cphipps/watchstate
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Updated default http server logging to be less verbose.

Browse Source
This commit is contained in:
abdulmohsen
2022-07-23 14:34:05 +03:00
parent 6417737caf
commit 452cafe322
8 changed files with 117 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
Dockerfile
View File

@@ -16,39 +16,59 @@ RUN apk add --no-cache bash caddy nano curl procps net-tools iproute2 shadow sql
${PHP_V}-sodium ${PHP_V}-sysvmsg ${PHP_V}-sysvsem ${PHP_V}-sysvshm ${PHP_V}-tokenizer ${PHP_V}-xml ${PHP_V}-openssl \ ${PHP_V}-sodium ${PHP_V}-sysvmsg ${PHP_V}-sysvsem ${PHP_V}-sysvshm ${PHP_V}-tokenizer ${PHP_V}-xml ${PHP_V}-openssl \
${PHP_V}-xmlreader ${PHP_V}-xmlwriter ${PHP_V}-zip ${PHP_V}-pecl-igbinary ${PHP_V}-pecl-redis ${PHP_V}-pecl-xhprof ${PHP_V}-xmlreader ${PHP_V}-xmlwriter ${PHP_V}-zip ${PHP_V}-pecl-igbinary ${PHP_V}-pecl-redis ${PHP_V}-pecl-xhprof
# Create user and group # Update Caddy and add packages to it.
# #
RUN deluser redis && deluser caddy && groupmod -g 1588787 users && useradd -u 1000 -U -d /config -s /bin/bash user && \ RUN echo 'Adding non modules to HTTP Server.' && \
mkdir -p /config /opt/app && ln -s /usr/bin/php81 /usr/bin/php # add modules to caddy.
caddy add-package github.com/lolPants/caddy-requestid github.com/caddyserver/transform-encoder >/dev/null 2>&1
# Copy tool files. # Basic setup
#
RUN echo '' && \
# Delete unused users change users group gid to allow unRaid users to use gid 100
deluser redis && deluser caddy && groupmod -g 1588787 users && \
# Create our own user.
useradd -u 1000 -U -d /config -s /bin/bash user && \
# Create basic directories.
mkdir -p /opt/app /config/{backup,cache,config,db,debug,logs,webhooks} && \
# link php runtime to to php.
ln -s /usr/bin/${PHP_V} /usr/bin/php && \
# we are running rootless, so user,group config options has no affect.
sed -i 's/user = nobody/; user = user/' /etc/${PHP_V}/php-fpm.d/www.conf && \
sed -i 's/group = nobody/; group = users/' /etc/${PHP_V}/php-fpm.d/www.conf
# Copy source code to container.
# #
COPY ./ /opt/app COPY ./ /opt/app
# install composer & packages. # install composer & packages.
# #
ADD https://getcomposer.org/download/latest-stable/composer.phar /opt/composer RUN echo '' && \
# Download composer.
RUN chmod +x /opt/composer && \ curl -sSL "https://getcomposer.org/download/latest-stable/composer.phar" -o /opt/composer && chmod +x /opt/composer && \
/opt/composer --working-dir=/opt/app/ -o --no-progress --no-interaction --no-ansi --no-dev --no-cache --quiet -- install && \ # Install dependencies.
/opt/composer --working-dir=/opt/app/ -no --no-progress --no-dev --no-cache --quiet -- install && \
# Remove composer.
rm /opt/composer rm /opt/composer
# Copy configuration files to the expected directories. # Copy configuration files to the expected directories.
# #
RUN ln -s ${TOOL_PATH}/bin/console /usr/bin/console && \ RUN ln -s ${TOOL_PATH}/bin/console /usr/bin/console && \
cp ${TOOL_PATH}/container/files/cron.sh /opt/job-runner && \ cp ${TOOL_PATH}/container/files/job-runner.sh /opt/job-runner && \
cp ${TOOL_PATH}/container/files/Caddyfile /opt/Caddyfile && \ cp ${TOOL_PATH}/container/files/Caddyfile /opt/Caddyfile && \
cp ${TOOL_PATH}/container/files/redis.conf /opt/redis.conf && \ cp ${TOOL_PATH}/container/files/redis.conf /opt/redis.conf && \
cp ${TOOL_PATH}/container/files/init-container.sh /opt/init-container && \ cp ${TOOL_PATH}/container/files/init-container.sh /opt/init-container && \
cp ${TOOL_PATH}/container/files/fpm.conf /etc/${PHP_V}/php-fpm.d/z-container.conf && \ cp ${TOOL_PATH}/container/files/fpm.conf /etc/${PHP_V}/php-fpm.d/z-container.conf && \
rm -rf ${TOOL_PATH}/{container,var,.github,.git} && \ rm -rf ${TOOL_PATH}/{container,var,.github,.git,.env} && \
sed -i 's/user = nobody/; user = user/' /etc/${PHP_V}/php-fpm.d/www.conf && \ caddy fmt -overwrite /opt/Caddyfile
sed -i 's/group = nobody/; group = users/' /etc/${PHP_V}/php-fpm.d/www.conf
# Change Permissions. # Change Permissions.
# #
RUN chmod +x /usr/bin/console /opt/init-container /opt/job-runner && \ RUN echo '' && \
chown -R user:user /config /opt /etc/${PHP_V} /var/run /run # Make sure console,init-container,job-runner are given executable flag.
chmod +x /usr/bin/console /opt/init-container /opt/job-runner && \
# Change permissions on our working directories.
chown -R user:user /config /opt /etc/${PHP_V}
# Set the entrypoint. # Set the entrypoint.
# #
@@ -64,7 +84,7 @@ USER user
# Expose the ports. # Expose the ports.
# #
EXPOSE 9000 8081 EXPOSE 9000 8080 8443
# Health check. # Health check.
# #

