diff --git a/Dockerfile b/Dockerfile
index ab2997ebb90463de240c130f89988b4665fe9768..3e43ed610ed0c58f27258e6af8f84690ad14d2f5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,107 @@
-FROM php:alpine
+FROM lsiobase/alpine:3.12
LABEL maintainer="Griefed <griefed@griefed.de>"
-RUN apk update && apk upgrade && \
- apk add libzip-dev && \
- docker-php-ext-install zip && \
- apk add --no-cache git && \
- mkdir /opt/icecoder && \
- cd /opt/icecoder && \
- git clone https://github.com/mattpass/ICEcoder.git ./
+ARG ICECODER_VERSION=8.0beta
-WORKDIR /opt/icecoder
+# Install dependencies, download app, build app, remove unneeded stuff
+RUN \
+ echo "**** install dependencies and build tools and stuff ****" && \
+ apk add --no-cache \
+ acl \
+ alpine-base \
+ bzip2 \
+ curl \
+ fbida-exiftran \
+ ffmpeg \
+ git \
+ gzip \
+ imagemagick \
+ jq \
+ libxml2 \
+ libzip \
+ libzip-dev \
+ libzip-doc \
+ libzip-tools \
+ memcached \
+ php7 \
+ php7-apcu \
+ php7-bcmath \
+ php7-bz2 \
+ php7-calendar \
+ php7-ctype \
+ php7-curl \
+ php7-dba \
+ php7-dom \
+ php7-exif \
+ php7-fileinfo \
+ php7-fpm \
+ php7-ftp \
+ php7-gd \
+ php7-gettext \
+ php7-gmp \
+ php7-iconv \
+ php7-imagick \
+ php7-imap \
+ php7-intl \
+ php7-json \
+ php7-ldap \
+ php7-mcrypt \
+ php7-memcached \
+ php7-mysqli \
+ php7-mysqlnd \
+ php7-opcache \
+ php7-pcntl \
+ php7-pdo_mysql \
+ php7-pdo_pgsql \
+ php7-pdo_sqlite \
+ php7-pear \
+ php7-pecl-imagick \
+ php7-pgsql \
+ php7-phar \
+ php7-posix \
+ php7-pspell \
+ php7-redis \
+ php7-snmp \
+ php7-sodium \
+ php7-sqlite3 \
+ php7-ssh2 \
+ php7-tokenizer \
+ php7-xml \
+ php7-xmlreader \
+ php7-xmlrpc \
+ php7-zip \
+ re2c \
+ rsync \
+ samba-client \
+ sqlite \
+ ssmtp \
+ subversion \
+ sudo \
+ tar \
+ unzip \
+ wget \
+ xz \
+ zip && \
+ echo "**** configure php, including symlink ****" && \
+ ln -sf \
+ /usr/bin/php7 \
+ /usr/bin/php && \
+ sed -i \
+ -e "s#\output_buffering =.*#\output_buffering = \off#g" \
+ -e "s/post_max_size =.*$/post_max_size = 1560M/" \
+ -e "s/upload_max_filesize =.*$/upload_max_filesize = 2048M/" \
+ -e 's#;session.save_path = "/tmp"#session.save_path = "/config/sess"#g' \
+ /etc/php7/php.ini && \
+ echo "**** Cleanup ****" && \
+ rm -rf \
+ /root/.cache \
+ /tmp/* && \
+ echo ${ICECODER_VERSION} > /version.txt
-CMD ["php","-S","0.0.0.0:8080"]
+# Copy local files
+COPY root/ /
+
+# Communicate ports and volumes to be used
EXPOSE 8080
+VOLUME /config /data
diff --git a/root/defaults/default b/root/defaults/default
new file mode 100644
index 0000000000000000000000000000000000000000..aafad6a3c25111d2d0e7ba91f7ef57a1be2fc9c1
--- /dev/null
+++ b/root/defaults/default
@@ -0,0 +1,50 @@
+server {
+ listen 443 ssl;
+ server_name _;
+ root /config/www/ICEcoder;
+ index index.php;
+ client_max_body_size 20G;
+ add_header X-Frame-Options "SAMEORIGIN";
+ ssl on;
+ ssl_certificate /config/keys/cert.crt;
+ ssl_certificate_key /config/keys/cert.key;
+ add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";
+ keepalive_requests 10;
+ keepalive_timeout 60 60;
+ access_log /config/log/ICEcoder/access_ICEcoder6_log;
+ error_log /config/log/ICEcoder/error_ICEcoder6_log;
+ client_body_buffer_size 128k;
+ if (!-e $request_filename){
+ rewrite ^/data/public/([a-zA-Z0-9_-]+)$ /public/$1? permanent;
+ rewrite ^(.*)$ /index.php last;
+ }
+ location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) {
+ deny all;
+ }
+ location ~ \.php$ {
+ fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+ fastcgi_param SERVER_SOFTWARE nginx;
+ fastcgi_param QUERY_STRING $query_string;
+ fastcgi_param REQUEST_METHOD $request_method;
+ fastcgi_param CONTENT_TYPE $content_type;
+ fastcgi_param CONTENT_LENGTH $content_length;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+ fastcgi_param REQUEST_URI $request_uri;
