Unified docker building process. & more updates

- automatic builds
- automated tags on docker
- no more auto update (update your docker containers)
- auto not removed of mp4 anymore
- bug fixes

also closes #85 and closes #124

.dockerignore

@@ -0,0 +1,6 @@
+tmp/*
+inc/config.inc.php
+data/*
+bin
+.git
+.github

.github/workflows/build-docker.yml

@@ -0,0 +1,29 @@
+name: pictshare ci
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Get current date
+      id: date
+      run: echo "::set-output name=date::$(date +%s)"
+    - uses: actions/checkout@v2
+    - name: Build the Docker image
+      run: docker build . --file docker/Dockerfile --tag hascheksolutions/pictshare:${{ steps.date.outputs.date }} --tag hascheksolutions/pictshare:latest
+    -
+      name: Login to registry
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Pushing push as latest
+      run: docker push hascheksolutions/pictshare:latest
+    - name: Pushing to private registry
+      run: docker push hascheksolutions/pictshare:${{ steps.date.outputs.date }}

content-controllers/image/image.controller.php

@@ -155,7 +155,7 @@ class ImageController implements ContentController
                         
                                     header ("Content-type: image/jpeg");
                                     readfile($preview);
-                                    
+                                    exit;
                                 }
                                 else if(in_array('download',$url))
                                 {
@@ -175,6 +175,7 @@ class ImageController implements ContentController
                                 {
                                     $data = array('url'=>implode('/',$url),'hash'=>$hash,'filesize'=>renderSize(filesize($path)));
                                     renderTemplate('video',$data);
+                                    exit;
                                 }
                         break;
                     }
@@ -194,6 +195,7 @@ class ImageController implements ContentController
                 header ("Content-type: image/jpeg");
                 header ("Last-Modified: ".gmdate('D, d M Y H:i:s ', filemtime($path)) . 'GMT');
                 header ("ETag: $hash");
+                header('Cache-control: public, max-age=31536000');
                 readfile($path);
             break;
 
@@ -201,6 +203,7 @@ class ImageController implements ContentController
                 header ("Content-type: image/png");
                 header ("Last-Modified: ".gmdate('D, d M Y H:i:s ', filemtime($path)) . 'GMT');
                 header ("ETag: $hash");
+                header('Cache-control: public, max-age=31536000');
                 readfile($path);
             break;
 
@@ -208,6 +211,7 @@ class ImageController implements ContentController
                 header ("Content-type: image/gif");
                 header ("Last-Modified: ".gmdate('D, d M Y H:i:s ', filemtime($path)) . 'GMT');
                 header ("ETag: $hash");
+                header('Cache-control: public, max-age=31536000');
                 readfile($path);
             break;
 
@@ -215,6 +219,7 @@ class ImageController implements ContentController
                 header ("Content-type: image/webp");
                 header ("Last-Modified: ".gmdate('D, d M Y H:i:s ', filemtime($path)) . 'GMT');
                 header ("ETag: $hash");
+                header('Cache-control: public, max-age=31536000');
                 readfile($path);
             break;
         }

content-controllers/video/video.controller.php

@@ -72,7 +72,7 @@ class VideoController implements ContentController
                 return array('status'=>'err','hash'=>$hash,'reason'=>'Custom hash already exists');
         }
 
-        storeFile($tmpfile,$hash,true);
+        $file = storeFile($tmpfile,$hash,true);
 
         if(!$this->rightEncodedMP4($file))
             system("nohup php ".ROOT.DS.'tools'.DS.'re-encode_mp4.php force '.$hash." > /dev/null 2> /dev/null &");
@@ -91,6 +91,7 @@ class VideoController implements ContentController
             $start = 0;  
             $end = $size - 1; 
             header('Content-type: video/mp4');
+            header('Cache-control: public, max-age=31536000');
             header("Accept-Ranges: 0-$length");
             if (isset($_SERVER['HTTP_RANGE'])) {
             $c_start = $start;