10
FAQ.md
View File

@@ -159,6 +159,8 @@ These environment variables relates to the tool itself, you can load them via th
| WS_LOGGER_FILE_LEVEL | string | File Logger Level. | `ERROR` | | WS_LOGGER_FILE_LEVEL | string | File Logger Level. | `ERROR` |
| WS_WEBHOOK_DEBUG | bool | If enabled, allow dumping request/webhook using `rdump` & `wdump` parameters. | `false` | | WS_WEBHOOK_DEBUG | bool | If enabled, allow dumping request/webhook using `rdump` & `wdump` parameters. | `false` |
| WS_EPISODES_DISABLE_GUID | bool | Disable external id parsing for episodes and rely on relative ids. | `true` | | WS_EPISODES_DISABLE_GUID | bool | Disable external id parsing for episodes and rely on relative ids. | `true` |
| WS_TRUST_PROXY | bool | Trust `WS_TRUST_HEADER` ip. Value casted to bool. | `false` |
| WS_TRUST_HEADER | string | Which header contain user true IP. | `X-Forwarded-For` |
**Note**: for environment variables that has `{TASK}` tag, you **MUST** replace it with one **Note**: for environment variables that has `{TASK}` tag, you **MUST** replace it with one
of `IMPORT`, `EXPORT`, `PUSH`, `BACKUP`, `PRUNE`, `INDEXES`. To see tasks active settings run of `IMPORT`, `EXPORT`, `PUSH`, `BACKUP`, `PRUNE`, `INDEXES`. To see tasks active settings run
@@ -185,7 +187,7 @@ via the `docker-compose.yaml` file.
To add webhook for your backend the URL will be dependent on how you exposed webhook frontend, but typically it will be To add webhook for your backend the URL will be dependent on how you exposed webhook frontend, but typically it will be
like this: like this:
Directly to container: `http://localhost:8081/?apikey=[WEBHOOK_TOKEN]` Directly to container: `http://localhost:8080/?apikey=[WEBHOOK_TOKEN]`
Via reverse proxy : `https://watchstate.domain.example/?apikey=[WEBHOOK_TOKEN]`. Via reverse proxy : `https://watchstate.domain.example/?apikey=[WEBHOOK_TOKEN]`.
@@ -215,7 +217,7 @@ Go to your Manage Emby Server > Server > Webhooks > (Click Add Webhook)
##### Webhook Url: ##### Webhook Url:
`http://localhost:8081/?apikey=[WEBHOOK_TOKEN]` `http://localhost:8080/?apikey=[WEBHOOK_TOKEN]`
##### Webhook Events: ##### Webhook Events:
@@ -236,7 +238,7 @@ Go to your Plex Web UI > Settings > Your Account > Webhooks > (Click ADD WEBHOOK
##### URL: ##### URL:
`http://localhost:8081/?apikey=[WEBHOOK_TOKEN]` `http://localhost:8080/?apikey=[WEBHOOK_TOKEN]`
Click `Save Changes` Click `Save Changes`
@@ -276,7 +278,7 @@ go back again to dashboard > plugins > webhook. Add `Add Generic Destination`,
##### Webhook Url: ##### Webhook Url:
`http://localhost:8081` `http://localhost:8080`
##### Notification Type: ##### Notification Type:

