diff --git a/.deploy/docker/build-amd64.sh b/.deploy/docker/build-amd64.sh index 50121026de..3d8cd8f31a 100755 --- a/.deploy/docker/build-amd64.sh +++ b/.deploy/docker/build-amd64.sh @@ -3,8 +3,6 @@ # build image echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - - if [ "$TRAVIS_BRANCH" == "develop" ]; then echo "Build develop amd64" docker build -t jc5x/firefly-iii:develop-amd64 -f Dockerfile.amd64 . diff --git a/.deploy/docker/build-arm.sh b/.deploy/docker/build-arm.sh index b10b5eb6f1..4ea42d38e9 100755 --- a/.deploy/docker/build-arm.sh +++ b/.deploy/docker/build-arm.sh @@ -2,7 +2,6 @@ docker run --rm --privileged multiarch/qemu-user-static:register --reset - # get qemu-arm-static binary mkdir tmp pushd tmp && \ diff --git a/.deploy/docker/entrypoint.sh b/.deploy/docker/entrypoint.sh index 94c332c3ca..566dd7eae8 100755 --- a/.deploy/docker/entrypoint.sh +++ b/.deploy/docker/entrypoint.sh @@ -2,8 +2,6 @@ echo "Now in entrypoint.sh for Firefly III" -lscpu - # make sure the correct directories exists (suggested by @chrif): echo "Making directories..." mkdir -p $FIREFLY_PATH/storage/app/public @@ -37,15 +35,12 @@ chmod -R 775 $FIREFLY_PATH/storage echo "Remove log file..." rm -f $FIREFLY_PATH/storage/logs/laravel.log -#echo "Map environment variables on .env file..." -#cat $FIREFLY_PATH/.deploy/docker/.env.docker | envsubst > $FIREFLY_PATH/.env echo "Dump auto load..." composer dump-autoload echo "Discover packages..." php artisan package:discover echo "Run various artisan commands..." -#. $FIREFLY_PATH/.env if [[ -z "$DB_PORT" ]]; then if [[ $DB_CONNECTION == "pgsql" ]]; then DB_PORT=5432 diff --git a/.env.example b/.env.example index c675305fa5..c3276d4253 100644 --- a/.env.example +++ b/.env.example @@ -22,6 +22,7 @@ TZ=Europe/Amsterdam APP_URL=http://localhost # TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. TRUSTED_PROXIES= # The log channel defines where your log entries go to. @@ -105,6 +106,7 @@ MAPBOX_API_KEY= # RatesApi.IO (see https://ratesapi.io) is a FREE and OPEN SOURCE live currency exchange rates, # built compatible with Fixer.IO, based on data published by European Central Bank, and doesn't require API key. CER_PROVIDER=ratesapi + # If you have select "fixer" as default currency exchange rates, # set a Fixer IO API key here (see https://fixer.io) to enable live currency exchange rates. # Please note that this WILL ONLY WORK FOR PAID fixer.io accounts because they severely limited diff --git a/docker-compose.yml b/docker-compose.yml index 30bb1023b3..fde91f7b5c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,23 +4,14 @@ networks: driver: bridge services: firefly_iii_app: - environment: - - DB_HOST=firefly_iii_db - - DB_NAME=firefly - - DB_USER=firefly - - DB_PASSWORD=firefly - - APP_KEY=S0m3R@nd0mStr1ngOf32Ch@rsEx@ctly - - APP_ENV=local - - DB_CONNECTION=pgsql - - TZ=Europe/Amsterdam - - APP_LOG_LEVEL=debug - image: jc5x/firefly-iii - links: + image: jc5x/firefly-iii:develop + depends_on: - firefly_iii_db networks: - firefly_iii_net ports: - "80:80" + env_file: docker-variables.txt volumes: - source: firefly_iii_export @@ -31,14 +22,14 @@ services: target: /var/www/firefly-iii/storage/upload type: volume firefly_iii_db: - environment: - - POSTGRES_PASSWORD=firefly - - POSTGRES_USER=firefly image: "postgres:10" + environment: + - POSTGRES_PASSWORD=secret_firefly_password + - POSTGRES_USER=firefly networks: - firefly_iii_net volumes: - - "firefly_iii_db:/var/lib/postgresql/data" + - firefly_iii_db:/var/lib/postgresql/data version: "3.2" volumes: firefly_iii_db: ~ diff --git a/.deploy/docker/.env.docker b/docker-variables.txt similarity index 61% rename from .deploy/docker/.env.docker rename to docker-variables.txt index dffeabdae8..443fb6d41d 100644 --- a/.deploy/docker/.env.docker +++ b/docker-variables.txt @@ -1,57 +1,57 @@ # You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. # Never set it to "testing". -APP_ENV=${APP_ENV} +APP_ENV=local # Set to true if you want to see debug information in error screens. -APP_DEBUG=${APP_DEBUG} +APP_DEBUG=false # This should be your email address -SITE_OWNER=${SITE_OWNER} +SITE_OWNER=mail@example.com -# The encryption key for your database and sessions. Keep this very secure. -# If you generate a new one all existing data must be considered LOST. +# The encryption key for your sessions. Keep this very secure. +# If you generate a new one existing data must be considered LOST. # Change it to a string of exactly 32 chars or use command `php artisan key:generate` to generate it -APP_KEY=${APP_KEY} +APP_KEY=SomeRandomStringOf32CharsExactly # Change this value to your preferred time zone. # Example: Europe/Amsterdam -TZ=${TZ} +TZ=Europe/Amsterdam # This variable must match your installation's external address but keep in mind that # it's only used on the command line as a fallback value. -APP_URL=${APP_URL} +APP_URL=http://localhost # TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. -TRUSTED_PROXIES=${TRUSTED_PROXIES} +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES= # The log channel defines where your log entries go to. # 'daily' is the default logging mode giving you 5 daily rotated log files in /storage/logs/. # Several other options exist. You can use 'single' for one big fat error log (not recommended). # Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. -LOG_CHANNEL=stdout +LOG_CHANNEL=daily # Log level. You can set this from least severe to most severe: # debug, info, notice, warning, error, critical, alert, emergency # If you set it to debug your logs will grow large, and fast. If you set it to emergency probably # nothing will get logged, ever. -APP_LOG_LEVEL=${APP_LOG_LEVEL} +APP_LOG_LEVEL=notice # Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III # For other database types, please see the FAQ: http://firefly-iii.readthedocs.io/en/latest/support/faq.html -DB_CONNECTION=${DB_CONNECTION} -DB_HOST=${DB_HOST} -DB_PORT=${DB_PORT} -DB_DATABASE=${DB_NAME} -DB_USERNAME=${DB_USER} -DB_PASSWORD="${DB_PASSWORD}" +DB_CONNECTION=pgsql +DB_HOST=127.0.0.1 +DB_PORT=5432 +DB_DATABASE=firefly +DB_USERNAME=firefly +DB_PASSWORD=secret_firefly_password # PostgreSQL supports SSL. You can configure it here. -PGSQL_SSL=${PGSQL_SSL} -PGSQL_SSL_MODE=${PGSQL_SSL_MODE} -PGSQL_SSL_ROOT_CERT=${PGSQL_SSL_ROOT_CERT} -PGSQL_SSL_CERT=${PGSQL_SSL_CERT} -PGSQL_SSL_KEY=${PGSQL_SSL_KEY} -PGSQL_SSL_CRL_FILE=${PGSQL_SSL_CRL_FILE} +PGSQL_SSL_MODE=prefer +PGSQL_SSL_ROOT_CERT=null +PGSQL_SSL_CERT=null +PGSQL_SSL_KEY=null +PGSQL_SSL_CRL_FILE=null # If you're looking for performance improvements, you could install memcached. CACHE_DRIVER=file @@ -60,15 +60,15 @@ SESSION_DRIVER=file # You can configure another file storage backend if you cannot use the local storage option. # To set this up, fill in the following variables. The upload path is used to store uploaded # files and the export path is to store exported data (before download). -SFTP_HOST=${SFTP_HOST} -SFTP_PORT=${SFTP_PORT} -SFTP_UPLOAD_PATH=${SFTP_UPLOAD_PATH} -SFTP_EXPORT_PATH=${SFTP_EXPORT_PATH} +SFTP_HOST= +SFTP_PORT= +SFTP_UPLOAD_PATH= +SFTP_EXPORT_PATH= # SFTP uses either the username/password combination or the private key to authenticate. -SFTP_USERNAME=${SFTP_USERNAME} -SFTP_PASSWORD="${SFTP_PASSWORD}" -SFTP_PRIV_KEY=${SFTP_PRIV_KEY} +SFTP_USERNAME= +SFTP_PASSWORD= +SFTP_PRIV_KEY= # Cookie settings. Should not be necessary to change these. COOKIE_PATH="/" @@ -77,90 +77,88 @@ COOKIE_SECURE=false # If you want Firefly III to mail you, update these settings # For instructions, see: https://firefly-iii.readthedocs.io/en/latest/installation/mail.html -MAIL_DRIVER=${MAIL_DRIVER} -MAIL_HOST=${MAIL_HOST} -MAIL_PORT=${MAIL_PORT} -MAIL_FROM=${MAIL_FROM} -MAIL_USERNAME=${MAIL_USERNAME} -MAIL_PASSWORD="${MAIL_PASSWORD}" -MAIL_ENCRYPTION=${MAIL_ENCRYPTION} +MAIL_DRIVER=log +MAIL_HOST=smtp.mailtrap.io +MAIL_PORT=2525 +MAIL_FROM=changeme@example.com +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null # Other mail drivers: -MAILGUN_DOMAIN=${MAILGUN_DOMAIN} -MAILGUN_SECRET=${MAILGUN_SECRET} -MANDRILL_SECRET=${MANDRILL_SECRET} -SPARKPOST_SECRET=${SPARKPOST_SECRET} +MAILGUN_DOMAIN= +MAILGUN_SECRET= +MANDRILL_SECRET= +SPARKPOST_SECRET= # Firefly III can send you the following messages SEND_REGISTRATION_MAIL=true -SEND_ERROR_MESSAGE=false +SEND_ERROR_MESSAGE=true # These messages contain (sensitive) transaction information: -SEND_REPORT_JOURNALS=${SEND_REPORT_JOURNALS} +SEND_REPORT_JOURNALS=true # Set a Mapbox API key here (see mapbox.com) so there might be a map available at various places. -MAPBOX_API_KEY=${MAPBOX_API_KEY} +MAPBOX_API_KEY= # Firefly III currently supports two provider for live Currency Exchange Rates: # "fixer" is the default (for backward compatibility), and "ratesapi" is the new one. # RatesApi.IO (see https://ratesapi.io) is a FREE and OPEN SOURCE live currency exchange rates, -# built compatible with Fixer.IO, based on data published by European Central Bank, and don't require API key. -CER_PROVIDER=${CER_PROVIDER} +# built compatible with Fixer.IO, based on data published by European Central Bank, and doesn't require API key. +CER_PROVIDER=ratesapi + # If you have select "fixer" as default currency exchange rates, # set