docker-compose.yml

@@ -1,11 +0,0 @@
-version: '3.3'
-
-services:
-  pictshare:
-    image: hascheksolutions/pictshare:latest
-    ports:
-      - "80:80"
-    volumes:
-      - pictshare:/usr/share/nginx/html/data
-volumes:
-  pictshare:

docker/Dockerfile

@@ -0,0 +1,59 @@
+FROM alpine:3.14.2
+
+RUN apk add --no-cache bash socat wget curl nginx file ffmpeg unzip \
+        php7-fileinfo \
+        php7-session \
+        php \
+        php-curl \
+        php-openssl \
+        php-mbstring \
+        php-json \
+        php-gd \
+        php-dom \
+        php-fpm \
+        php7 \
+        php7-pdo \
+        php7-exif \
+        php7-mcrypt \
+        php7-curl \
+        php7-gd \
+        php7-json \
+        php7-phar \
+        php7-fpm \
+        php7-openssl \
+        php7-ctype \
+        php7-opcache \
+        php7-mbstring \
+        php7-sodium \
+        php7-xml \
+        php7-ftp \
+        php7-simplexml \
+        php7-session \
+        php7-fileinfo \
+        php7-pcntl
+
+RUN curl -sS https://getcomposer.org/installer | /usr/bin/php -- --install-dir=/usr/bin --filename=composer 
+RUN mkdir -p /var/www
+WORKDIR /var/www
+
+ADD . /var/www/.
+
+ADD docker/rootfs/start.sh /etc/start.sh
+RUN chmod +x /etc/start.sh
+
+# nginx stuff
+ADD docker/rootfs/nginx.conf /etc/nginx/http.d/default.conf
+RUN mkdir -p /run/nginx
+RUN mkdir -p /var/log/nginx
+RUN sed -i 's/nobody/nginx/g' /etc/php7/php-fpm.d/www.conf
+
+WORKDIR /var/www/
+
+# Volumes to mount
+#VOLUME /var/lib/influxdb
+VOLUME /var/www/data
+
+EXPOSE 80
+
+#CMD ["/bin/ash"]
+ENTRYPOINT ["/etc/start.sh"]

docker/rootfs/nginx.conf

@@ -0,0 +1,69 @@
+server {
+	listen 80 default_server;
+
+    set $base /var/www;
+	root /var/www/;
+
+    index index.php;
+
+    client_max_body_size 50M;
+    
+    location / {
+        try_files $uri $uri/ /index.php?url=$request_uri;
+    }
+
+    location ~ /(data|tmp|bin|content-controllers|inc|interfaces|storage-controllers|templates|tools|docker) {
+       deny all;
+       return 404;
+    }
+
+    # logging
+	access_log /var/log/nginx/pictshare/access.log;
+	error_log /var/log/nginx/pictshare/error.log warn;
+
+    location ~ \.php$ {
+		# 404
+        try_files $fastcgi_script_name =404;
+
+        # default fastcgi_params
+        include fastcgi_params;
+
+        # fastcgi settings
+        fastcgi_pass			127.0.0.1:9000;
+        fastcgi_index			index.php;
+        fastcgi_buffers			8 16k;
+        fastcgi_buffer_size		32k;
+
+        # fastcgi params
+        fastcgi_param DOCUMENT_ROOT		$realpath_root;
+        fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
+        fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";
+	}
+
+    location /favicon.ico {
+        log_not_found off;
+    }
+
+    # security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+    # svg, fonts
+    location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+        add_header Access-Control-Allow-Origin "*";
+        expires 7d;
+        access_log off;
+    }
+
+    # gzip
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
+
+}

