From e800219d73626b66a1c5485dfee3f3d9d5785f1e Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kspearrin@users.noreply.github.com>
Date: Thu, 5 Jan 2023 09:27:28 -0500
Subject: [PATCH] change unified to debian images (#2514)

* change to debian images

* add back sqlite connectionstring

* add back sqlite connection string

* Update docker-unified/entrypoint.sh

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>

* Update docker-unified/entrypoint.sh

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>

* update settings

* uid requires #

Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
---
 docker-unified/Dockerfile    | 33 ++++++++++++++-------------------
 docker-unified/entrypoint.sh | 20 ++++++++++----------
 docker-unified/settings.env  |  6 +++---
 3 files changed, 27 insertions(+), 32 deletions(-)

diff --git a/docker-unified/Dockerfile b/docker-unified/Dockerfile
index 3ccd12914..9d15f7eea 100644
--- a/docker-unified/Dockerfile
+++ b/docker-unified/Dockerfile
@@ -1,13 +1,14 @@
 ###############################################
 #                 Build stage                 #
 ###############################################
-FROM --platform=$BUILDPLATFORM alpine AS web-setup
+FROM --platform=$BUILDPLATFORM debian AS web-setup
 
 # Add packages
-RUN apk add --update-cache \
+RUN apt-get update && apt-get install -y \
     curl \
     jq \
-    && rm -rf /var/cache/apk/*
+    unzip \
+    && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /tmp
 
@@ -49,9 +50,6 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
     && echo "RID=$RID" > /tmp/rid.txt
 
 # Add packages
-# RUN apk add --update-cache \
-#     npm \
-#     && rm -rf /var/cache/apk/*
 RUN apt-get update && apt-get install -y \
     npm \
     && rm -rf /var/lib/apt/lists/*
@@ -172,7 +170,7 @@ RUN . /tmp/rid.txt && dotnet publish -c release -o /app/Scim --no-restore --no-s
 ###############################################
 #                  App stage                  #
 ###############################################
-FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine
+FROM mcr.microsoft.com/dotnet/aspnet:6.0
 ARG TARGETPLATFORM
 LABEL com.bitwarden.product="bitwarden"
 LABEL com.bitwarden.project="unified"
@@ -207,16 +205,15 @@ ENV globalSettings__logDirectoryByProject="false"
 ENV globalSettings__logRollBySizeLimit="1073741824"
 
 # Add packages
-RUN apk add --update-cache \
+RUN apt-get update && apt-get install -y \
     curl \
-    icu-libs \
     nginx \
     openssl \
-    su-exec \
     supervisor \
     tzdata \
     unzip \
-    && rm -rf /var/cache/apk/*
+    sudo \
+    && rm -rf /var/lib/apt/lists/*
 
 # Create required directories
 RUN mkdir -p /etc/bitwarden/attachments/send
@@ -227,6 +224,9 @@ RUN mkdir -p /etc/supervisor
 RUN mkdir -p /etc/supervisor.d
 RUN mkdir -p /var/log/bitwarden
 RUN mkdir -p /var/log/nginx/logs
+RUN mkdir -p /etc/nginx/http.d
+RUN mkdir -p /var/run/nginx
+RUN touch /var/run/nginx/nginx.pid
 RUN mkdir -p /app
 
 # Copy all apps from dotnet-build stage
@@ -256,9 +256,9 @@ COPY docker-unified/hbs/app-id.hbs /etc/hbs/
 COPY docker-unified/hbs/config.yaml /etc/hbs/
 
 # Download hbs tool for generating final configurations
-RUN if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_alpine-x64_dotnet.zip; fi
-RUN if [ "$TARGETPLATFORM" = "linux/arm/v7" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_alpine-armv7_dotnet.zip; fi
-RUN if [ "$TARGETPLATFORM" = "linux/arm64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_alpine-arm64_dotnet.zip; fi
+RUN if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-x64_dotnet.zip; fi
+RUN if [ "$TARGETPLATFORM" = "linux/arm/v7" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-armv7_dotnet.zip; fi
+RUN if [ "$TARGETPLATFORM" = "linux/arm64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-arm64_dotnet.zip; fi
 
