Hi

We use the current 0.12.2 version of the agentejo/cockpit-docker image.
The image is based upon the php:7.4-apache upstream base image.

Unfortunately the 0.12.2 version (but also latest) have not been built & published for over 6 months now. the php base image was using PHP version 7.4.2 when the last image build was performed:

docker run --rm -it agentejo/cockpit:0.12.2 bash -c "php -v"
PHP 7.4.2 (cli) (built: Feb  1 2020 19:39:30) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.2, Copyright (c), by Zend Technologies

Whereas the current version of the php:7.4-apache image delivers a fully-patched "old-stable" PHP version 7.4.28:

docker run --rm -it php:7.4-apache bash -c "php -v"
PHP 7.4.28 (cli) (built: Mar  3 2022 09:55:51) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

This leads to the agentejo/cockpit-docker:latest and agentejo/cockpit-docker:0.12.2 image versions being tagged as vulnerable to a range of vulnerabilities during security scanning. Some examples:

• CVE-2020-7063 medium severity
• CVE-2020-7062 high severity
• CVE-2020-7061 critical severity

To be fair, agentejo/cockpit-docker is in reality not vulnerable to any of those CVEs according to my own research (e.g. the critical CVE-2020-7061 only affects PHP running on windows OS to start with...) - but due to the outdated and potentially vulnerable PHP 7.4.2 version being used in the image, this still raises red flags whenever any security scanning is performed on the final image or some exposure assessment is done.

Overall I am left with the following questions/wishes/suggestions:

• Would it be possible to just perform a fresh build, making sure the updated php:7.4-apache base image is used for the build, and publish an updated image?
• Would it maybe make sense to use more explicit upstream version tags in the FROM instruction in the Dockerfile to simplify obtaining upstream PHP/Apache version information? That would mean using FROM php:7.4.28-apache-buster instead of the more broad FROM php:7.4-apache (also fixing the debian base distro version along the way)?
• Should this updated image be published with a new version tag, e.g. 0.12.2_1 to distinguish it from the previous, vulnerable version, or would it be favorable to override the existing tag?

I would be happy to discuss those matters with @aheinze - or whoever can help - and can of course also provide an MR if that helps.

docker-compose.yml

version: "3"

services:
  web:
    image: agentejo/cockpit
    ports:
      - "8080:80"
    restart: always
    volumes:
      - ./db/storage/:/var/www/html/storage
      - ./db/config/:/var/www/html/config

Run

docker-compose up

Open http://localhost:8080/install/ and get

Data folder is not writable: /storage/data
Cache folder is not writable: /storage/cache
Temp folder is not writable: /storage/tmp
Uploads folder is not writable: /storage/uploads

https://github.com/stereobooster/headless-cms-comparison/tree/master/cockpit

Followed your instructions for install, what is the login? (username and password)

When I start this up, the error I get is below. I am trying to load just a simple sqlite db install.

Oh no! Something went terribly wrong:
SQLSTATE[HY000] [14] unable to open database file
/lib/MongoLite/Database.php
     * @param array  $options
     */
    public function __construct($path = self::DSN_PATH_MEMORY, $options = []) {

        $dns = "sqlite:{$path}";

        $this->path = $path;
        $this->connection = new \PDO($dns, null, null, $options);

        $database = $this;

        $this->connection->sqliteCreateFunction('document_key', function($key, $document){

System message generated by Cockpit debug

Below is my docker-compose.yml:

version: '3.3'

services:
  cockpit:
    restart: always
    image: agentejo/cockpit
    environment:
      - COCKPIT_SESSION_NAME=cockpit
      - COCKPIT_SALT=not-a-real-salt
    ports:
      - "8080:80"
    volumes:
      - './cockpit/storage:/var/www/html/storage:Z'

Thanks.

Hi,

Thank you for the docker file...what is the default user to log in with once I have the image up and running?

If there is no default user, what is the path to register?

Thanks
-michelob

Related to this docker-library/php#931 (comment)

configure: error: unrecognized options: --with-freetype-dir, --with-jpeg-dir

Will open a PR with the fix

Could we tag the docker image with a version number? - We need this when deploying to our rancher cluster.