docker/rootfs/start.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+######### functions
+
+_maxUploadSize() {
+    echo "[i] Setting uploadsize to ${MAX_UPLOAD_SIZE}M"
+	
+	sed -i "/post_max_size/c\post_max_size=${MAX_UPLOAD_SIZE}M" /etc/php7/php.ini
+	sed -i "/upload_max_filesize/c\upload_max_filesize=${MAX_UPLOAD_SIZE}M" /etc/php7/php.ini
+    
+	sed -i -e "s/50M/${MAX_UPLOAD_SIZE}M/g" /etc/nginx/http.d/default.conf
+
+    MAX_RAM=$((MAX_UPLOAD_SIZE + 30)) # 30megs more than the upload size
+    echo "[i] Also changing memory limit of PHP to ${MAX_RAM}M"
+    sed -i -e "s/128M/${MAX_RAM}M/g" /etc/php7/php.ini
+	sed -i "/memory_limit/c\memory_limit=${MAX_RAM}M" /etc/php7/php.ini
+}
+
+_filePermissions() {
+    chown -R nginx:nginx /var/www
+}
+
+_buildConfig() {
+    echo "<?php"
+    echo "define('URL', '${URL:-}');"
+    echo "define('TITLE', '${TITLE:-PictShare}');"
+    echo "define('ALLOWED_SUBNET', '${ALLOWED_SUBNET:-}');"
+    echo "define('CONTENTCONTROLLERS', '${CONTENTCONTROLLERS:-}');"
+    echo "define('MASTER_DELETE_CODE', '${MASTER_DELETE_CODE:-}');"
+    echo "define('MASTER_DELETE_IP', '${MASTER_DELETE_IP:-}');"
+    echo "define('UPLOAD_FORM_LOCATION', '${UPLOAD_FORM_LOCATION:-}');"
+    echo "define('UPLOAD_CODE', '${UPLOAD_CODE:-}');"
+    echo "define('LOG_UPLOADER', ${LOG_UPLOADER:-false});"
+    echo "define('MAX_RESIZED_IMAGES',${MAX_RESIZED_IMAGES:--1});"
+    echo "define('ALLOW_BLOATING', ${ALLOW_BLOATING:-false});"
+    echo "define('SHOW_ERRORS', ${SHOW_ERRORS:-false});"
+    echo "define('JPEG_COMPRESSION', ${JPEG_COMPRESSION:-90});"
+    echo "define('PNG_COMPRESSION', ${PNG_COMPRESSION:-6});"
+    echo "define('ALT_FOLDER', '${ALT_FOLDER:-}');"
+    echo "define('S3_BUCKET', '${S3_BUCKET:-}');"
+    echo "define('S3_ACCESS_KEY', '${S3_ACCESS_KEY:-}');"
+    echo "define('S3_SECRET_KEY', '${S3_SECRET_KEY:-}');"
+    echo "define('S3_ENDPOINT', '${S3_ENDPOINT:-}');"
+    echo "define('FTP_SERVER', '${FTP_SERVER:-}');"
+    echo "define('FTP_PORT', ${FTP_PORT:-21});"
+    echo "define('FTP_USER', '${FTP_USER:-}');"
+    echo "define('FTP_PASS', '${FTP_PASS:-}');"
+    echo "define('FTP_SSL', ${FTP_SSL:-false});"
+    echo "define('FTP_BASEDIR', '${FTP_BASEDIR:-}');"
+    echo "define('ENCRYPTION_KEY', '${ENCRYPTION_KEY:-}');"
+    echo "define('FFMPEG_BINARY', '${FFMPEG_BINARY:-/usr/bin/ffmpeg}');"
+}
+
+
+
+######### main
+
+echo 'Starting Pictshare'
+
+cd /var/www/
+
+if [[ ${MAX_UPLOAD_SIZE:=100} =~ ^[0-9]+$ ]]; then
+        _maxUploadSize
+fi
+
+echo ' [+] Starting php'
+php-fpm7
+
+chown -R nginx:nginx /var/www/
+
+echo ' [+] Creating config'
+
+touch data/sha1.csv
+chown nginx:nginx data/sha1.csv
+
+_buildConfig > inc/config.inc.php
+
+echo ' [+] Starting nginx'
+
+mkdir -p /var/log/nginx/pictshare
+touch /var/log/nginx/pictshare/access.log
+touch /var/log/nginx/pictshare/error.log
+
+nginx
+
+tail -f /var/log/nginx/pictshare/*.log