 # Extract hbs
 RUN unzip hbs.zip -d /usr/local/bin && rm hbs.zip
@@ -268,11 +268,6 @@ RUN chmod +x /usr/local/bin/hbs
 COPY docker-unified/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
-# TODO: Remove after testing
-RUN apk add --update-cache \
-    vim \
-    && rm -rf /var/cache/apk/*
-
 VOLUME ["/etc/bitwarden"]
 
 WORKDIR /app
diff --git a/docker-unified/entrypoint.sh b/docker-unified/entrypoint.sh
index 39378b550..ee8caffcb 100755
--- a/docker-unified/entrypoint.sh
+++ b/docker-unified/entrypoint.sh
@@ -1,13 +1,12 @@
-#!/bin/sh
+#!/bin/bash
 
 # Set up user group
-GID="${GID:-1000}"
-addgroup -g $GID bitwarden
-GROUP_NAME=$(cat /etc/group | grep ":$GID:" | cut -d ':' -f 1)
+PGID="${PGID:-1000}"
+addgroup --gid $PGID bitwarden
 
 # Set up user
-UID="${UID:-1000}"
-adduser -s /bin/false -D -u $UID -G $GROUP_NAME bitwarden
+PUID="${PUID:-1000}"
+adduser --no-create-home --shell /bin/bash --disabled-password --uid $PUID --gid $PGID --gecos "" bitwarden
 
 # Translate environment variables for application settings
 VAULT_SERVICE_URI=https://$BW_DOMAIN
@@ -59,7 +58,7 @@ cp /etc/bitwarden/identity.pfx /app/Identity/identity.pfx
 cp /etc/bitwarden/identity.pfx /app/Sso/identity.pfx
 
 # Generate SSL certificates
-if [ "$BW_ENABLE_SSL" == "true" -a ! -f /etc/bitwarden/${BW_SSL_KEY:-ssl.key} ]; then
+if [ "$BW_ENABLE_SSL" = "true" -a ! -f /etc/bitwarden/${BW_SSL_KEY:-ssl.key} ]; then
   openssl req \
   -x509 \
   -newkey rsa:4096 \
@@ -70,7 +69,7 @@ if [ "$BW_ENABLE_SSL" == "true" -a ! -f /etc/bitwarden/${BW_SSL_KEY:-ssl.key} ];
   -out /etc/bitwarden/${BW_SSL_CERT:-ssl.crt} \
   -reqexts SAN \
   -extensions SAN \
-  -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:${BW_DOMAIN:-localhost}\nbasicConstraints=CA:true")) \
+  -config <(cat /usr/lib/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:${BW_DOMAIN:-localhost}\nbasicConstraints=CA:true")) \
   -subj "/C=US/ST=California/L=Santa Barbara/O=Bitwarden Inc./OU=Bitwarden/CN=${BW_DOMAIN:-localhost}"
 fi
 
@@ -89,7 +88,7 @@ sed -i "s/autostart=true/autostart=${BW_ENABLE_NOTIFICATIONS}/" /etc/supervisor.
 sed -i "s/autostart=true/autostart=${BW_ENABLE_SCIM}/" /etc/supervisor.d/scim.ini
 sed -i "s/autostart=true/autostart=${BW_ENABLE_SSO}/" /etc/supervisor.d/sso.ini
 
-chown -R $UID:$GID \
+chown -R $PUID:$PGID \
     /app \
     /etc/bitwarden \
     /etc/nginx/http.d \
@@ -97,6 +96,7 @@ chown -R $UID:$GID \
     /etc/supervisor.d \
     /var/lib/nginx \
     /var/log \
+    /var/run/nginx \
     /run
 
-su-exec $UID:$GID /usr/bin/supervisord
+sudo -E -u \#$PUID /usr/bin/supervisord
\ No newline at end of file
diff --git a/docker-unified/settings.env b/docker-unified/settings.env
index d02943baa..b787edc1f 100644
--- a/docker-unified/settings.env
+++ b/docker-unified/settings.env
@@ -23,9 +23,9 @@ BW_INSTALLATION_KEY=xxxxxxxxxxxx
 #####################
 # Learn more here: https://bitwarden.com/help/environment-variables/
 
-# Container UID/GID
-#UID=1000
-#GID=1000
+# Container user ID/group ID
+#PUID=1000
+#PGID=1000
 
 # Webserver ports
 #BW_PORT_HTTP=8080