Pretty please :)

Hi,

when I clone the repo and run docker build cockpit-docker the build eventually fails with:

configure: error: unrecognized options: --with-freetype-dir, --with-jpeg-dir

How can I build the image?

If I mount the storage to the file system it crashes do that the volume gets mounted as root and www:data has no permissions to read/write

Will do a pr if it's ok

In #10 it was said that gd needs to be configured differently. But gd isn't working for me, neither with the 0.10.0 image nor with the latest image.

When cockpit tries to create thumbnails I get the following error:

Call to undefined function claviska\imagecreatefromjpeg()

After going into the container via docker exec I was able to execute the following commands without errors:

docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/
docker-php-ext-install -j$(nproc) iconv gd pdo zip opcache pdo_sqlite

Here is how the problem can be reproduced easily:

docker pull agentejo/cockpit:latest
docker run --rm -d --name cockpit agentejo/cockpit:latest
docker exec -it cockpit /bin/bash

docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/
# => configure: WARNING: unrecognized options: --with-freetype, --with-jpeg

docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/
# => works without error

When I try to follow the instructions in the readme:

docker run -d --name cockpit -p 8080:80 agentejo/cockpit

docker build -t agentejo/cockpit:latest . --no-cache

The first command runs just fine, but when I try to run the second I get:

unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /home/me/Dockerfile: no such file or directory

Is there perhaps a step missing from those instructions? Perhaps I'm supposed to cd to somewhere with a Dockerfile in-between?

Hi Agentejo,

Thanks for this awesome software. Question: I'm on a ARM64 system, and having trouble running the docker image. No issues occurs when running Cockpit through PHP and Apache the old school way.
On my local system (not ARM64) i don't have any issues.

Docker logs this error:

2019-07-20T19:20:06.202384169Z`` standard_init_linux.go:211: exec user process caused "exec format error"

Is there a quick fix for this issue?

Cheers,
Lasse

I see in the dockerfile you're including PECL drivers for redis and there are some references to redis:// urls in SimpleStorage api. Is redis supported as a storage backend? If so, how can I configure cockpit to use it?

Hey everyone.

So, by default the config directory is configured to be a volume. I'd much rather bake the configuration into my own image which I derived from this one. But I can't add files to the config directory, because docker doesn't save changes made to a directory in an image after that directory was marked as a volume. Hence I can't put my own configuration or even the translations into my image, I would HAVE to put those on my host and mount that volume.

I know that I can actually change the config directory path using defines.php, and I tried that. But this breaks for TinyMCE translations because the path for those is hardcoded.

So instead of doing that I'd prefer to be able to change the contents of my config directory in my own image.

If the VOLUMES configuration was removed from the Dockerfile it would still be possible to mount that directory if people want that.

I am trying to install cockpit CMS using Docker VM (dockerfile) and using mongodb.

installation is working fine, altough, I think I am doing something wrong or cockpit is structured that way, my point :

• when creating a collection, a file is created inside docker container in the storage folder and data is stored in mongodb
• if I rebuild docker or restart, the storage folder is cleaned up and I loose all my collections.

how can I store storage folder outside docker container,
Since I am using mongodb, isn't it supposed to store everything on mongodb ?

am I missing something on the configuration side ? any toughts, help appreciated

thank you

Hi,

I cannot find any PHP or apache logs on the docker image. I am not sure what else to do, I tried to change the php.ini with no results.

Do you have any recommendations?

Kind regards,
José.

I just ran a security check inside AWS on the cockpit-docker image and it reported an insane amount of security vulnerabilities.

I assume that probably 99% of the are derived from the base image (php7.4-apache). Any chance that the base image can be upgraded @aheinze ? I think php:7.4.26-apache should be the latest candidate that could work, right?

I still can't build the file (see #17), otherwise I would try myself ...

Trying to run a command:

ln -s /etc/apache2/mods-available/ssl.load  /etc/apache2/mods-enabled/ssl.load
ln: failed to create symbolic link '/etc/apache2/mods-enabled/ssl.load': Permission denied

Tried running
su -
but got stuck at the password prompt.

how can I enable ssl?

Thanks!