initial commit

Author: vsilent

.travis.yml

@@ -0,0 +1,43 @@
+language: python
+python:
+  - 2.7
+
+env:
+  - DOCKER_CONTENT_TRUST=0
+
+services:
+  - docker
+
+before_install:
+  # update is required to update the repositories to see the new packages for
+  # Docker.
+  - sudo apt-get update
+  - docker-compose --version
+  - pip install docker-compose --upgrade
+  - docker-compose --version
+
+install:
+  - cd 1.12/build
+  - docker-compose up -d --build
+  - docker-compose ps
+
+before_script:
+  - pip install requests
+  - pip install docker
+  - cd $TRAVIS_BUILD_DIR
+
+script:
+  - bash ./.travis/linters.sh
+  - python tests.py
+
+
+notifications:
+  slack:
+    rooms:
+      - optimum-team:GycletOWK4Kt95GktwYwfUMp#build
+
+after_success:
+  - cd build
+  - echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin
+  - docker-compose -f images
+  - docker push trydirect/osticket:1.12

.travis/docker-linter.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "Run docker linter: $1"
+docker run --rm -i hadolint/hadolint:v1.3.0 hadolint --ignore DL3006 - < "$1"
+echo "-end-"

.travis/docker-security.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "Run docker bench security"
+docker run \
+    -it \
+    --net host \
+    --pid host \
+    --userns host \
+    --cap-add audit_control \
+    -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
+    -v /var/lib:/var/lib \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -v /usr/lib/systemd:/usr/lib/systemd \
+    -v /etc:/etc --label docker_bench_security \
+    docker/docker-bench-security
+echo "-end-"

.travis/linters.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+docker pull hadolint/hadolint:v1.3.0
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+find ./ -name Dockerfile -print0 | xargs -0 -L1 $DIR/docker-linter.sh
+
+docker pull docker/docker-bench-security
+$DIR/docker-security.sh

1.12/.env

@@ -1,8 +1,14 @@
+# COMMON
 REGISTRY=
 DOMAIN=localdomain
+ADMIN_EMAIL=admin@localhost
+SECRET_SALT=somethingverysecret
+DEBUG=True
+
+# SMTP
+BIND_ADDRESS=127.0.0.1
+ROOT=.
 
-# SMTP docker image
-SMTP_IMAGE={{SMTP_IMAGE}}
 EMAIl_ADMIN=admin@localhost
 EMAIL_USE_TLS=False
 EMAIL_HOST=smtp.gmail.com
@@ -11,8 +17,9 @@ [email protected]
 EMAIL_HOST_PASSWORD=pass
 DEFAULT_FROM_EMAIL=[email protected]
 
+# MySQL
+MYSQL_HOST=db
 MYSQL_DATABASE=osticket
-MYSQ_USER=osticket
+MYSQ_USER=root
+MYSQ_PASSWORD=osticketroot
 MYSQL_ROOT_PASSWORD=osticketroot
-
-DEBUG=True

1.12/build/Dockerfile

@@ -1,23 +1,30 @@
 FROM ubuntu:18.04
-
 LABEL maintainer="[email protected]"
+
+# Let the container know that there is no tty
+ENV DEBIAN_FRONTEND noninteractive
+
 ENV APP_VERSION 1.12
 
