change unified to debian images (#2514)

* change to debian images * add back sqlite connectionstring * add back sqlite connection string * Update docker-unified/entrypoint.sh Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * Update docker-unified/entrypoint.sh Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com> * update settings * uid requires # Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2024-11-25 12:45:18 +01:00 · 2023-01-05 09:27:28 -05:00 · 2023-01-05 09:27:28 -05:00 · e800219d73
commit e800219d73
parent 3e07d0bd32
3 changed files with 27 additions and 32 deletions
--- a/docker-unified/Dockerfile
+++ b/docker-unified/Dockerfile
@ -1,13 +1,14 @@
 ###############################################
 #                 Build stage                 #
 ###############################################
-FROM --platform=$BUILDPLATFORM alpine AS web-setup
+FROM --platform=$BUILDPLATFORM debian AS web-setup
 # Add packages
-RUN apk add --update-cache \
+RUN apt-get update && apt-get install -y \
    curl \
    jq \
-    && rm -rf /var/cache/apk/*
+    unzip \
    && rm -rf /var/lib/apt/lists/*
 WORKDIR /tmp
@ -49,9 +50,6 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
    && echo "RID=$RID" > /tmp/rid.txt
 # Add packages
 # RUN apk add --update-cache \
 #     npm \
 #     && rm -rf /var/cache/apk/*
 RUN apt-get update && apt-get install -y \
    npm \
    && rm -rf /var/lib/apt/lists/*
@ -172,7 +170,7 @@ RUN . /tmp/rid.txt && dotnet publish -c release -o /app/Scim --no-restore --no-s
 ###############################################
 #                  App stage                  #
 ###############################################
-FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine
+FROM mcr.microsoft.com/dotnet/aspnet:6.0
 ARG TARGETPLATFORM
 LABEL com.bitwarden.product="bitwarden"
 LABEL com.bitwarden.project="unified"
@ -207,16 +205,15 @@ ENV globalSettings__logDirectoryByProject="false"
 ENV globalSettings__logRollBySizeLimit="1073741824"
 # Add packages
-RUN apk add --update-cache \
+RUN apt-get update && apt-get install -y \
    curl \
    icu-libs \
    nginx \
    openssl \
    su-exec \
    supervisor \
    tzdata \
    unzip \
-    && rm -rf /var/cache/apk/*
+    sudo \
    && rm -rf /var/lib/apt/lists/*
 # Create required directories
 RUN mkdir -p /etc/bitwarden/attachments/send
@ -227,6 +224,9 @@ RUN mkdir -p /etc/supervisor
 RUN mkdir -p /etc/supervisor.d
 RUN mkdir -p /var/log/bitwarden
 RUN mkdir -p /var/log/nginx/logs
 RUN mkdir -p /etc/nginx/http.d
 RUN mkdir -p /var/run/nginx
 RUN touch /var/run/nginx/nginx.pid
 RUN mkdir -p /app
 # Copy all apps from dotnet-build stage
@ -256,9 +256,9 @@ COPY docker-unified/hbs/app-id.hbs /etc/hbs/
 COPY docker-unified/hbs/config.yaml /etc/hbs/
 # Download hbs tool for generating final configurations
-RUN if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_alpine-x64_dotnet.zip; fi
+RUN if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-x64_dotnet.zip; fi
-RUN if [ "$TARGETPLATFORM" = "linux/arm/v7" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_alpine-armv7_dotnet.zip; fi
