MQTT rework v0.4, install scripts rework, Traefik docs 📦

Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 # default UID and GID
 ENV USER=pi USER_ID=1000 USER_GID=1000  PORT=20211 
@@ -7,15 +7,9 @@ ENV USER=pi USER_ID=1000 USER_GID=1000  PORT=20211
 # Todo, figure out why using a workdir instead of full paths don't work
 # Todo, do we still need all these packages? I can already see sudo which isn't needed
 
-RUN apt-get update \
-    && apt-get install --no-install-recommends tini snmp ca-certificates curl libwww-perl arp-scan perl apt-utils cron sudo nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools python3 iproute2 nmap python3-pip zip systemctl usbutils traceroute -y \
-    && pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli \
-    && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 \
-    && apt-get clean autoclean \
-    && apt-get autoremove \
-    && rm -rf /var/lib/apt/lists/* \
-    && rm -rf /var/www/html \
-    && ln -s /home/pi/pialert/front /var/www/html 
+RUN apt-get update 
+RUN apt-get install sudo -y 
+
 
 # create pi user and group
 # add root and www-data to pi group so they can r/w files and db
@@ -31,24 +25,8 @@ RUN groupadd --gid "${USER_GID}" "${USER}" && \
 
 COPY --chmod=775 --chown=${USER_ID}:${USER_GID} . /home/pi/pialert/
 
-# Pi.Alert
-RUN rm /etc/nginx/sites-available/default \
-    && ln -s /home/pi/pialert/install/default /etc/nginx/sites-available/default \
-    && sed -ie 's/listen 80/listen '${PORT}'/g' /etc/nginx/sites-available/default \
-    # run the hardware vendors update
-    && /home/pi/pialert/back/update_vendors.sh \
-    # Create a backup of the pialert.conf to be used if the user didn't supply a configuration file
-    && cp /home/pi/pialert/config/pialert.conf /home/pi/pialert/back/pialert.conf_bak \
-    # Create a backup of the pialert.db to be used if the user didn't supply a database
-    && cp /home/pi/pialert/db/pialert.db /home/pi/pialert/back/pialert.db_bak \
-    # Create a buildtimestamp.txt to later check if a new version was released
-    && date +%s > /home/pi/pialert/front/buildtimestamp.txt
-
-ENTRYPOINT ["tini", "--"]
+# ENTRYPOINT ["tini", "--"]
 
 CMD ["/home/pi/pialert/dockerfiles/start.sh"]
 
-
-
-
 ## command to build docker:  DOCKER_BUILDKIT=1  docker build . --iidfile dockerID

back/update_vendors.sh

@@ -14,7 +14,9 @@
 #    /usr/share/ieee-data
 #    /var/lib/ieee-data
 # ----------------------------------------------------------------------
-
+echo "---------------------------------------------------------"
+echo "[INSTALL]                           Run update_vendors.sh"
+echo "---------------------------------------------------------"
 
 # ----------------------------------------------------------------------
 echo Updating... /usr/share/ieee-data/
@@ -51,6 +53,9 @@ sudo cp *.txt 2_backup
 sudo get-iab -v
 sudo get-oui -v
 
+# make files readable
+sudo chmod +r /usr/share/arp-scan/ieee-oui.txt
+
 # Update from ieee website
 # sudo get-iab -v -u http://standards-oui.ieee.org/iab/iab.txt
 # sudo get-oui -v -u http://standards-oui.ieee.org/oui/oui.txt

