#!/bin/bash set -euo pipefail umask 002 echo "πŸš€ Running start.sh..." # ────────────────────────────────────────────────────────────── # 0) If NOT root, we can't remap/chown. Log a hint and skip those parts. # If root, remap www-data to PUID/PGID and (optionally) chown data dirs. if [ "$(id -u)" -ne 0 ]; then echo "[startup] Running as non-root. Skipping PUID/PGID remap and chown." echo "[startup] Tip: remove '--user' and set PUID/PGID env vars instead." else # Remap www-data to match provided PUID/PGID (e.g., Unraid 99:100 or 1000:1000) if [ -n "${PGID:-}" ]; then current_gid="$(getent group www-data | cut -d: -f3 || true)" if [ "${current_gid}" != "${PGID}" ]; then groupmod -o -g "${PGID}" www-data || true fi fi if [ -n "${PUID:-}" ]; then current_uid="$(id -u www-data 2>/dev/null || echo '')" target_gid="${PGID:-$(getent group www-data | cut -d: -f3)}" if [ "${current_uid}" != "${PUID}" ]; then usermod -o -u "${PUID}" -g "${target_gid}" www-data || true fi fi # Optional: normalize ownership on data dirs (good for first run on existing shares) if [ "${CHOWN_ON_START:-true}" = "true" ]; then echo "[startup] Normalizing ownership on uploads/metadata..." chown -R www-data:www-data /var/www/metadata /var/www/uploads || echo "[startup] chown failed (continuing)" chmod -R u+rwX /var/www/metadata /var/www/uploads || echo "[startup] chmod failed (continuing)" fi fi # ────────────────────────────────────────────────────────────── # 1) Token‐key warning (guarded for -u) if [ "${PERSISTENT_TOKENS_KEY:-}" = "default_please_change_this_key" ] || [ -z "${PERSISTENT_TOKENS_KEY:-}" ]; then echo "⚠️ WARNING: Using default/empty persistent tokens keyβ€”override for production." fi # 2) Update config.php based on environment variables CONFIG_FILE="/var/www/config/config.php" if [ -f "${CONFIG_FILE}" ]; then echo "πŸ”„ Updating config.php from env vars..." [ -n "${TIMEZONE:-}" ] && sed -i "s|define('TIMEZONE',[[:space:]]*'[^']*');|define('TIMEZONE', '${TIMEZONE}');|" "${CONFIG_FILE}" [ -n "${DATE_TIME_FORMAT:-}" ] && sed -i "s|define('DATE_TIME_FORMAT',[[:space:]]*'[^']*');|define('DATE_TIME_FORMAT', '${DATE_TIME_FORMAT}');|" "${CONFIG_FILE}" if [ -n "${TOTAL_UPLOAD_SIZE:-}" ]; then sed -i "s|define('TOTAL_UPLOAD_SIZE',[[:space:]]*'[^']*');|define('TOTAL_UPLOAD_SIZE', '${TOTAL_UPLOAD_SIZE}');|" "${CONFIG_FILE}" fi [ -n "${SECURE:-}" ] && sed -i "s|\$envSecure = getenv('SECURE');|\$envSecure = '${SECURE}';|" "${CONFIG_FILE}" # NOTE: SHARE_URL is read from getenv in PHP; no sed needed. fi # 2.1) Prepare metadata/log & sessions mkdir -p /var/www/metadata/log chown www-data:www-data /var/www/metadata/log chmod 775 /var/www/metadata/log : > /var/www/metadata/log/error.log : > /var/www/metadata/log/access.log chown www-data:www-data /var/www/metadata/log/*.log mkdir -p /var/www/sessions chown www-data:www-data /var/www/sessions chmod 700 /var/www/sessions # 2.2) Prepare dynamic dirs (uploads/users/metadata) for d in uploads users metadata; do tgt="/var/www/${d}" mkdir -p "${tgt}" chown www-data:www-data "${tgt}" chmod 775 "${tgt}" done # 3) Ensure PHP conf dir & set upload limits mkdir -p /etc/php/8.3/apache2/conf.d if [ -n "${TOTAL_UPLOAD_SIZE:-}" ]; then echo "πŸ”„ Setting PHP upload limits to ${TOTAL_UPLOAD_SIZE}" cat > /etc/php/8.3/apache2/conf.d/99-custom.ini < /etc/apache2/conf-enabled/limit_request_body.conf < LimitRequestBody ${LIMIT_REQUEST_BODY} EOF fi # 5) Configure Apache timeout (600s) cat > /etc/apache2/conf-enabled/timeout.conf <//" /etc/apache2/sites-available/000-default.conf || true fi if [ -n "${HTTPS_PORT:-}" ]; then sed -i "s/^Listen 443$/Listen ${HTTPS_PORT}/" /etc/apache2/ports.conf || true fi # 7) Set ServerName (idempotent) SN="${SERVER_NAME:-FileRise}" if grep -qE '^ServerName\s' /etc/apache2/apache2.conf; then sed -i "s|^ServerName .*|ServerName ${SN}|" /etc/apache2/apache2.conf else echo "ServerName ${SN}" >> /etc/apache2/apache2.conf fi # 8) Initialize persistent files if absent if [ ! -f /var/www/users/users.txt ]; then echo "" > /var/www/users/users.txt chown www-data:www-data /var/www/users/users.txt chmod 664 /var/www/users/users.txt fi if [ ! -f /var/www/metadata/createdTags.json ]; then echo "[]" > /var/www/metadata/createdTags.json chown www-data:www-data /var/www/metadata/createdTags.json chmod 664 /var/www/metadata/createdTags.json fi # 8.5) Harden scan script perms (only if root) if [ -f /var/www/scripts/scan_uploads.php ] && [ "$(id -u)" -eq 0 ]; then chown root:root /var/www/scripts/scan_uploads.php chmod 0644 /var/www/scripts/scan_uploads.php fi # 9) One-shot scan when the container starts (opt-in via SCAN_ON_START) if [ "${SCAN_ON_START:-}" = "true" ]; then echo "[startup] Scanning uploads directory to build metadata..." if [ "$(id -u)" -eq 0 ]; then if command -v runuser >/dev/null 2>&1; then runuser -u www-data -- /usr/bin/php /var/www/scripts/scan_uploads.php || echo "[startup] Scan failed (continuing)" else su -s /bin/sh -c "/usr/bin/php /var/www/scripts/scan_uploads.php" www-data || echo "[startup] Scan failed (continuing)" fi else # Non-root fallback: run as current user (permissions may limit writes) /usr/bin/php /var/www/scripts/scan_uploads.php || echo "[startup] Scan failed (continuing)" fi fi # 9.6) Stream Apache logs to the container console (optional toggle) LOG_STREAM="${LOG_STREAM:-error}" case "${LOG_STREAM,,}" in none) STREAM_ERR=false; STREAM_ACC=false ;; access) STREAM_ERR=false; STREAM_ACC=true ;; both) STREAM_ERR=true; STREAM_ACC=true ;; error|*)STREAM_ERR=true; STREAM_ACC=false ;; esac echo "πŸ”₯ Starting Apache..." # Stream only the chosen logs; -n0 = don't dump history, -F = follow across rotations/creation [ "${STREAM_ERR}" = "true" ] && tail -n0 -F /var/www/metadata/log/error.log 2>/dev/null & [ "${STREAM_ACC}" = "true" ] && tail -n0 -F /var/www/metadata/log/access.log 2>/dev/null & exec apachectl -D FOREGROUND