a Fixer IO API key here (see https://fixer.io) to enable live currency exchange rates. # Please note that this WILL ONLY WORK FOR PAID fixer.io accounts because they severely limited # the free API up to the point where you might as well offer nothing. -FIXER_API_KEY=${FIXER_API_KEY} +FIXER_API_KEY= # If you wish to track your own behavior over Firefly III, set a valid analytics tracker ID here. -ANALYTICS_ID=${ANALYTICS_ID} - -# Most parts of the database are encrypted by default, but you can turn this off if you want to. -# This makes it easier to migrate your database. Not that some fields will never be decrypted. -USE_ENCRYPTION=true +ANALYTICS_ID= # Firefly III has two options for user authentication. "eloquent" is the default, # and "ldap" for LDAP servers. # For full instructions on these settings please visit: # https://firefly-iii.readthedocs.io/en/latest/installation/authentication.html -LOGIN_PROVIDER=${LOGIN_PROVIDER} +LOGIN_PROVIDER=eloquent # LDAP connection configuration -ADLDAP_CONNECTION_SCHEME=${ADLDAP_CONNECTION_SCHEME} -ADLDAP_AUTO_CONNECT=${ADLDAP_AUTO_CONNECT} +# OpenLDAP, FreeIPA or ActiveDirectory +ADLDAP_CONNECTION_SCHEME=OpenLDAP +ADLDAP_AUTO_CONNECT=true # LDAP connection settings -ADLDAP_CONTROLLERS=${ADLDAP_CONTROLLERS} -ADLDAP_PORT=${ADLDAP_PORT} -ADLDAP_TIMEOUT=${ADLDAP_TIMEOUT} -ADLDAP_BASEDN="${ADLDAP_BASEDN}" -ADLDAP_FOLLOW_REFFERALS=${ADLDAP_FOLLOW_REFFERALS} -ADLDAP_USE_SSL=${ADLDAP_USE_SSL} -ADLDAP_USE_TLS=${ADLDAP_USE_TLS} +ADLDAP_CONTROLLERS= +ADLDAP_PORT=389 +ADLDAP_TIMEOUT=5 +ADLDAP_BASEDN="" +ADLDAP_FOLLOW_REFFERALS=false +ADLDAP_USE_SSL=false +ADLDAP_USE_TLS=false -ADLDAP_ADMIN_USERNAME=${ADLDAP_ADMIN_USERNAME} -ADLDAP_ADMIN_PASSWORD="${ADLDAP_ADMIN_PASSWORD}" +ADLDAP_ADMIN_USERNAME= +ADLDAP_ADMIN_PASSWORD= -ADLDAP_ACCOUNT_PREFIX="${ADLDAP_ACCOUNT_PREFIX}" -ADLDAP_ACCOUNT_SUFFIX="${ADLDAP_ACCOUNT_SUFFIX}" +ADLDAP_ACCOUNT_PREFIX= +ADLDAP_ACCOUNT_SUFFIX= # LDAP authentication settings. -ADLDAP_PASSWORD_SYNC=${ADLDAP_PASSWORD_SYNC} -ADLDAP_LOGIN_FALLBACK=${ADLDAP_LOGIN_FALLBACK} +ADLDAP_PASSWORD_SYNC=false +ADLDAP_LOGIN_FALLBACK=false -ADLDAP_DISCOVER_FIELD=${ADLDAP_DISCOVER_FIELD} -ADLDAP_AUTH_FIELD=${ADLDAP_AUTH_FIELD} +ADLDAP_DISCOVER_FIELD=distinguishedname +ADLDAP_AUTH_FIELD=distinguishedname # Will allow SSO if your server provides an AUTH_USER field. -WINDOWS_SSO_DISCOVER=${WINDOWS_SSO_DISCOVER} -WINDOWS_SSO_KEY=${WINDOWS_SSO_KEY} +WINDOWS_SSO_DISCOVER=samaccountname +WINDOWS_SSO_KEY=AUTH_USER # field to sync as local username. -ADLDAP_SYNC_FIELD=${ADLDAP_SYNC_FIELD} +ADLDAP_SYNC_FIELD=userprincipalname # You can disable the X-Frame-Options header if it interfears with tools like # Organizr. This is at your own risk. -DISABLE_FRAME_HEADER=${DISABLE_FRAME_HEADER} +DISABLE_FRAME_HEADER=false # Leave the following configuration vars as is. # Unless you like to tinker and know what you're doing. @@ -178,7 +176,8 @@ PUSHER_SECRET= PUSHER_ID= DEMO_USERNAME= DEMO_PASSWORD= -IS_DOCKER=true +IS_DOCKER=false +USE_ENCRYPTION=false IS_SANDSTORM=false IS_HEROKU=false BUNQ_USE_SANDBOX=false