diff --git a/bitnami/matomo/4/debian-10/Dockerfile b/bitnami/matomo/4/debian-10/Dockerfile index c99dcfb7ba79..327dfa20bc9c 100644 --- a/bitnami/matomo/4/debian-10/Dockerfile +++ b/bitnami/matomo/4/debian-10/Dockerfile @@ -21,8 +21,8 @@ RUN chmod g+rwX /opt/bitnami RUN sed -i -e '/pam_loginuid.so/ s/^#*/#/' /etc/pam.d/cron COPY rootfs / -RUN /opt/bitnami/scripts/apache/postunpack.sh RUN /opt/bitnami/scripts/php/postunpack.sh +RUN /opt/bitnami/scripts/apache/postunpack.sh RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh RUN /opt/bitnami/scripts/matomo/postunpack.sh RUN /opt/bitnami/scripts/mysql-client/postunpack.sh @@ -31,7 +31,7 @@ ENV ALLOW_EMPTY_PASSWORD="no" \ APACHE_HTTPS_PORT_NUMBER="" \ APACHE_HTTP_PORT_NUMBER="" \ BITNAMI_APP_NAME="matomo" \ - BITNAMI_IMAGE_VERSION="4.2.1-debian-10-r34" \ + BITNAMI_IMAGE_VERSION="4.2.1-debian-10-r35" \ MARIADB_HOST="mariadb" \ MARIADB_PORT_NUMBER="3306" \ MARIADB_ROOT_PASSWORD="" \ diff --git a/bitnami/matomo/4/debian-10/docker-compose.yml b/bitnami/matomo/4/debian-10/docker-compose.yml index c2d7859fc040..9c895b2fb054 100644 --- a/bitnami/matomo/4/debian-10/docker-compose.yml +++ b/bitnami/matomo/4/debian-10/docker-compose.yml @@ -1,7 +1,7 @@ version: "2" services: mariadb: - image: "docker.io/bitnami/mariadb:10.3-debian-10" + image: docker.io/bitnami/mariadb:10.3 environment: - ALLOW_EMPTY_PASSWORD=yes - MARIADB_USER=bn_matomo @@ -12,7 +12,7 @@ services: volumes: - "mariadb_data:/bitnami/mariadb" matomo: - image: "docker.io/bitnami/matomo:4-debian-10" + image: docker.io/bitnami/matomo:4 ports: - "80:8080" - "443:8443" diff --git a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libapache.sh index ff262cb594a7..115d0f720e51 100644 --- a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libapache.sh +++ b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libapache.sh @@ -685,3 +685,23 @@ apache_update_app_configuration() { fi fi } + +######################## +# Create a password file for basic authentication and restrict its permissions +# Globals: +# * +# Arguments: +# $1 - file +# $2 - username +# $3 - password +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_create_password_file() { + local -r file="${1:?missing file}" + local -r username="${2:?missing username}" + local -r password="${3:?missing password}" + + "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" + am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" +} diff --git a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh index 2afb2e9689c7..1de30688ba66 100644 --- a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh +++ b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -12,7 +12,7 @@ ######################## # Validate settings in MYSQL_CLIENT_* environment variables # Globals: -# DB_* +# MYSQL_CLIENT_* # Arguments: # None # Returns: @@ -45,24 +45,24 @@ mysql_client_validate() { } # Only validate environment variables if any action needs to be performed - check_yes_no_value "DB_ENABLE_SSL_WRAPPER" + check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" - if [[ -n "$DB_CREATE_DATABASE_USER" || -n "$DB_CREATE_DATABASE_NAME" ]]; then + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then empty_password_enabled_warn else - if [[ -z "$DB_ROOT_PASSWORD" ]]; then - empty_password_error "$(get_env_var ROOT_PASSWORD)" + if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" fi - if [[ -n "$DB_CREATE_DATABASE_USER" ]] && [[ -z "$DB_CREATE_DATABASE_PASSWORD" ]]; then - empty_password_error "$(get_env_var CREATE_DATABASE_PASSWORD)" + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" fi fi - if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var