-RUN apt-get update -y -qq ; apt-get install --no-install-recommends -y -qq supervisor software-properties-common; \
+RUN apt-get update -y -qq ; apt-get install --no-install-recommends -y -qq supervisor curl software-properties-common; \
     LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php -y; apt-get update -y -qq; \
-    apt-get install -y -qq cron curl net-tools \
-    php7.2 php7.2-fpm php7.2-mysql php7.2-cli php7.2-cgi php7.2-gd php7.2-zip php7.2-xml php7.2-curl \
+    apt-get install --no-install-recommends -y -qq cron net-tools sudo lsof \
+    php7.2 php7.2-fpm php7.2-mysql php7.2-cli php7.2-cgi \
+    php7.2-gd php7.2-zip php7.2-xml php7.2-curl php7.2-imap \
+    php7.2-mbstring php7.2-intl php7.2-apcu \
     && apt-get clean; apt-get autoclean; apt-get autoremove -y -qq && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 RUN groupadd -r -g 2000 osticket; useradd -r -u 2000 -g 2000 -m -c "app account" -d /home/osticket -s /bin/bash osticket
 RUN curl -L -o /usr/src/app.tar.gz https://github.com/osTicket/osTicket/archive/v${APP_VERSION}.tar.gz
 WORKDIR /home/osticket
+RUN mkdir -p /var/run/php && chown -R osticket:osticket /var/run/php
 RUN tar -xf /usr/src/app.tar.gz && mv osTicket-${APP_VERSION} app
 RUN chown -R osticket:osticket app
+ADD ./configs/php/fpm/php-fpm.conf /etc/php/7.2/fpm/php-fpm.conf
 ADD ./configs/php/fpm/php.ini /etc/php/7.2/fpm/php.ini
 ADD ./configs/php/fpm/www.conf /etc/php/7.2/fpm/pool.d/www.conf
 ADD ./configs/supervisord/osticket.conf /etc/supervisor/conf.d/osticket.conf
-RUN mkdir /run/php && chown -R osticket:osticket /run/php
 
+WORKDIR /home/osticket/app
 EXPOSE 9000
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/osticket.conf"]

1.12/build/configs/php/fpm/php-fpm.conf

@@ -0,0 +1,131 @@
+;;;;;;;;;;;;;;;;;;;;;
+; FPM Configuration ;
+;;;;;;;;;;;;;;;;;;;;;
+
+; All relative paths in this configuration file are relative to PHP's install
+; prefix (/usr). This prefix can be dynamically changed by using the
+; '-p' argument from the command line.
+
+;;;;;;;;;;;;;;;;;;
+; Global Options ;
+;;;;;;;;;;;;;;;;;;
+
+[global]
+; Pid file
+; Note: the default prefix is /var
+; Default Value: none
+
+pid = /run/php/php7.2-fpm.pid
+
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; into a local file.
+; Note: the default prefix is /var
+; Default Value: log/php-fpm.log
+;error_log = /var/log/php7.2-fpm.log
+
+;error_log = /proc/self/fd/2;
+;error_log = /dev/stdout;
+error_log = "syslog";
+
+; syslog_facility is used to specify what type of program is logging the
+; message. This lets syslogd specify that messages from different facilities
+; will be handled differently.
+; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
+; Default Value: daemon
+;syslog.facility = daemon
+
+; syslog_ident is prepended to every message. If you have multiple FPM
+; instances running on the same server, you can change the default value
+; which must suit common needs.
+; Default Value: php-fpm
+;syslog.ident = php-fpm
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+
+;log_level = error
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+;emergency_restart_threshold = 0
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated.  This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;emergency_restart_interval = 0
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;process_control_timeout = 0
+
+; The maximum number of processes FPM will fork. This has been designed to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+
+; Specify the nice(2) priority to apply to the master process (only if set)
+; The value can vary from -19 (highest priority) to 20 (lowest priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool process will inherit the master process priority
+;         unless specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
+; Default Value: yes
+;daemonize = yes
+
+; Set open file descriptor rlimit for the master process.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit for the master process.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Specify the event mechanism FPM will use. The following is available:
+; - select     (any POSIX os)
+; - poll       (any POSIX os)
+; - epoll      (linux >= 2.5.44)
+; - kqueue     (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
+; - /dev/poll  (Solaris >= 7)
+; - port       (Solaris >= 10)
+; Default Value: not set (auto detection)
+;events.mechanism = epoll
+
+; When FPM is built with systemd integration, specify the interval,
+; in seconds, between health report notification to systemd.
+; Set to 0 to disable.
+; Available Units: s(econds), m(inutes), h(ours)
+; Default Unit: seconds
+; Default value: 10
+;systemd_interval = 10
+
+;;;;;;;;;;;;;;;;;;;;
+; Pool Definitions ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Multiple pools of child processes may be started with different listening
+; ports and different management options.  The name of the pool will be
+; used in logs and stats. There is no limitation on the number of pools which
+; FPM can handle. Your system will tell you anyway :)
+
+; Include one or more files. If glob(3) exists, it is used to include a bunch of
+; files from a glob(3) pattern. This directive can be used everywhere in the
+; file.
+; Relative path can also be used. They will be prefixed by:
+;  - the global prefix if it's been set (-p argument)
+;  - /usr otherwise
+include=/etc/php/7.2/fpm/pool.d/*.conf

