Merge branch 'master' into docker-secrets

Merge pull request #440 from wallabag/impr/nginx-dualstack
Support dualstack listen on nginx
2026-02-27 12:17:37 +01:00 · 2025-05-17 10:55:16 -04:00 · 2025-04-29 22:56:19 +02:00 · 2025-04-24 18:57:28 -04:00 · 2025-04-20 17:22:46 +02:00 · 2025-04-20 12:58:45 +02:00
9 changed files with 51 additions and 6 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -21,6 +21,7 @@ jobs:
          - "sqlite"
          - "mariadb"
          - "postgresql"
+          - "postgresql-secret"

    steps:
      - name: "Checkout"
--- a/3
+++ b/3
@ -32,6 +32,7 @@ RUN set -ex \
      php81-iconv \
      php81-json \
      php81-mbstring \
+      php81-opcache \
      php81-openssl \
      php81-pecl-amqp \
      php81-pecl-imagick \
@ -83,6 +84,8 @@ ENV PATH="${PATH}:/var/www/wallabag/bin"
 # Set console entry path
 WORKDIR /var/www/wallabag

+HEALTHCHECK CMD curl --fail --silent --show-error --user-agent healthcheck http://localhost/api/info || exit 1
+
 EXPOSE 80
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["wallabag"]
--- a/README.md
+++ b/README.md
@ -43,6 +43,8 @@ Default login is `wallabag:wallabag`.
 - `-e SYMFONY__ENV__SERVER_NAME=...` (defaults to "Your wallabag instance". Specifies a user-friendly name for the 2FA issuer)
 - `-e PHP_MEMORY_LIMIT=...` (allows you to change the PHP `memory_limit` value. defaults to 128M, and should be a number and unit, eg. 512K, 128M, 2G, or a number of bytes)

+To set any of these environment variables from a file (for instance a Docker Secret), append `__FILE` to the name of the environment variable.
+
 ## SQLite

 The easiest way to start wallabag is to use the SQLite backend. You can spin that up with
@ -131,10 +133,6 @@ services:
      - "80"
    volumes:
      - /opt/wallabag/images:/var/www/wallabag/web/assets/images
-    healthcheck:
-      test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost/api/info"]
-      interval: 1m
-      timeout: 3s
    depends_on:
      - db
      - redis
--- a/root/entrypoint.sh
+++ b/root/entrypoint.sh
@ -2,6 +2,16 @@
 # Exit when any command fails
 set -e

+FILE_ENV_VARS="$(env | grep '__FILE=')"
+for env_var in $FILE_ENV_VARS; do
+    var_name="$(echo $env_var | grep -o '.*__FILE=' | sed 's/__FILE=//g')"
+    file_path="$(echo $env_var | grep -o '__FILE=.*' | sed 's/__FILE=//g')"
+    file_content="$(cat $file_path)"
+    [[ ! $? -eq 0 ]] && exit 1 # Exit if last command failed
+    new_var="$(echo $var_name=$file_content)"
+    export $(echo $new_var | xargs)
+done
+
 COMMAND_ARG1="$1"
 COMMAND_ARG2="$2"

--- a/root/etc/nginx/nginx.conf
+++ b/root/etc/nginx/nginx.conf
@ -35,8 +35,7 @@ http {
    }

    server {
-        listen 80;
-        listen [::0]:80;
+        listen [::]:80 ipv6only=off;
        server_name _;
        root /var/www/wallabag/web;

--- a/tests/credentials/db_password
+++ b/tests/credentials/db_password
@ -0,0 +1 @@
+wallapass
--- a/tests/credentials/env_secret
+++ b/tests/credentials/env_secret
@ -0,0 +1 @@
+F00B4R
--- a/tests/credentials/postgres_password
+++ b/tests/credentials/postgres_password
@ -0,0 +1 @@
+my-secret-pw
--- a/tests/docker-compose.postgresql-secret.yml
+++ b/tests/docker-compose.postgresql-secret.yml
@ -0,0 +1,31 @@
+version: '2'
+services:
+  wallabag:
+    build:
+      context: ../
+    image: wallabag:postgresql
+    container_name: wallabag
+    environment:
+      - POSTGRES_PASSWORD__FILE=/run/secrets/postgres_password
+      - POSTGRES_USER=my-super-user
+      - SYMFONY__ENV__SECRET__FILE=/run/secrets/env_secret
+      - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
+      - SYMFONY__ENV__DATABASE_HOST=db
+      - SYMFONY__ENV__DATABASE_PORT=5432
+      - SYMFONY__ENV__DATABASE_NAME=wallabag
+      - SYMFONY__ENV__DATABASE_USER=wallabag
+      - SYMFONY__ENV__DATABASE_PASSWORD__FILE=/run/secrets/db_password
+    ports:
+      - "127.0.0.1:80:80"
+    # Docker Secrets require Swarm Mode, so we use volumes instead to spoof the behaviour
+    volumes:
+      - ./credentials/db_password:/run/secrets/db_password
+      - ./credentials/postgres_password:/run/secrets/postgres_password
+      - ./credentials/env_secret:/run/secrets/env_secret
+  db:
+    image: postgres:10.3
+    environment:
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+      - POSTGRES_USER=my-super-user
+    volumes:
+      - ./credentials/postgres_password:/run/secrets/postgres_password
Author	SHA1	Message	Date
Anes Belfodil	2e343d18fa	Merge branch 'master' into docker-secrets	2025-05-17 10:55:16 -04:00
Kevin Decherf	488814d187	Merge pull request #440 from wallabag/impr/nginx-dualstack Support dualstack listen on nginx	2025-04-29 22:56:19 +02:00
Anes Belfodil	a2ed3534e1	Merge branch 'master' into docker-secrets	2025-04-24 18:57:28 -04:00
Kevin Decherf	3808b524fc	Support dualstack listen on nginx Fixes #422 Supersedes #435 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2025-04-20 17:22:46 +02:00
Kevin Decherf	dd237ec16e	Merge pull request #430 from caspermeijn/healthcheck Add healthcheck to image	2025-04-20 12:58:45 +02:00
Jérémy Benoist	84756ac1fd	Merge pull request #439 from deviantintegral/add-opcache Install the opcache extension #162	2025-04-17 09:10:15 +02:00
Andrew Berry	60ce6d2e4f	Install the opcache extension #162	2025-04-16 21:01:34 -04:00
Casper Meijn	424642d3b9	Add healthcheck to image - Move the healthcheck from the docker-compose example to the actual image. That makes sure all user of the image automatically get the healthcheck. - Change to `curl --fail \|\| exit 1` as suggested in [docker documentation](https://docs.docker.com/reference/dockerfile/#healthcheck) - Add `--silent --show-error` so that docker health state contains the output of the HTTP call instead of curl progress bar - Set the user agent to make the logs more readable	2024-12-24 16:56:22 +01:00
Anes Belfodil	dfc3a38db1	Early exit if can't read file	2021-01-21 11:14:22 -05:00
Anes Belfodil	1b9008040e	Test docker secrets	2021-01-21 11:14:17 -05:00
Anes Belfodil	36b8864ca3	Add docker secret support	2021-01-20 11:27:29 -05:00