Skip to content

alpine-lychee

Deprecation Warning

This image has been deprecated and no updates (or support) may be available in future. Even though it is a container, it may or may not keep working as expected, use at your own risk.

updated stars forks watchers issues issues-pr
pulls stars armhf x86_64

Container for Alpine Linux + S6 + NGINX + PHP7 + Lychee

This image containerizes Lychee Image Gallery along with its php dependencies to setup a pesonal image repository. Database and images not included. Checkout alpine-mysql to configure your own MySQL server in a container.

Based on Alpine Linux from the php image with NGINX, PHP7 and the Lychee scripts overlayed on it. Versioned accordingly with releases from /electerious/Lychee.

Get the Image

Pull the image from Docker Hub.

docker pull woahbase/alpine-lychee
Image Tags

The image is tagged respectively for the following architectures,

latest tag is retagged from x86_64, so pulling without any tag fetches you that image. For any other architectures specify the tag for that architecture. e.g. for armv8 or aarch64 host it is alpine-lychee:aarch64.

non-x86_64 images used to contain the embedded qemu-user-static binary which has been redundant for a while, and is being deprecated starting with our Alpine Linux v3.22 base-image release, see qemu-user-static or the more recent binfmt instead for running multi-arch containers.

Run

Running the container starts the service.

docker run --rm -it \
  --name docker_lychee \
  -p 80:80 \
  -p 443:443 \
  -v $PWD/config:/config \
  -v $PWD/uploads:/config/www/lychee/uploads \
woahbase/alpine-lychee:x86_64
Multi-Arch Support

If you want to run images built for other architectures on the same host (e.g. a x86_64 machine), you will need to have the specific binary format support configured on your host machine before running the image (otherwise you get an exec format error). Here's how,

For recent images, we can use tonistiigi's binfmt image to register binary execution support for the target architecture, like the following,

docker run --rm --privileged tonistiigi/binfmt --install <architecture>

Architecture is that of the image we're trying to run, can be arm64 for aarch64, arm for both armv7l and armhf, or amd64 for x86_64. See binfmt.

Previously, multiarch, had made it easy for us by packing qemu into an image, so we could just run

docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

However, that image (see qemu-user-static) seems to have fallen behind in updates, and with newer images the binfmt method is preferable.

Now images built for other architectures will also be executable. This is optional though, without the above, you can still run the image that is specifically made to support your host architecture.

Configuration

  • Lychee is located at the endpoint /lychee/, with configurations at /config/lychee/ and data at /config/lychee/data/. Uploaded images go to /config/www/lychee/uploads.

  • Lychee source is located at /opt/lychee/lychee.zip.

  • These configurations are inherited from the nginx image:

    • Drop privileges to alpine whenever configured to. Respects PUID / PGID.

    • Binds to both http(80) and https(443). Publish whichever you need, or both.

    • Default configs setup a static site at / by copying /defaults/index.html at the webroot location /config/www/. Mount the /config/ locally to persist modifications (or your webapps). NGINX configs are at /config/nginx, and vhosts at /config/nginx/site-confs/.

    • 4096bit Self-signed SSL certificate is generated in first run at /config/keys. Pass the runtime variable SSLSUBJECT with a valid info string to make your own.

    • .htpasswd is generated with default credentials admin/insecurebydefault at /config/keys/.htpasswd

    • Sets up a https and auth protected web location at /secure.

    • If you're proxying multiple containers at the same host, or reverse proxying multiple hosts at the same container, you may need to add --net=host and/or add entries in your firewall to allow traffic.

Stop the container with a timeout, (defaults to 2 seconds)

docker stop -t 2 docker_lychee

Restart the container with

docker restart docker_lychee

Removes the container, (always better to stop it first and -f only when needed most)

docker rm -f docker_lychee
Shell access

Get a shell inside a already running container,

docker exec -it docker_lychee /bin/bash

Optionally, login as a non-root user, (default is alpine)

docker exec -u alpine -it docker_lychee /bin/bash

Or set user/group id e.g 1000/1000,

docker exec -u 1000:1000 -it docker_lychee /bin/bash
Logs

To check logs of a running container in real time

docker logs -f docker_lychee

Build Your Own

Feel free to clone (or fork) the repository and customize it for your own usage, build the image for yourself on your own systems, and optionally, push it to your own public (or private) repository.

Here's how...

Setting up

Before we clone the /repository, we must have Git, GNU make, and Docker (optionally, with buildx plugin for multi-platform images) setup on the machine. Also, for multi-platform annotations, we might require enabling experimental features of Docker.

Now, to get the code,

Clone the repository with,

git clone https://github.com/woahbase/alpine-lychee
cd alpine-lychee
Always Check Before You Make!

Did you know, we could check what any make target is going to execute before we actually run them, with

make -n <targetname> <optional args>

Build and Test

To create the image for your architecture, run the build and test target with

make build test

For building an image that targets another architecture, it is required to specify the ARCH parameter when building. e.g.

make build test ARCH=armhf 

make build test ARCH=x86_64

Make to Run

Running the image creates a container and either starts a service (for service images) or provides a shell (can be either a root-shell or usershell) to execute commands in, depending on the image. We can run the image with

make run

But if we just need a root-shell in the container without any fance pre-tasks (e.g. for debug or to test something bespoke), we can run bash in the container with --entrypoint /bin/bash. This is wrapped in the makefile as

make shell
Nothing vs All vs Run vs Shell

By default, if make is run without any arguments, it calls the target all. In our case this is usually mapped to the target run (which in turn may be mapped to shell).

There may be more such targets defined as per the usage of the image. Check the makefile for more information.

Push the Image

If the build and test steps finish without any error, and we want to use the image on other machines, it is the next step push the image we built to a container image repository (like /hub), for that, run the push target with

make push

If the built image targets another architecture then it is required to specify the ARCH parameter when pushing. e.g.

make push ARCH=armhf 

make push ARCH=x86_64

That's all folks! Happy containerizing!

Maintenance

Sources at Github. Images at Docker Hub.

Maintained (or sometimes a lack thereof?) by WOAHBase.