Merge branch 'release/v2.0.5'

Author: dlen

CHANGELOG.md

@@ -2,7 +2,13 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.4...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.5...HEAD)
+
+## [2.0.5](https://github.com/passbolt/passbolt_docker/compare/v2.0.4...v2.0.5) - 2018-05-08
+
+### Fixed
+
+- Nginx configuration file root directive for passbolt
 
 ## [2.0.4](https://github.com/passbolt/passbolt_docker/compare/v2.0.2...v2.0.4) - 2018-04-26
 

Dockerfile

@@ -2,7 +2,7 @@ FROM php:7-fpm
 
 LABEL maintainer="[email protected]"
 
-ARG PASSBOLT_VERSION="2.0.4"
+ARG PASSBOLT_VERSION="2.0.5"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
 ARG PHP_EXTENSIONS="gd \

Gemfile.lock

@@ -3,20 +3,20 @@ GEM
   specs:
     coderay (1.1.2)
     diff-lcs (1.3)
-    docker-api (1.34.0)
+    docker-api (1.34.2)
       excon (>= 0.47.0)
       multi_json
-    excon (0.60.0)
+    excon (0.62.0)
     method_source (0.9.0)
-    multi_json (1.12.2)
+    multi_json (1.13.1)
     net-scp (1.2.1)
       net-ssh (>= 2.6.5)
     net-ssh (4.2.0)
     net-telnet (0.1.1)
     pry (0.11.3)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rake (12.3.0)
+    rake (12.3.1)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
       rspec-expectations (~> 3.7.0)
@@ -32,14 +32,14 @@ GEM
     rspec-mocks (3.7.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.7.0)
-    rspec-support (3.7.0)
+    rspec-support (3.7.1)
     serverspec (2.41.3)
       multi_json
       rspec (~> 3.0)
       rspec-its
       specinfra (~> 2.72)
     sfl (2.3)
-    specinfra (2.73.0)
+    specinfra (2.73.3)
       net-scp
       net-ssh (>= 2.7, < 5.0)
       net-telnet

conf/passbolt.conf

@@ -10,28 +10,23 @@ server {
   keepalive_timeout     5 5;
   send_timeout          10;
 
-  root /var/www/passbolt;
+  root /var/www/passbolt/webroot;
+  index index.php;
 
   location / {
     try_files $uri $uri/ /index.php?$args;
-    index index.php;
   }
 
   location ~ \.php$ {
-    fastcgi_index           index.php;
-    fastcgi_pass            127.0.0.1:9000;
-    fastcgi_split_path_info ^(.+\.php)(.+)$;
-    include                 fastcgi_params;
-    fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param           SERVER_NAME $http_host;
-    fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
-  }
-
-  location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
-    access_log off;
-    log_not_found off;
-    try_files $uri /webroot/$uri /index.php?$args;
-    #try_files $uri /app/webroot/$uri /index.php?$args;
+    try_files                $uri =404;
+    include                  fastcgi_params;
+    fastcgi_pass             127.0.0.1:9000;
+    fastcgi_index            index.php;
+    fastcgi_intercept_errors on;
+    fastcgi_split_path_info  ^(.+\.php)(.+)$;
+    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param            SERVER_NAME $http_host;
+    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
   }
 
 }
@@ -56,26 +51,22 @@ server {
   ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
   ssl_session_tickets off;
 
-  root /var/www/passbolt;
+  root /var/www/passbolt/webroot;
+  index index.php;
 
   location / {
     try_files $uri $uri/ /index.php?$args;
-    index index.php;
   }
 
   location ~ \.php$ {
-    fastcgi_index           index.php;
-    fastcgi_pass            127.0.0.1:9000;
-    fastcgi_split_path_info ^(.+\.php)(.+)$;
-    include                 fastcgi_params;
-    fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param           SERVER_NAME $http_host;
-    fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
-  }
-
-  location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
-    access_log off;
-    log_not_found off;
-    try_files $uri /webroot/$uri /index.php?$args;
+    try_files                $uri =404;
+    include                  fastcgi_params;
+    fastcgi_pass             127.0.0.1:9000;
+    fastcgi_index            index.php;
+    fastcgi_intercept_errors on;
+    fastcgi_split_path_info  ^(.+\.php)(.+)$;
+    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param            SERVER_NAME $http_host;
+    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";
   }
 }

docker-compose-pro.yml

@@ -10,7 +10,7 @@ services:
       - 3306
 
   passbolt:
-    image: passbolt/passbolt:2.0.4-pro-debian
+    image: passbolt/passbolt:2.0.5-pro-debian
     tty: true
     depends_on:
       - db

docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - 3306
 
   passbolt:
-    image: passbolt/passbolt:2.0.4-debian
+    image: passbolt/passbolt:2.0.5-debian
     tty: true
     depends_on:
       - db

spec/docker_image/image_spec.rb

@@ -89,6 +89,10 @@
     it 'has the correct permissions' do
       expect(file(site_conf)).to be_owned_by 'root'
     end
+
+    it 'points to the correct root folder' do
+      expect(file(site_conf).content).to match 'root /var/www/passbolt/webroot'
+    end
   end
 
   describe 'ports exposed' do

spec/docker_runtime/runtime_spec.rb

@@ -3,6 +3,7 @@
 describe 'passbolt_api service' do
 
   before(:all) do
+    @mysql_image = Docker::Image.create('fromImage' => 'mariadb:latest')
     @mysql = Docker::Container.create(
       'Env' => [
         'MYSQL_ROOT_PASSWORD=test',
@@ -16,7 +17,7 @@
           "mysqladmin ping --silent"
         ]
       },
-      'Image' => 'mariadb')
+      'Image' => @mysql_image.id)
     @mysql.start
 
     while @mysql.json['State']['Health']['Status'] != 'healthy'
@@ -30,6 +31,7 @@
         'DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt',
         'DATASOURCES_DEFAULT_USERNAME=passbolt',
         'DATASOURCES_DEFAULT_DATABASE=passbolt',
+        'PASSBOLT_SSL_FORCE=true'
       ],
       'Image' => @image.id)
     @container.start
@@ -44,8 +46,10 @@
     @container.kill
   end
 
-  let(:http_path) { "/healthcheck/status.json" }
-  let(:healthcheck) { 'curl -s -o /dev/null -w "%{http_code}" http://localhost/healthcheck/status.json' }
+  let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
+  let(:uri)               { "/healthcheck/status.json" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+  let(:conf_app)          { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/conf/app.php" }
 
   describe 'php service' do
     it 'is running supervised' do
@@ -79,7 +83,35 @@
 
   describe 'passbolt status' do
     it 'returns 200' do
-      expect(command(healthcheck).stdout).to eq '200'
+      expect(command(curl).stdout).to eq '200'
     end
   end
+
+  describe 'passbolt serverkey unaccessible' do
+    let(:uri) { '/config/gpg/serverkey.asc' }
+    it "returns 404" do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    let(:uri) { '/config/gpg/serverkey_private.asc' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf unaccessible' do
+    let(:uri) { '/config/app.php' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+  describe 'passbolt tmp folder is unaccessible' do
+    let(:uri) { '/tmp/cache/database/empty' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
 end