inc/core.php

@@ -558,6 +558,8 @@ function storeFile($srcfile,$hash,$deleteoriginal=false)
 		fwrite($fh, time().';'.$url.';'.$hash.';'.getUserIP()."\n");
 		fclose($fh);
 	}
+
+    return $file;
 }
 
 function getDeleteCodeOfHash($hash)

rtfm/DOCKER.md

@@ -1,6 +1,5 @@
 # Docker
 The fastest way to deploy PictShare is via the [official Docker repo](https://hub.docker.com/r/hascheksolutions/pictshare/)
-- [Source code & more examples](https://github.com/HaschekSolutions/PictShare-Docker)
 
 ```bash
 docker run -d -p 80:80 -e "TITLE=My own PictShare" -e "URL=http://localhost/" hascheksolutions/pictshare
@@ -8,25 +7,64 @@ docker run -d -p 80:80 -e "TITLE=My own PictShare" -e "URL=http://localhost/" ha
 
 [![Docker setup](http://www.pictshare.net/b65dea2117.gif)](https://www.pictshare.net/8a1dec0973.mp4)
 
-### Docker Compose With Prebuild Image by hascheksolutions
+## Usage
 
-Run container by docker-compose:
+### Building it
-- First, install docker compose:
-[Docker official docs](https://docs.docker.com/compose/install/)
-- Pull docker-compose file:
 ```bash
-wget https://raw.githubusercontent.com/HaschekSolutions/pictshare/master/docker-compose.yml
+docker build -t hascheksolutions/pictshare .
-```
-- Edit docker-compose file:
-```bash
-vi docker-compose.yml
-```
-- Run container by docker-compose:
-```bash
-docker-compose up
 ```
 
-By using this compose file, you should know that:
+### Quick start
-- Will make a directory "volumes" in the same directory where compose file is.
+```bash
-- Change `AUTOUPDATE` to false from true by defalt.
+docker run -d -p 80:80 --name=pictshare hascheksolutions/pictshare
-- And...it is highly recommended to build your own image.
+```
+
+### Persistent data
+```bash
+mkdir /data/pictshareuploads
+chown 1000 -R /data/pictshareuploads
+docker run -d -v /data/pictshareuploads:/usr/share/nginx/html/data -p 80:80 --name=pictshare hascheksolutions/pictshare
+```
+
+### Persistent data with increased max upload size
+```bash
+mkdir /data/pictshareuploads
+chown 1000 -R /data/pictshareuploads
+docker run -d -e "MAX_UPLOAD_SIZE=1024" -v /data/pictshareuploads:/usr/share/nginx/html/data -p 80:80 --name=pictshare hascheksolutions/pictshare
+```
+
+## ENV Variables
+There are some ENV variables that only apply to the Docker image
+- MAX_UPLOAD_SIZE (int | size in MB that will be used for nginx. default 50)
+
+Every other variable can be referenced against the [default PictShare configuration file](https://github.com/HaschekSolutions/pictshare/blob/master/inc/example.config.inc.php).
+- TITLE (string | Title of the page)
+- URL (string | URL that will be linked to new uploads)
+- PNG_COMPRESSION (int | 0-9 how much compression is used. note that this never affects quality. default: 6)
+- JPEG_COMPRESSION (int | 0-100 how high should the quality be? More is better. default: 90)
+- MASTER_DELETE_CODE (string | code if added to any url, will delete the image)
+- MASTER_DELETE_IP (string | ip which can delete any image)
+- ALLOWED_SUBNET (CIDR IP range (can be comma separated) | IP subnets which are allowed to upload files)