docker-compose.yml

@@ -23,13 +23,11 @@ services:
       - ${APP_DATA_LOCATION}/pialert/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases      
       - ${APP_DATA_LOCATION}/pialert/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases      
       - ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.dba    
-      - ${DEV_LOCATION}/pialert:/home/pi/pialert/pialert      
-      - ${DEV_LOCATION}/back/report_template.html:/home/pi/pialert/back/report_template.html
-      - ${DEV_LOCATION}/back/report_template_new_version.html:/home/pi/pialert/back/report_template_new_version.html
-      - ${DEV_LOCATION}/back/report_template.txt:/home/pi/pialert/back/report_template.txt      
+      - ${DEV_LOCATION}/pialert:/home/pi/pialert/pialert            
       - ${DEV_LOCATION}/dockerfiles:/home/pi/pialert/dockerfiles
-      - ${APP_DATA_LOCATION}/pialert/php.ini:/etc/php/7.4/fpm/php.ini      
-      # - ${DEV_LOCATION}/front/api:/home/pi/pialert/front/api
+      - ${APP_DATA_LOCATION}/pialert/php.ini:/etc/php/8.2/fpm/php.ini      
+      - ${DEV_LOCATION}/back:/home/pi/pialert/back
+      - ${DEV_LOCATION}/install:/home/pi/pialert/install
       - ${DEV_LOCATION}/front/css:/home/pi/pialert/front/css
       - ${DEV_LOCATION}/front/lib/AdminLTE:/home/pi/pialert/front/lib/AdminLTE
       - ${DEV_LOCATION}/front/js:/home/pi/pialert/front/js

dockerfiles/start.sh

@@ -1,33 +1,115 @@
-#!/bin/sh
-/home/pi/pialert/dockerfiles/user-mapping.sh
+#!/bin/bash
+
+echo "---------------------------------------------------------"
+echo "[INSTALL]                                    Run start.sh"
+echo "---------------------------------------------------------"
+
+
+INSTALL_DIR=/home/pi  # Specify the installation directory here
 
 # # if custom variables not set we do not need to do anything
 # if [ -n "${TZ}" ]; then    
-#   FILECONF=/home/pi/pialert/config/pialert.conf 
+#   FILECONF=$INSTALL_DIR/pialert/config/pialert.conf 
 #   if [ -f "$FILECONF" ]; then
-#     sed -ie "s|Europe/Berlin|${TZ}|g" /home/pi/pialert/config/pialert.conf 
+#     sed -ie "s|Europe/Berlin|${TZ}|g" $INSTALL_DIR/pialert/config/pialert.conf 
 #   else 
-#     sed -ie "s|Europe/Berlin|${TZ}|g" /home/pi/pialert/back/pialert.conf_bak 
+#     sed -ie "s|Europe/Berlin|${TZ}|g" $INSTALL_DIR/pialert/back/pialert.conf_bak 
 #   fi
 # fi
 
+# Check if script is run as root
+if [[ $EUID -ne 0 ]]; then
+    echo "This script must be run as root. Please use 'sudo'." 
+    exit 1
+fi
+
+# Run setup scripts
+echo "[INSTALL] Run setup scripts"
+
+"$INSTALL_DIR/pialert/dockerfiles/user-mapping.sh"
+"$INSTALL_DIR/pialert/install/install_dependencies.sh"
+"$INSTALL_DIR/pialert/install/install_python.sh"
+
+# Chaneg port number if set
 if [ -n "${PORT}" ]; then  
   sed -ie 's/listen 20211/listen '${PORT}'/g' /etc/nginx/sites-available/default
 fi 
 