+RUN if [ "$TARGETPLATFORM" = "linux/arm/v7" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-armv7_dotnet.zip; fi
-RUN if [ "$TARGETPLATFORM" = "linux/arm64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_alpine-arm64_dotnet.zip; fi
+RUN if [ "$TARGETPLATFORM" = "linux/arm64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-arm64_dotnet.zip; fi
 # Extract hbs
 RUN unzip hbs.zip -d /usr/local/bin && rm hbs.zip
@ -268,11 +268,6 @@ RUN chmod +x /usr/local/bin/hbs
 COPY docker-unified/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 # TODO: Remove after testing
 RUN apk add --update-cache \
    vim \
    && rm -rf /var/cache/apk/*
 VOLUME ["/etc/bitwarden"]
 WORKDIR /app
--- a/docker-unified/entrypoint.sh
+++ b/docker-unified/entrypoint.sh
@ -1,13 +1,12 @@
-#!/bin/sh
+#!/bin/bash
 # Set up user group
-GID="${GID:-1000}"
+PGID="${PGID:-1000}"
-addgroup -g $GID bitwarden
+addgroup --gid $PGID bitwarden
 GROUP_NAME=$(cat /etc/group | grep ":$GID:" | cut -d ':' -f 1)
 # Set up user
-UID="${UID:-1000}"
+PUID="${PUID:-1000}"
-adduser -s /bin/false -D -u $UID -G $GROUP_NAME bitwarden
+adduser --no-create-home --shell /bin/bash --disabled-password --uid $PUID --gid $PGID --gecos "" bitwarden
 # Translate environment variables for application settings
 VAULT_SERVICE_URI=https://$BW_DOMAIN
@ -59,7 +58,7 @@ cp /etc/bitwarden/identity.pfx /app/Identity/identity.pfx
 cp /etc/bitwarden/identity.pfx /app/Sso/identity.pfx
 # Generate SSL certificates
-if [ "$BW_ENABLE_SSL" == "true" -a ! -f /etc/bitwarden/${BW_SSL_KEY:-ssl.key} ]; then
+if [ "$BW_ENABLE_SSL" = "true" -a ! -f /etc/bitwarden/${BW_SSL_KEY:-ssl.key} ]; then
  openssl req \
  -x509 \
  -newkey rsa:4096 \
@ -70,7 +69,7 @@ if [ "$BW_ENABLE_SSL" == "true" -a ! -f /etc/bitwarden/${BW_SSL_KEY:-ssl.key} ];
  -out /etc/bitwarden/${BW_SSL_CERT:-ssl.crt} \
  -reqexts SAN \
  -extensions SAN \
-  -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:${BW_DOMAIN:-localhost}\nbasicConstraints=CA:true")) \
+  -config <(cat /usr/lib/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:${BW_DOMAIN:-localhost}\nbasicConstraints=CA:true")) \
  -subj "/C=US/ST=California/L=Santa Barbara/O=Bitwarden Inc./OU=Bitwarden/CN=${BW_DOMAIN:-localhost}"
 fi
@ -89,7 +88,7 @@ sed -i "s/autostart=true/autostart=${BW_ENABLE_NOTIFICATIONS}/" /etc/supervisor.
 sed -i "s/autostart=true/autostart=${BW_ENABLE_SCIM}/" /etc/supervisor.d/scim.ini
 sed -i "s/autostart=true/autostart=${BW_ENABLE_SSO}/" /etc/supervisor.d/sso.ini
-chown -R $UID:$GID \
+chown -R $PUID:$PGID \
    /app \
    /etc/bitwarden \
    /etc/nginx/http.d \
@ -97,6 +96,7 @@ chown -R $UID:$GID \
    /etc/supervisor.d \
    /var/lib/nginx \
    /var/log \
    /var/run/nginx \
    /run
-su-exec $UID:$GID /usr/bin/supervisord
+sudo -E -u \#$PUID /usr/bin/supervisord
--- a/docker-unified/settings.env
+++ b/docker-unified/settings.env
@ -23,9 +23,9 @@ BW_INSTALLATION_KEY=xxxxxxxxxxxx
 #####################
 # Learn more here: https://bitwarden.com/help/environment-variables/
-# Container UID/GID
+# Container user ID/group ID
-#UID=1000
+#PUID=1000
-#GID=1000
+#PGID=1000
 # Webserver ports
 #BW_PORT_HTTP=8080