+ fastcgi_param DOCUMENT_URI $document_uri;
+ fastcgi_param DOCUMENT_ROOT $document_root;
+ fastcgi_param SERVER_PROTOCOL $server_protocol;
+ fastcgi_param REMOTE_ADDR $remote_addr;
+ fastcgi_param REMOTE_PORT $remote_port;
+ fastcgi_param SERVER_ADDR $server_addr;
+ fastcgi_param SERVER_PORT $server_port;
+ fastcgi_param SERVER_NAME $server_name;
+ try_files $uri =404;
+ fastcgi_pass 127.0.0.1:9000;
+ }
+ location ~* \.(ico|css|js)$ {
+ expires 7d;
+ add_header Pragma public;
+ add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+ }
+}
diff --git a/root/defaults/ssmtp.conf b/root/defaults/ssmtp.conf
new file mode 100644
index 0000000000000000000000000000000000000000..8111c7287f42063707c9a02734bdae917d246d52
--- /dev/null
+++ b/root/defaults/ssmtp.conf
@@ -0,0 +1,6 @@
+root=<your_email>
+mailhub=smtp.gmail.com:587
+AuthUser=<your_email>
+AuthPass=<your_password>
+UseSTARTTLS=YES
+FromLineOverride=YES
diff --git a/root/etc/cont-init.d/50-install b/root/etc/cont-init.d/50-install
new file mode 100644
index 0000000000000000000000000000000000000000..3a9bf0895abe625a9b863cdcf3173dba99698b4c
--- /dev/null
+++ b/root/etc/cont-init.d/50-install
@@ -0,0 +1,14 @@
+#!/usr/bin/with-contenv bash
+
+ICECODER_VERSION=$(cat /version.txt)
+if [ ! -f "/config/www/ICEcoder/index.php" ]; then
+ curl -o /tmp/install.zip -L \
+ "https://github.com/icecoder/ICEcoder/archive/${ICECODER_VERSION}.zip"
+ cd /tmp || exit
+ unzip -qq install.zip
+ mv ICEcoder-*/plugins/* /data/plugins
+ mv ICEcoder-* /app/ICEcoder
+ cd / || exit
+ rm -rf /tmp/* /config/www/data
+ chown -R abc:abc /app/ICEcoder /data
+fi
diff --git a/root/etc/cont-init.d/60-config b/root/etc/cont-init.d/60-config
new file mode 100644
index 0000000000000000000000000000000000000000..f29434d08e58029abcd288e945c4e924bae27f38
--- /dev/null
+++ b/root/etc/cont-init.d/60-config
@@ -0,0 +1,53 @@
+#!/usr/bin/with-contenv bash
+
+# check for lock file to only run git operations once
+if [ ! -e /lock.file ]; then
+ # Give abc a sudo shell for development
+ chsh abc -s /bin/bash
+ sed -e 's/# %wheel ALL=(ALL) NOPASSWD: ALL/%wheel ALL=(ALL) NOPASSWD: ALL/g' \
+ -i /etc/sudoers
+ sed -e 's/^wheel:\(.*\)/wheel:\1,abc/g' -i /etc/group
+ # create directory for project
+ mkdir -p /data/code
+ # make sure URL is set and folder is empty to clone code
+ if [ ${GITURL+x} ] && [ ! "$(/bin/ls -A /data/code 2>/dev/null)" ] ; then \
+ # clone the url the user passed to this directory
+ git clone "${GITURL}" /data/code
+ fi
+else
+ # lock exists not importing project this is a restart
+ echo "Lock exists just starting pylon"
+fi
+
+# create lock file after first run
+touch /lock.file
+
+# permissions
+mkdir -p /config/sessions
+echo "[cont-init.d] Setting permissions this may take some time"
+chown -R abc:abc \
+ /data \
+ /config
+# make our folders
+mkdir -p \
+/config/{log/ICEcoder,php,sess}
+
+# copy php ini for user editing
+[[ ! -e "/config/php/php.ini" ]] && \
+cp /etc/php7/php.ini /config/php/php.ini
+cp /config/php/php.ini /etc/php7/php.ini
+
+# setting email config file.
+if [ ! -f "/config/ssmtp.conf" ]; then
+cp /defaults/ssmtp.conf /config/ssmtp.conf
+chown abc:abc /config/ssmtp.conf
+fi
+cp /config/ssmtp.conf /etc/ssmtp/ssmtp.conf
+
+# Link data, code and plugins
+ln -sf /data/code /app/ICEcoder/data
+ln -sf /data/plugins /app/ICEcoder/plugins
+
+# permissions
+chown -R abc:abc \
+/config
diff --git a/root/etc/services.d/ICEcoder/run b/root/etc/services.d/ICEcoder/run
new file mode 100644
index 0000000000000000000000000000000000000000..0a601ab4114ef386e8ada5bea7791d9eff115211
--- /dev/null
+++ b/root/etc/services.d/ICEcoder/run
@@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bash
+
+cd /app/ICEcoder || exit
+
+exec \
+ s6-setuidgid abc \
+ php -S 0.0.0.0:8080