-# I hope this will fix DB permission issues going forward
-FILEDB=/home/pi/pialert/db/pialert.db
+echo "[INSTALL] Setup NGINX"
+
+# Remove /html folder if exists
+sudo rm -R /var/www/html 
+
+# create symbolic link to the pialert install directory
+ln -s $INSTALL_DIR/pialert/front /var/www/html 
+# remove dfault NGINX site
+sudo rm /etc/nginx/sites-available/default
+# create symbolic link to NGINX configuaration coming with PiAlert
+sudo ln -s "$INSTALL_DIR/pialert/install/default" /etc/nginx/sites-available/default
+# use user-supplied port
+sudo sed -i 's/listen 80/listen '"$PORT"'/g' /etc/nginx/sites-available/default
+
+
+# Run the hardware vendors update at least once
+echo "[INSTALL] Run the hardware vendors update"
+
+# Define the path to ieee-oui.txt and ieee-iab.txt
+oui_file="/usr/share/arp-scan/ieee-oui.txt"
+
+# Check if ieee-oui.txt or ieee-iab.txt exist
+if [ -f "$oui_file" ]; then
+  echo "The file ieee-oui.txt exists. Skipping update_vendors.sh..."
+else
+  echo "The file ieee-oui.txt does not exist. Running update_vendors..."
+
+  # Run the update_vendors.sh script
+  if [ -f "$INSTALL_DIR/pialert/back/update_vendors.sh" ]; then
+    "$INSTALL_DIR/pialert/back/update_vendors.sh"
+  else
+    echo "update_vendors.sh script not found in $INSTALL_DIR."    
+  fi
+fi
+
+# Fixing file permissions
+echo "[INSTALL] Fixing file permissions"
+
+chmod -R a+rwx $INSTALL_DIR
+chmod -R a+rwx /var/www/html
+chmod -R a+rw $INSTALL_DIR/pialert/front/log
+chmod -R a+rw $INSTALL_DIR/pialert/config
+
+FILEDB=$INSTALL_DIR/pialert/db/pialert.db
+
 if [ -f "$FILEDB" ]; then
-    chown -R www-data:www-data /home/pi/pialert/db/pialert.db
+    chown -R www-data:www-data $INSTALL_DIR/pialert/db/pialert.db
 fi
 
-chmod -R a+rw /home/pi/pialert/front/log
-chmod -R a+rw /home/pi/pialert/config
 
-/etc/init.d/php7.4-fpm start
+echo "[INSTALL] Create pialert.db and pialert.conf backups"
+
+# Create a backup of pialert.conf
+cp "$INSTALL_DIR/pialert/config/pialert.conf" "$INSTALL_DIR/pialert/back/pialert.conf_bak"
+
+# Create a backup of pialert.db
+cp "$INSTALL_DIR/pialert/db/pialert.db" "$INSTALL_DIR/pialert/back/pialert.db_bak"
+
+# Create buildtimestamp.txt
+date +%s > "$INSTALL_DIR/pialert/front/buildtimestamp.txt"
+
+
+# start PHP
+/etc/init.d/php8.2-fpm start
 /etc/init.d/nginx start
 
-# cron -f
-#python /home/pi/pialert/back/pialert.py
-# echo "[DEBUG] DATA MONKEY VERSION ..."
-python /home/pi/pialert/pialert/
+# Start Nginx and your application to start at boot (if needed)
+systemctl start nginx
+systemctl enable nginx
+
+# systemctl enable pi-alert
+sudo systemctl restart nginx
+
+#  Activate the virtual python environment
+source myenv/bin/activate
+
+# Start the PiAlert python script
+python $INSTALL_DIR/pialert/pialert/