1.12/build/configs/php/fpm/php.ini

@@ -401,7 +401,7 @@ max_input_time = 60
 
 ; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
-memory_limit = 256M
+memory_limit = 512M
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -485,7 +485,7 @@ display_errors = Off
 ; Development Value: On
 ; Production Value: Off
 ; http://php.net/display-startup-errors
-display_startup_errors = Off
+display_startup_errors = On
 
 ; Besides displaying errors, PHP can also log errors to locations such as a
 ; server-specific log, STDERR, or a location specified by the error_log

1.12/build/configs/php/fpm/www.conf

@@ -20,6 +20,7 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
+
 user = osticket
 group = osticket
 
@@ -33,8 +34,9 @@ group = osticket
 ;                            (IPv6 and IPv4-mapped) on a specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-;listen = /run/php/php7.1-fpm.sock
-listen = 127.0.0.1:9000
+;listen = /run/php/php7.0-fpm.sock
+listen = 0.0.0.0:9000
+
 ; Set listen(2) backlog.
 ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
 ;listen.backlog = 511
@@ -47,6 +49,7 @@ listen = 127.0.0.1:9000
 ;listen.owner = www-data
 ;listen.group = www-data
 ;listen.mode = 0660
+
 ; When POSIX Access Control Lists are supported you can set them using
 ; these options, value is a comma separated list of user/group names.
 ; When set, listen.owner and listen.group are ignored
@@ -59,7 +62,9 @@ listen = 127.0.0.1:9000
 ; must be separated by a comma. If this value is left blank, connections will be
 ; accepted from any ip address.
 ; Default Value: any
-;listen.allowed_clients = 127.0.0.1
+
+; listen.allowed_clients = 127.0.0.1
+; listen.allowed_clients = 0.0.0.0
 
 ; Specify the nice(2) priority to apply to the pool processes (only if set)
 ; The value can vary from -19 (highest priority) to 20 (lower priority)
@@ -355,17 +360,23 @@ pm.max_spare_servers = 3
 ; Default Value: not set
 ;chroot =
 
+;chroot = /home/osticket
+
 ; Chdir to this directory at the start.
 ; Note: relative path can be used.
 ; Default Value: current directory or / when chroot
 ;chdir = /var/www
 
+
+;chdir = /app
+
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
-;catch_workers_output = yes
+
+catch_workers_output = yes
 
 ; Clear environment in FPM workers
 ; Prevents arbitrary environment variables from reaching FPM worker processes
@@ -374,7 +385,8 @@ pm.max_spare_servers = 3
 ; Setting to "no" will make all environment variables available to PHP code
 ; via getenv(), $_ENV and $_SERVER.
 ; Default Value: yes
-;clear_env = no
+
+clear_env = no
 
 ; Limits the extensions of the main script FPM will allow to parse. This can
 ; prevent configuration mistakes on the web server side. You should only limit
@@ -414,6 +426,6 @@ pm.max_spare_servers = 3
 ;                specified at startup with the -d argument
 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
 ;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_value[error_log] = /dev/stderr
 ;php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M

1.12/build/configs/supervisord/osticket.conf

@@ -6,7 +6,7 @@ logfile_maxbytes=0
 pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
 
 [unix_http_server]
-file = /tmp/supervisor.sock
+file=/tmp/supervisor.sock
 chmod = 0700
 username = dummy
 password = dummy
@@ -16,7 +16,7 @@ username = dummy
 password = dummy
 
 [program:php-fpm]
-command=/usr/sbin/php-fpm7.2 -F
+command=/usr/sbin/php-fpm7.2 -F -R -c /etc/php/7.2/fpm
 stopasgroup=true
 stopsignal=TERM
 autostart=true