Merge branch 'NginxProxyManager:develop' into develop-crowdsec

docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run

@@ -10,12 +10,12 @@ cd /app || exit 1
 log_info 'Starting backend ...'
 
 if [ "${DEVELOPMENT:-}" = 'true' ]; then
-	s6-setuidgid npmuser yarn install
-	exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js'
+	s6-setuidgid "$PUID:$PGID" yarn install
+	exec s6-setuidgid "$PUID:$PGID" bash -c "export HOME=$NPMHOME;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js"
 else
 	while :
 	do
-		s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js'
+		s6-setuidgid "$PUID:$PGID" bash -c "export HOME=$NPMHOME;node --abort_on_uncaught_exception --max_old_space_size=250 index.js"
 		sleep 1
 	done
 fi

docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run

@@ -8,14 +8,14 @@ set -e
 if [ "$DEVELOPMENT" = 'true' ]; then
 	. /bin/common.sh
 	cd /app/frontend || exit 1
-	HOME=/tmp/npmuserhome
+	HOME=$NPMHOME
 	export HOME
 	mkdir -p /app/frontend/dist
 	chown -R "$PUID:$PGID" /app/frontend/dist
 
 	log_info 'Starting frontend ...'
-	s6-setuidgid npmuser yarn install
-	exec s6-setuidgid npmuser yarn watch
+	s6-setuidgid "$PUID:$PGID" yarn install
+	exec s6-setuidgid "$PUID:$PGID" yarn watch
 else
 	exit 0
 fi

docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -6,4 +6,4 @@ set -e
 . /bin/common.sh
 
 log_info 'Starting nginx ...'
-exec s6-setuidgid npmuser nginx
+exec s6-setuidgid "$PUID:$PGID" nginx

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/00-all.sh

@@ -9,7 +9,11 @@ if [ "$(id -u)" != "0" ]; then
 	log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization."
 fi
 
-. /etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh
+if [ "$DEBUG" = "true" ]; then
+	set -x
+fi
+
+. /etc/s6-overlay/s6-rc.d/prepare/10-usergroup.sh
 . /etc/s6-overlay/s6-rc.d/prepare/20-paths.sh
 . /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
 . /etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh

@@ -1,20 +0,0 @@
-#!/command/with-contenv bash
-# shellcheck shell=bash
-
-set -e
-
-log_info 'Configuring npmuser ...'
-
-if id -u npmuser; then
-	# user already exists
-	usermod -u "$PUID" npmuser || exit 1
-else
-	# Add npmuser user
-	useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
-fi
-
-usermod -G "$PGID" npmuser || exit 1
-groupmod -o -g "$PGID" npmuser || exit 1
-# Home for npmuser
-mkdir -p /tmp/npmuserhome
-chown -R "$PUID:$PGID" /tmp/npmuserhome

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-usergroup.sh

@@ -0,0 +1,40 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+set -e
+
+log_info "Configuring $NPMUSER user ..."
+
+if id -u "$NPMUSER" 2>/dev/null; then
+	# user already exists
+	usermod -u "$PUID" "$NPMUSER"
+else
+	# Add user
+	useradd -o -u "$PUID" -U -d "$NPMHOME" -s /bin/false "$NPMUSER"
+fi
+
+log_info "Configuring $NPMGROUP group ..."
+if [ "$(get_group_id "$NPMGROUP")" = '' ]; then
+	# Add group. This will not set the id properly if it's already taken
+	groupadd -f -g "$PGID" "$NPMGROUP"
+else
+	groupmod -o -g "$PGID" "$NPMGROUP"
+fi
+
+# Set the group ID and check it
+groupmod -o -g "$PGID" "$NPMGROUP"
+if [ "$(get_group_id "$NPMGROUP")" != "$PGID" ]; then
+	echo "ERROR: Unable to set group id properly"
+	exit 1
+fi
+
+# Set the group against the user and check it
+usermod -G "$PGID" "$NPMGROUP"
+if [ "$(id -g "$NPMUSER")" != "$PGID" ] ; then
+	echo "ERROR: Unable to set group against the user properly"
+	exit 1
+fi
+
+# Home for user
+mkdir -p "$NPMHOME"
+chown -R "$PUID:$PGID" "$NPMHOME"

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -8,17 +8,20 @@ log_info 'Setting ownership ...'
 # root
 chown root /tmp/nginx
 
-# npmuser
-chown -R "$PUID:$PGID" /data \
-	/etc/letsencrypt \
-	/run/nginx \
-	/tmp/nginx \
-	/var/cache/nginx \
-	/var/lib/logrotate \
-	/var/lib/nginx \
-	/var/log/nginx
+# npm user and group
+chown -R "$PUID:$PGID" /data
+chown -R "$PUID:$PGID" /etc/letsencrypt
+chown -R "$PUID:$PGID" /run/nginx
+chown -R "$PUID:$PGID" /tmp/nginx
+chown -R "$PUID:$PGID" /var/cache/nginx
+chown -R "$PUID:$PGID" /var/lib/logrotate
+chown -R "$PUID:$PGID" /var/lib/nginx
+chown -R "$PUID:$PGID" /var/log/nginx
 
 # Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R "$PUID:$PGID" /etc/nginx/nginx \
-	/etc/nginx/nginx.conf \
-	/etc/nginx/conf.d
+chown -R "$PUID:$PGID" /etc/nginx/nginx
+chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+chown -R "$PUID:$PGID" /etc/nginx/conf.d
+
+# Prevents errors when installing python certbot plugins when non-root
+chown -R "$PUID:$PGID" /opt/certbot

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

@@ -1,8 +1,11 @@
-#!/bin/bash
+#!/command/with-contenv bash
+# shellcheck shell=bash
 
 # This command reads the `DISABLE_IPV6` env var and will either enable
 # or disable ipv6 in all nginx configs based on this setting.
 
+set -e
+
 log_info 'IPv6 ...'
 
 # Lowercase
@@ -28,7 +31,7 @@ process_folder () {
 		sed -E -i "$SED_REGEX" "$FILE"
 	done
 
-	# ensure the files are still owned by the npmuser
+	# ensure the files are still owned by the npm user
 	chown -R "$PUID:$PGID" "$1"
 }
 

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh

@@ -2,6 +2,7 @@
 # shellcheck shell=bash
 
 set -e
+set +x
 
 echo "
 -------------------------------------
@@ -11,7 +12,7 @@ echo "
 | |\  |  __/| |  | |
 |_| \_|_|   |_|  |_|
 -------------------------------------
-User ID:  $PUID
-Group ID: $PGID
+User:  $NPMUSER PUID:$PUID ID:$(id -u "$NPMUSER") GROUP:$(id -g "$NPMUSER")
+Group: $NPMGROUP PGID:$PGID ID:$(get_group_id "$NPMGROUP")
 -------------------------------------
 "