ROOT_PASSWORD)" + if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" fi - if [[ "${DB_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then - backslash_password_error "$(get_env_var CREATE_DATABASE_PASSWORD)" + if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" fi fi return "$error_code" @@ -71,7 +71,7 @@ mysql_client_validate() { ######################## # Perform actions to a database # Globals: -# DB_* +# MYSQL_CLIENT_* # Arguments: # None # Returns: @@ -79,14 +79,14 @@ mysql_client_validate() { ######################### mysql_client_initialize() { # Wrap binary to force the usage of SSL - if is_boolean_yes "$DB_ENABLE_SSL_WRAPPER"; then + if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then mysql_client_wrap_binary_for_ssl fi # Wait for the database to be accessible if any action needs to be performed - if [[ -n "$DB_CREATE_DATABASE_USER" || -n "$DB_CREATE_DATABASE_NAME" ]]; then + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then info "Trying to connect to the database server" check_mysql_connection() { - echo "SELECT 1" | mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "-h" "$DB_DATABASE_HOST" "-P" "$DB_DATABASE_PORT_NUMBER" + echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" } if ! retry_while "check_mysql_connection"; then error "Could not connect to the database server" @@ -94,20 +94,20 @@ mysql_client_initialize() { fi fi # Ensure a database user exists in the server - if [[ -n "$DB_CREATE_DATABASE_USER" ]]; then - info "Creating database user ${DB_CREATE_DATABASE_USER}" - local -a args=("$DB_CREATE_DATABASE_USER" "--host" "$DB_DATABASE_HOST" "--port" "$DB_DATABASE_PORT_NUMBER") - [[ -n "$DB_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$DB_CREATE_DATABASE_PASSWORD") - [[ -n "$DB_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$DB_DATABASE_AUTHENTICATION_PLUGIN") + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then + info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" + local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") + [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") mysql_ensure_optional_user_exists "${args[@]}" fi # Ensure a database exists in the server (and that the user has write privileges, if specified) - if [[ -n "$DB_CREATE_DATABASE_NAME" ]]; then - info "Creating database ${DB_CREATE_DATABASE_NAME}" - local -a createdb_args=("$DB_CREATE_DATABASE_NAME" "--host" "$DB_DATABASE_HOST" "--port" "$DB_DATABASE_PORT_NUMBER") - [[ -n "$DB_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$DB_CREATE_DATABASE_USER") - [[ -n "$DB_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$DB_CREATE_DATABASE_CHARACTER_SET") - [[ -n "$DB_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$DB_CREATE_DATABASE_COLLATE") + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" + local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") mysql_ensure_optional_database_exists "${createdb_args[@]}" fi } @@ -115,15 +115,15 @@ mysql_client_initialize() { ######################## # Wrap binary to force the usage of SSL # Globals: -# DB_* +# MYSQL_CLIENT_* # Arguments: # None # Returns: # None ######################### mysql_client_wrap_binary_for_ssl() { - local -r wrapper_file="${DB_BIN_DIR}/mysql" - local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" + local -r wrapper_file="${MYSQL_CLIENT_BIN_DIR}/mysql" + local -r wrapped_binary_file="${MYSQL_CLIENT_BASE_DIR}/.bin/mysql" local -a ssl_opts=() read -r -a ssl_opts <<< "$(mysql_client_extra_opts)" diff --git a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh index de6600ffb0ed..d074ba93e4cf 100644 --- a/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh +++ b/bitnami/matomo/4/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh @@ -38,6 +38,11 @@ mysql_env_vars=( MYSQL_CLIENT_SSL_CERT_FILE MYSQL_CLIENT_SSL_KEY_FILE MYSQL_CLIENT_EXTRA_FLAGS + MARIADB_AUTHENTICATION_PLUGIN + MARIADB_HOST + MARIADB_PORT_NUMBER + MARIADB_ROOT_USER + MARIADB_ROOT_PASSWORD ) for env_var in "${mysql_env_vars[@]}"; do file_env_var="${env_var}_FILE" @@ -71,14 +76,19 @@ export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}" export DB_DAEMON_USER="mysql" export DB_DAEMON_GROUP="mysql" export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" +MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN="${MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN:-"${MARIADB_AUTHENTICATION_PLUGIN:-}"}" export MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN="${MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN:-}" -export DB_DATABASE_AUTHENTICATION_PLUGIN="$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" +export DB_AUTHENTICATION_PLUGIN="$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" +MYSQL_CLIENT_DATABASE_HOST="${MYSQL_CLIENT_DATABASE_HOST:-"${MARIADB_HOST:-}"}" export MYSQL_CLIENT_DATABASE_HOST="${MYSQL_CLIENT_DATABASE_HOST:-mariadb}" -export DB_DATABASE_HOST="$MYSQL_CLIENT_DATABASE_HOST" +export DB_HOST="$MYSQL_CLIENT_DATABASE_HOST" +MYSQL_CLIENT_DATABASE_PORT_NUMBER="${MYSQL_CLIENT_DATABASE_PORT_NUMBER:-"${MARIADB_PORT_NUMBER:-}"}" export MYSQL_CLIENT_DATABASE_PORT_NUMBER="${MYSQL_CLIENT_DATABASE_PORT_NUMBER:-3306}" -export DB_DATABASE_PORT_NUMBER="$MYSQL_CLIENT_DATABASE_PORT_NUMBER" +export DB_PORT_NUMBER="$MYSQL_CLIENT_DATABASE_PORT_NUMBER" +MYSQL_CLIENT_DATABASE_ROOT_USER="${MYSQL_CLIENT_DATABASE_ROOT_USER:-"${MARIADB_ROOT_USER:-}"}" export MYSQL_CLIENT_DATABASE_ROOT_USER="${MYSQL_CLIENT_DATABASE_ROOT_USER:-root}" export DB_ROOT_USER="$MYSQL_CLIENT_DATABASE_ROOT_USER" # only used during the first initialization +MYSQL_CLIENT_DATABASE_ROOT_PASSWORD="${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-"${MARIADB_ROOT_PASSWORD:-}"}" export MYSQL_CLIENT_DATABASE_ROOT_PASSWORD="${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" export DB_ROOT_PASSWORD="$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" # only used during the first initialization export MYSQL_CLIENT_CREATE_DATABASE_NAME="${MYSQL_CLIENT_CREATE_DATABASE_NAME:-}" diff --git a/bitnami/matomo/README.md b/bitnami/matomo/README.md index 248651940f53..a9f13f96f25d 100644 --- a/bitnami/matomo/README.md +++ b/bitnami/matomo/README.md @@ -36,7 +36,7 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`4`, `4-debian-10`, `4.2.1`, `4.2.1-debian-10-r34`, `latest` (4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-matomo/blob/4.2.1-debian-10-r34/4/debian-10/Dockerfile) +* [`4`, `4-debian-10`, `4.2.1`, `4.2.1-debian-10-r35`, `latest` (4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-matomo/blob/4.2.1-debian-10-r35/4/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/matomo GitHub repo](https://github.com/bitnami/bitnami-docker-matomo). diff --git a/bitnami/matomo/docker-compose.yml b/bitnami/matomo/docker-compose.yml index c2d7859fc040..9c895b2fb054 100644 --- a/bitnami/matomo/docker-compose.yml +++ b/bitnami/matomo/docker-compose.yml @@ -1,7 +1,7 @@ version: "2" services: mariadb: - image: "docker.io/bitnami/mariadb:10.3-debian-10" + image: docker.io/bitnami/mariadb:10.3 environment: - ALLOW_EMPTY_PASSWORD=yes - MARIADB_USER=bn_matomo @@ -12,7 +12,7 @@ services: volumes: - "mariadb_data:/bitnami/mariadb" matomo: - image: "docker.io/bitnami/matomo:4-debian-10" + image: docker.io/bitnami/matomo:4 ports: - "80:8080" - "443:8443"