Couple of questions regarding Docker containers

Hi,

I’m switching my setup over from pulling from git to using docker-compose. I’ve run in to a couple of niggly issues.

The docker-compose file is slightly modified, and is below:


# set database password in .env
# please don't use quote (') or (") symbols in variables

networks:
  nginx:
    external: true

services:
  db:
    container_name: ttrss_db
    image: postgres:12-alpine
    restart: unless-stopped
    volumes:
      - ./ttrss-db:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_USER=${POSTGRES_USER}

  app:
    container_name: ttrss_app
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
      - SELF_URL_PATH=${SELF_URL_PATH}
    volumes:
      - ./ttrss-app:/var/www/html
    depends_on:
      - db

  updater:
    container_name: ttrss_updater
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
      - SELF_URL_PATH=${SELF_URL_PATH}
    volumes:
      - ./ttrss-app:/var/www/html
    depends_on:
      - app
    command: /updater.sh

  web:
    container_name: ttrss_web
    image: cthulhoo/ttrss-web
    restart: unless-stopped
    ports:
      - ${HTTP_PORT}:2015
    volumes:
      - ./ttrss-app:/var/www/html:ro
    depends_on:
      - app
    networks:
      - default
      - nginx

#  web-ssl:
#    image: cthulhoo/ttrss-web-ssl
#    restart: unless-stopped
#    environment:
#      - CADDYPATH=/certs
#      - HTTP_HOST=${HTTP_HOST}
#    ports:
#      - 80:80
#      - 443:443
#    volumes:
#      - ./ttrss-app:/var/www/html:ro
#      - certs:/certs
#    depends_on:
#      - app

#  web-nginx:
#    image: cthulhoo/ttrss-web-nginx
#    restart: unless-stopped
#    ports:
#      - ${HTTP_PORT}:80
#    volumes:
#      - ./ttrss-app:/var/www/html:ro
#    depends_on:
#      - app

volumes:
  db:
  app:
  certs:

This is the .env file:

# Put any local modifications here.

BUILD_TAG=latest

POSTGRES_USER=postgres
POSTGRES_PASSWORD=redacted

OWNER_UID=1000
OWNER_GID=1000

# You can keep this as localhost unless you want to use the ssl sidecar
# container (I suggest terminating ssl on the reverse proxy instead).
HTTP_HOST=xcp-dl.gently.org.uk

# You will likely need to set this to the correct value, see README.md
# for more information.
SELF_URL_PATH=https://xcp-dl.gently.org.uk/tt-rss/

# bind exposed port to 127.0.0.1 by default in case reverse proxy is used.
# if you plan to run the container standalone and need origin port exposed
# use next HTTP_PORT definition (or remove "127.0.0.1:").
HTTP_PORT=127.0.0.1:8280
#HTTP_PORT=8280
  1. Is it possible to add arbritary parameters to config.php and have them persist? I’m thinking in particular of extending SESSION_COOKIE_LIFETIME to avoid having to log in too often.

  2. I’m using my own nginx container as a frontend to provide ttrss over SSL. This is the nginx config:

server {
        listen 8281 ssl;
        server_name xcp-dl.gently.org.uk;

        access_log /config/log/nginx/ttrss_access.log;
        error_log /config/log/nginx/ttrss_error.log;

        ssl_certificate /etc/letsencrypt/live/xcp-dl.gently.org.uk/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xcp-dl.gently.org.uk/privkey.pem;

        ssl_session_timeout 5m;

        ssl_protocols                   TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!MD5:!DSS;
        ssl_prefer_server_ciphers       on;
        ssl_session_cache               shared:SSL:10m;

        location /tt-rss/ {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://ttrss_web:2015/tt-rss/;
      break;
        }
}

As you can see, nginx is listening on port 8281, and forwarding the request to port 2015 on the appropriate container.

If I set the SELF_URL_PATH in .env to

SELF_URL_PATH=https://xcp-dl.gently.org.uk/tt-rss/

Then it pretty much works, with the exception that whenever ttrss needs to redirect to itself (after a login say) then it uses the URL without the port, and this obviously doesn’t work.

If I specify

SELF_URL_PATH=https://xcp-dl.gently.org.uk:8281/tt-rss/

then I get a warning at startup about SELF_URL_PATH being wrong.

Anyone got any suggestions regarding the above?

Thanks

Andy

you can edit config.php however you like after first startup, it won’t get rewritten. the only exception is SELF_URL_PATH.

Ah apologies, I thought I’d read elsewhere that config.php was rewritten every time the container was recreated. I assumed that would happen when you next update the ‘static’ container and I do a docker-compose pull. Is that not the case?

Any advice regarding the nginx and SELF_URL_PATH question?

Thanks

Andy

i suggest you stop assuming and referencing things you maybe read somewhere.

i’m not going to dig into your bespoke nginx setup with SSL on a custom port.

Understood.

However, I’ve just edited the file, then done a docker-compose down (which stops and deletes the containers) then a docker-compose up. After this, config.php had gone back to the default value.

As the docker-compose file above shows, I’ve created a bind mount so that /var/www/html is stored in a local directory. Will this have any bearing on it?

Thanks

Andy

you’re right, it looks like a bug in a startup script for the dockerhub branch causes config.php to get deleted (and then generated again).

https://git.tt-rss.org/fox/ttrss-docker-compose/commit/1ead810c7854648c882627b5be668dea76ba33bb

this should fix it. new images should become available in a few minutes.

That’s great, thanks.

Will keep an eye out for new images and update. Will let you know.

Andy

Yep, that seems to have done it. Thanks for the swift response.

Andy

Ah, but looks like the code enforces a max lifetime of 86400, I wanted to extend it past this.

https://git.tt-rss.org/fox/tt-rss/src/master/include/sessions.php#L11

Is there any reason for this limit?

Thanks again

Andy

am i missing something here or you don’t know how max() works?

Nope, you’re not missing anything. For some reason my brain interpreted it as ‘min’, not ‘max’.

Consider me appropriately chastised. Apologies for wasting your time. :blush:

Andy