mirror of
				https://github.com/paperless-ngx/paperless-ngx.git
				synced 2025-10-26 03:36:08 -05:00 
			
		
		
		
	Adds an untested custom startup functionality
This commit is contained in:
		 Trenton Holmes
					Trenton Holmes
				
			
				
					committed by
					
						 Trenton H
						Trenton H
					
				
			
			
				
	
			
			
			 Trenton H
						Trenton H
					
				
			
						parent
						
							1268daf6fe
						
					
				
				
					commit
					b61473b1f7
				
			
							
								
								
									
										1
									
								
								.github/ISSUE_TEMPLATE/bug-report.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.github/ISSUE_TEMPLATE/bug-report.yml
									
									
									
									
										vendored
									
									
								
							| @@ -13,6 +13,7 @@ body: | ||||
|         - [The troubleshooting documentation](https://paperless-ngx.readthedocs.io/en/latest/troubleshooting.html). | ||||
|         - [The installation instructions](https://paperless-ngx.readthedocs.io/en/latest/setup.html#installation). | ||||
|         - [Existing issues and discussions](https://github.com/paperless-ngx/paperless-ngx/search?q=&type=issues). | ||||
|         - Disable any customer container initialization scripts, if using any | ||||
|  | ||||
|         If you encounter issues while installing or configuring Paperless-ngx, please post in the ["Support" section of the discussions](https://github.com/paperless-ngx/paperless-ngx/discussions/new?category=support). | ||||
|   - type: textarea | ||||
|   | ||||
| @@ -89,6 +89,46 @@ superuser() { | ||||
| 	fi | ||||
| } | ||||
|  | ||||
| customer_container_init() { | ||||
| 	# Mostly borrowed from the LinuxServer.io base image | ||||
| 	# https://github.com/linuxserver/docker-baseimage-ubuntu/tree/bionic/root/etc/cont-init.d | ||||
| 	readonly custom_script_dir="/custom-cont-init.d" | ||||
| 	# Tamper checking. | ||||
| 	# Don't run files which are owned by anyone except root | ||||
| 	# Don't run files which are writeable by others | ||||
| 	if [ -d "${custom_script_dir}" ]; then | ||||
| 		if [ -n "$(find "${custom_script_dir}" ! -user root)" ]; then | ||||
| 			echo "**** Potential tampering with custom scripts detected ****" | ||||
| 			echo "**** The folder '${custom_script_dir}' must be owned by root ****" | ||||
| 			return 0 | ||||
| 		fi | ||||
| 		if [ -n "$(find "${custom_script_dir}" -perm -o+w)" ]; then | ||||
| 			echo "**** The folder '${custom_script_dir}' or some of contents have write permissions for others, which is a security risk. ****" | ||||
| 			echo "**** Please review the permissions and their contents to make sure they are owned by root, and can only be modified by root. ****" | ||||
| 			return 0 | ||||
| 		fi | ||||
|  | ||||
| 		# Make sure custom init directory has files in it | ||||
| 		if [ -n "$(/bin/ls -A "${custom_script_dir} "2>/dev/null)" ]; then | ||||
| 			echo "[custom-init] files found in ${custom_script_dir} executing" | ||||
| 			# Loop over files in the directory | ||||
| 			for SCRIPT in "${custom_script_dir}"/*; do | ||||
| 				NAME="$(basename "${SCRIPT}")" | ||||
| 				if [ -f "${SCRIPT}" ]; then | ||||
| 					echo "[custom-init] ${NAME}: executing..." | ||||
| 					/bin/bash "${SCRIPT}" | ||||
| 					echo "[custom-init] ${NAME}: exited $?" | ||||
| 				elif [ ! -f "${SCRIPT}" ]; then | ||||
| 					echo "[custom-init] ${NAME}: is not a file" | ||||
| 				fi | ||||
| 			done | ||||
| 		else | ||||
| 			echo "[custom-init] no custom files found exiting..." | ||||
| 		fi | ||||
|  | ||||
| 	fi | ||||
| } | ||||
|  | ||||
| do_work() { | ||||
| 	if [[ "${PAPERLESS_DBENGINE}" == "mariadb" ]]; then | ||||
| 		wait_for_mariadb | ||||
| @@ -104,6 +144,9 @@ do_work() { | ||||
|  | ||||
| 	superuser | ||||
|  | ||||
| 	# Leave this last thing | ||||
| 	customer_container_init | ||||
|  | ||||
| } | ||||
|  | ||||
| do_work | ||||
|   | ||||
| @@ -392,3 +392,28 @@ a Docker installation, you can use volumes to accomplish this: | ||||
|         # ... | ||||
|         volumes: | ||||
|           - /path/to/my/flowerconfig.py:/usr/src/paperless/src/paperless/flowerconfig.py:ro | ||||
|  | ||||
| Custom Container Initialization | ||||
| ############################### | ||||
|  | ||||
| The Docker image includes the ability to run custom user scripts during startup.  This could be | ||||
| utilized for installing additional tools or Python packages, for example. | ||||
|  | ||||
| To utilize this, mount a folder containing your scripts to the custom initialization directory, `/custom-cont-init.d` | ||||
| and place scripts you wish to run inside.  For security, the folder and its contents must be owned by `root`. | ||||
| Additionally, scripts must only be writable by `root`. | ||||
|  | ||||
| Your scripts will be run directly before the webserver completes startup.  Scripts will be run by the `root` user. | ||||
| This is an advanced functionality with which you could break functionality or lose data. | ||||
|  | ||||
| For example, using Docker Compose: | ||||
|  | ||||
|  | ||||
| .. code:: yaml | ||||
|  | ||||
|     services: | ||||
|       # ... | ||||
|       webserver: | ||||
|         # ... | ||||
|         volumes: | ||||
|           - /path/to/my/scripts:/custom-cont-init.d:ro | ||||
|   | ||||
		Reference in New Issue
	
	Block a user