docs/REVERSE_PROXY.md

@@ -346,5 +346,134 @@ location ^~ /pialert/ {
 ```
 
 
+## Traefik
+
+> Submitted by [Isegrimm](https://github.com/Isegrimm) 🙏 (based on this [discussion](https://github.com/jokob-sk/Pi.Alert/discussions/449#discussioncomment-7281442))
+
+Asuming the user already has a working Traefik setup, this is what's needed to make Pi.Alert work at a URL like www.domain.com/pialert/. 
+
+Note: Everything in these configs assumes '**www.domain.com**' as your domainname and '**section31**' as an arbitrary name for your certificate setup. You will have to substitute these with your own.
+
+Also, I use the prefix '**pialert**'. If you want to use another prefix, change it in these files: dynamic.toml and default.
+
+Content of my yaml-file (this is the generic Traefik config, which defines which ports to listen on, redirect http to https and sets up the certificate process).
+It also contains Authelia, which I use for authentication.
+This part contains nothing specific to Pi.Alert.
+
+```yaml
+version: '3.8'
+
+services:
+  traefik:
+    image: traefik
+    container_name: traefik
+    command:
+      - "--api=true"
+      - "--api.insecure=true"
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.file.filename=/traefik-config/dynamic.toml"
+      - "--providers.file.watch=true"
+      - "--log.level=ERROR"
+      - "--certificatesresolvers.section31.acme.email=postmaster@domain.com"
+      - "--certificatesresolvers.section31.acme.storage=/traefik-config/acme.json"
+      - "--certificatesresolvers.section31.acme.httpchallenge=true"
+      - "--certificatesresolvers.section31.acme.httpchallenge.entrypoint=web"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - /appl/docker/traefik/config:/traefik-config
+    depends_on:
+      - authelia
+    restart: unless-stopped
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:latest
+    ports:
+      - "9091:9091"
+    volumes:
+      - /appl/docker/authelia:/config
+    restart: u
+    nless-stopped
+```
+Snippet of the dynamic.toml file (referenced in the yml-file above) that defines the config for Pi.Alert:
+The following are self-defined keywords, everything else is traefik keywords:
+- pialert-router
+- pialert-service
+- auth
+- pialert-stripprefix
+
+
+```toml
+[http.routers]
+  [http.routers.pialert-router]
+    entryPoints = ["websecure"]
+    rule = "Host(`www.domain.com`) && PathPrefix(`/pialert`)"
+    service = "pialert-service"
+    middlewares = "auth,pialert-stripprefix"
+    [http.routers.pialert-router.tls]
+       certResolver = "section31"
+       [[http.routers.pialert-router.tls.domains]]
+         main = "www.domain.com"
+
+[http.services]
+  [http.services.pialert-service]
+    [[http.services.pialert-service.loadBalancer.servers]]
+      url = "http://internal-ip-address:20211/"
+
+[http.middlewares]
+  [http.middlewares.auth.forwardAuth]
+    address = "http://authelia:9091/api/verify?rd=https://www.domain.com/authelia/"
+    trustForwardHeader = true
+    authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
+  [http.middlewares.pialert-stripprefix.stripprefix]
+    prefixes = "/pialert"
+    forceSlash = false
+
+```
+To make Pi.Alert work with this setup I modified the default file at `/etc/nginx/sites-available/default` in the docker container by copying it to my local filesystem, adding the changes as specified by [cvc90](https://github.com/cvc90) and mounting the new file into the docker container, overwriting the original one. By mapping the file instead of changing the file in-place, the changes persist if an updated dockerimage is pulled. This is also a downside when the default file is updated, so I only use this as a temporary solution, until the dockerimage is updated with this change.
+
+Default-file:
+
+```
+server {
+    listen 80 default_server;
+    root /var/www/html;
+    index index.php;
+    #rewrite /pialert/(.*) / permanent;
+    add_header X-Forwarded-Prefix "/pialert" always;
+    proxy_set_header X-Forwarded-Prefix "/pialert";
+
+  location ~* \.php$ {
+    fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+    include         fastcgi_params;
+    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
+    fastcgi_connect_timeout 75;
+          fastcgi_send_timeout 600;
+          fastcgi_read_timeout 600;
+  }
+}
+```
+
+Mapping the updated file (on the local filesystem at `/appl/docker/pialert/default`) into the docker container:
 
 
+```bash
+docker run -d --rm --network=host \
+  --name=pi.alert \
+  -v /appl/docker/pialert/config:/home/pi/pialert/config \
+  -v /appl/docker/pialert/db:/home/pi/pialert/db \
+  -v /appl/docker/pialert/default:/etc/nginx/sites-available/default \
+  -e TZ=Europe/Amsterdam \
+  -e PORT=20211 \
+  jokobsk/pi.alert:latest
+
+```
+