8
README.md
View File

@@ -16,7 +16,7 @@ out of the box, this tool support `Jellyfin`, `Plex` and `Emby` media servers.
---- ----
## Breaking change since 2022-07-22 ## Breaking change since 2022-07-23
We rebuilt the container to be `rootless` and to be more secure. So, there are some breaking changes that might need We rebuilt the container to be `rootless` and to be more secure. So, there are some breaking changes that might need
your attention. Things that need to be adjusted if you run this tool before 2022-07-22: your attention. Things that need to be adjusted if you run this tool before 2022-07-22:
@@ -24,10 +24,10 @@ your attention. Things that need to be adjusted if you run this tool before 2022
### Webhook default listener port ### Webhook default listener port
Since we used to use the port `80` and this port is privileged we cannot use it in rootless container, so the default Since we used to use the port `80` and this port is privileged we cannot use it in rootless container, so the default
port changed to `8081`. If you used the webhook receiver before. you have to change the port in your media backends and port changed to `8080`. If you used the webhook receiver before. you have to change the port in your media backends and
or your frontend proxy. or your frontend proxy.
### User/Group Id ### User id and group id mapping
Running rootless means we cannot change the user and group id inside the container anymore. So, if you changed the Running rootless means we cannot change the user and group id inside the container anymore. So, if you changed the
user/group id before using `WS_GID`, `WS_UID` those no longer works, and you need to use the `user:` directive. There is user/group id before using `WS_GID`, `WS_UID` those no longer works, and you need to use the `user:` directive. There is
@@ -58,7 +58,7 @@ services:
environment: environment:
- WS_TZ=Asia/Kuwait # Set timezone. - WS_TZ=Asia/Kuwait # Set timezone.
ports: ports:
- "8081:8081" # webhook listener port. - "8080:8080" # webhook listener port.
volumes: volumes:
- ./data:/config:rw # mount current directory to container /config directory. - ./data:/config:rw # mount current directory to container /config directory.
``` ```

4
config/config.php
View File

@@ -41,6 +41,10 @@ return (function () {
] ]
], ],
'ignore' => [], 'ignore' => [],
'trust' => [
'proxy' => (bool)env('WS_TRUST_PROXY', false),
'header' => (string)env('WS_TRUST_HEADER', 'X-Forwarded-For'),
],
]; ];
$logDateFormat = makeDate()->format('Ymd'); $logDateFormat = makeDate()->format('Ymd');

28
container/files/Caddyfile
View File

@@ -1,6 +1,24 @@
http://:8081 { {
root * /opt/app/public order request_id before header
php_fastcgi 127.0.0.1:9000 http_port 8080
file_server https_port 8443
log }
http:// {
request_id 12
root * /opt/app/public
header * X-Request-Id "{http.request_id}"
php_fastcgi 127.0.0.1:9000 {
trusted_proxies private_ranges
env X_REQUEST_ID "{http.request_id}"
}
log {
format transform `{request>remote_ip} - {request>headers>X-Forwarded-For>[0]} - [{ts}] "{request>method} {request>uri} {request>proto}" {status} {size} "{request>headers>Referer>[0]}" "{request>headers>User-Agent>[0]}" - "{resp_headers>X-Request-Id>[0]}"` {
time_format "02/Jan/2006:15:04:05 -0700"
}
}
} }

8
container/files/cron.sh → container/files/job-runner.sh Executable file → Normal file
View File

@@ -1,14 +1,14 @@
#!/usr/bin/env bash #!/usr/bin/env bash
PID="/var/run/runner.pid" PID="/opt/job-runner.pid"
trap "rm -f ${pid}" SIGSEGV # shellcheck disable=SC2064
trap "rm -f ${pid}" SIGINT trap 'rm -f "${PID}"; exit' EXIT SIGQUIT SIGINT SIGTERM ERR
# Exit if already running. # Exit if already running.
# #
if [ -f "${PID}" ]; then if [ -f "${PID}" ]; then
echo "Another process is running. $(cat "${PID}")" echo "Another process is running. [${PID}]: $(cat "${PID}")"
exit 0 exit 0
fi fi

17
src/Libs/Initializer.php
View File

@@ -682,17 +682,14 @@ final class Initializer
} }
} }
$context = array_replace_recursive( $context = array_replace_recursive([
[ 'request' => [
'request' => [ 'id' => ag($params, 'X_REQUEST_ID'),
'id' => ag($params, 'X_REQUEST_ID'), 'ip' => getClientIp($request),
'ip' => ag($params, ['X_FORWARDED_FOR', 'REMOTE_ADDR']), 'agent' => ag($params, 'HTTP_USER_AGENT'),
'agent' => ag($params, 'HTTP_USER_AGENT'), 'uri' => (string)$uri,
'uri' => (string)$uri,
],
], ],
$context ], $context);
);
if (($attributes = $request->getAttributes()) && count($attributes) >= 1) { if (($attributes = $request->getAttributes()) && count($attributes) >= 1) {
$context['attributes'] = $attributes; $context['attributes'] = $attributes;

34
src/Libs/helpers.php
View File

@@ -708,3 +708,37 @@ if (false === function_exists('generateRoutes')) {
return $routes; return $routes;
} }
} }
if (!function_exists('getClientIp')) {
function getClientIp(?ServerRequestInterface $request = null): string
{
$params = $request?->getServerParams() ?? $_SERVER;
$realIp = (string)ag($params, 'REMOTE_ADDR', '0.0.0.0');
if (false === (bool)Config::get('trust.proxy', false)) {
return $realIp;
}
$forwardIp = ag(
$params,
'HTTP_' . strtoupper(trim(str_replace('-', '_', Config::get('trust.header', 'X-Forwarded-For'))))
);
if ($forwardIp === $realIp || empty($forwardIp)) {
return $realIp;
}
if (null === ($firstIp = explode(',', $forwardIp)[0] ?? null)) {
return $realIp;
}
$firstIp = trim($firstIp);
if (false === filter_var($firstIp, FILTER_VALIDATE_IP)) {
return $realIp;
}
return trim($firstIp);
}
}