+- ALLOW_BLOATING (true/false | can images be bloated to higher resolutions than the originals)
+- UPLOAD_CODE (string | code that has to be supplied to upload an image)
+- UPLOAD_FORM_LOCATION (string | absolute path where upload gui will be shown)
+- LOW_PROFILE (string | won't display error messages on failed uploads)
+- IMAGE_CHANGE_CODE (string | code if provided, needs to be added to image to apply filter/rotation/etc)
+- LOG_UPLOADER (true/false | log IPs of uploaders)
+- MAX_RESIZED_IMAGES (int | how many versions of a single image may exist? -1 for infinite)
+- SHOW_ERRORS (true/false | show upload/size/server errors?)
+- ALT_FOLDER (path to a folder where all hashes will be copied to and looked for offsite backup via nfs for example)
+- S3_BUCKET (string | Name of your S3 bucket)
+- S3_ACCESS_KEY (string | Access Key for your Bucket)
+- S3_SECRET_KEY (string | Secrety Key)
+- S3_ENDPOINT (url | If you are using a selfhosted version of S3 like Minio, put your URL here)
+- ENCRYPTION_KEY (string | If you want to use encryption for storage controllers, put your encryption key here. [Read more](https://github.com/HaschekSolutions/pictshare/blob/master/rtfm/ENCRYPTION.md))
+
+- FTP_SERVER (string | IP or hostname of your FTP Server )
+- FTP_PORT (int | Port of your FTP server (defaults to 21) )
+- FTP_SSL (true/false | If FTP server supports SSL-FTP (not sFTP, thats not the same!))
+- FTP_USER (string | FTP Username)
+- FTP_PASS (string | FTP Password)
+- FTP_BASEDIR (string | Base path where files will be stored. Must end with / eg `/web/pictshare/`)
+
+- CONTENTCONTROLLERS (CSV string | If set, will whitelist content controllers for your instance. Must be uppercase and can be comma separated. Example: Only Pictures: `IMAGE`, Pictures and Videos: `IMAGE,VIDEO`)

tools/re-encode_mp4.php

@@ -57,7 +57,7 @@ if(in_array('altfolder',$argv) && defined('ALT_FOLDER') && ALT_FOLDER && is_dir(
             echo "\n [i] $filename is ..\t";
             $valid = $vc->rightEncodedMP4($vid);
             $tmp = ROOT.DS.'tmp'.DS.$hash;
-            $cmd = FFMPEG_BINARY." -loglevel panic -y -i $vid -vcodec libx264 -an -profile:v baseline -level 3.0 -pix_fmt yuv420p -vf \"scale=trunc(iw/2)*2:trunc(ih/2)*2\" $tmp && cp $tmp $img";
+            $cmd = FFMPEG_BINARY." -loglevel panic -y -i $vid -vcodec libx264 -profile:v baseline -level 3.0 -pix_fmt yuv420p -vf \"scale=trunc(iw/2)*2:trunc(ih/2)*2\" $tmp && cp $tmp $img";
             echo ($valid?'Valid'."\n":'Not valid => Converting..');
             if(!$valid)
             {
@@ -106,7 +106,7 @@ foreach($localfiles as $hash)
 {
     $mp4 = $dir.$hash.DS.$hash;
     $tmp = ROOT.DS.'tmp'.DS.$hash;
-    $cmd = FFMPEG_BINARY." -loglevel panic -y -i $mp4 -vcodec libx264 -an -profile:v baseline -level 3.0 -pix_fmt yuv420p -vf \"scale=trunc(iw/2)*2:trunc(ih/2)*2\" $tmp && cp $tmp $mp4";
+    $cmd = FFMPEG_BINARY." -loglevel panic -y -i $mp4 -vcodec libx264 -profile:v baseline -level 3.0 -pix_fmt yuv420p -vf \"scale=trunc(iw/2)*2:trunc(ih/2)*2\" $tmp && cp $tmp $mp4";
     echo "  [i] Converting '$hash'";
     system($cmd);
     if(defined('ALT_FOLDER') && ALT_FOLDER && is_dir(ALT_FOLDER))