssl \ - && chmod +x /entrypoint.sh \ - && chown bitwarden:bitwarden /entrypoint.sh \ - && touch /var/run/nginx.pid \ - && touch /etc/nginx/conf.d/default.conf \ - && chown bitwarden:bitwarden /var/run/nginx.pid \ - && chown bitwarden:bitwarden /etc/nginx/conf.d/default.conf \ - && chown -R bitwarden:bitwarden /var/cache/nginx + && chmod +x /entrypoint.sh -USER bitwarden ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/Nginx/entrypoint.sh b/util/Nginx/entrypoint.sh index 05f7b1079d..cb2c8f312d 100644 --- a/util/Nginx/entrypoint.sh +++ b/util/Nginx/entrypoint.sh @@ -1,4 +1,15 @@ #!/usr/bin/env bash +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +chown -R bitwarden:bitwarden /etc/bitwarden cp /etc/bitwarden/nginx/default.conf /etc/nginx/conf.d/default.conf -nginx -g 'daemon off;' +mkdir -p /etc/letsencrypt +chown -R bitwarden:bitwarden /etc/letsencrypt +mkdir -p /etc/ssl +chown -R bitwarden:bitwarden /etc/ssl +touch /var/run/nginx.pid +chown bitwarden:bitwarden /var/run/nginx.pid +chown -R bitwarden:bitwarden /var/cache/nginx + +gosu bitwarden:bitwarden nginx -g 'daemon off;' diff --git a/util/Setup/.dockerignore b/util/Setup/.dockerignore index d8f8175f6c..7e37ce5d99 100644 --- a/util/Setup/.dockerignore +++ b/util/Setup/.dockerignore @@ -1,3 +1,4 @@ * !obj/Docker/publish/* !obj/Docker/empty/ +!entrypoint.sh diff --git a/util/Setup/DockerComposeBuilder.cs b/util/Setup/DockerComposeBuilder.cs index ed0108cd82..d97b4a99d0 100644 --- a/util/Setup/DockerComposeBuilder.cs +++ b/util/Setup/DockerComposeBuilder.cs @@ -108,6 +108,7 @@ services: - ../mssql/backups:/etc/bitwarden/mssql/backups env_file: - mssql.env + - ../env/uid.env - ../env/mssql.override.env web: @@ -116,6 +117,8 @@ services: restart: always volumes: - ../web:/etc/bitwarden/web + env_file: + - ../env/uid.env attachments: image: bitwarden/attachments:{CoreVersion} @@ -123,6 +126,8 @@ services: restart: always volumes: - ../core/attachments:/etc/bitwarden/core/attachments + env_file: + - ../env/uid.env api: image: bitwarden/api:{CoreVersion} @@ -132,6 +137,7 @@ services: - ../core:/etc/bitwarden/core env_file: - global.env + - ../env/uid.env - ../env/global.override.env identity: @@ -143,6 +149,7 @@ services: - ../core:/etc/bitwarden/core env_file: - global.env + - ../env/uid.env - ../env/global.override.env admin: @@ -153,12 +160,15 @@ services: - ../core:/etc/bitwarden/core env_file: - global.env + - ../env/uid.env - ../env/global.override.env icons: image: bitwarden/icons:{CoreVersion} container_name: bitwarden-icons restart: always + env_file: + - ../env/uid.env nginx: image: bitwarden/nginx:{CoreVersion} @@ -170,7 +180,9 @@ services: volumes: - ../nginx:/etc/bitwarden/nginx - ../letsencrypt:/etc/letsencrypt - - ../ssl:/etc/ssl"); + - ../ssl:/etc/ssl + env_file: + - ../env/uid.env"); if(MssqlDataDockerVolume) { diff --git a/util/Setup/Dockerfile b/util/Setup/Dockerfile index d8ffa49ae6..5b96635520 100644 --- a/util/Setup/Dockerfile +++ b/util/Setup/Dockerfile @@ -3,15 +3,14 @@ FROM microsoft/dotnet:2.0.5-runtime RUN apt-get update \ && apt-get install -y --no-install-recommends \ openssl \ + gosu \ && rm -rf /var/lib/apt/lists/* WORKDIR /app COPY obj/Docker/publish . +COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \ - && useradd -r -u 999 -g bitwarden bitwarden \ - && chown -R bitwarden:bitwarden /app \ - && mkdir /bitwarden \ - && chown -R bitwarden:bitwarden /bitwarden + && chmod +x /entrypoint.sh -USER bitwarden +ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/Setup/EnvironmentFileBuilder.cs b/util/Setup/EnvironmentFileBuilder.cs index 7d5f30c272..1b8f04e71e 100644 --- a/util/Setup/EnvironmentFileBuilder.cs +++ b/util/Setup/EnvironmentFileBuilder.cs @@ -164,6 +164,9 @@ SA_PASSWORD=SECRET } Helpers.Exec("chmod 600 /bitwarden/env/mssql.override.env"); + + using(var sw = File.CreateText("/bitwarden/env/uid.env")) + { } } } } diff --git a/util/Setup/entrypoint.sh b/util/Setup/entrypoint.sh new file mode 100644 index 0000000000..e6e5761728 --- /dev/null +++ b/util/Setup/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +useradd -r -u ${LOCAL_UID:-999} -g bitwarden bitwarden + +chown -R bitwarden:bitwarden /app +mkdir -p /bitwarden/env +mkdir -p /bitwarden/docker +mkdir -p /bitwarden/ssl +mkdir -p /bitwarden/letsencrypt +mkdir -p /bitwarden/identity +mkdir -p /bitwarden/nginx +chown -R bitwarden:bitwarden /bitwarden + +exec /usr/local/bin/gosu bitwarden:bitwarden "$@"