administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-01 16:55:21 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Run frigate & nginx inside of container as user 'frigate' and allow a way to set the uid and gid of this user to better facilitate network storage mounts.

Browse Source
This commit is contained in:
Ilya Rakhlin 2021-08-14 16:46:48 -04:00 committed by Ilya Rakhlin
parent 1f1a708388
commit 6b462e482c
11 changed files with 55 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@ -18,7 +18,7 @@ nginx_frigate:
docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag blakeblackshear/frigate-nginx:1.0.2 --file docker/Dockerfile.nginx . docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag blakeblackshear/frigate-nginx:1.0.2 --file docker/Dockerfile.nginx .
amd64_frigate: version web amd64_frigate: version web
docker build --no-cache --tag frigate-base --build-arg ARCH=amd64 --build-arg FFMPEG_VERSION=1.1.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base . docker build --no-cache --tag frigate-base --build-arg ARCH=amd64 --build-arg OVERLAY_ARCH=amd64 --build-arg FFMPEG_VERSION=1.1.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
docker build --no-cache --tag frigate --file docker/Dockerfile.amd64 . docker build --no-cache --tag frigate --file docker/Dockerfile.amd64 .
amd64_all: amd64_wheels amd64_ffmpeg amd64_frigate amd64_all: amd64_wheels amd64_ffmpeg amd64_frigate
@ -30,7 +30,7 @@ amd64nvidia_ffmpeg:
docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-amd64nvidia --file docker/Dockerfile.ffmpeg.amd64nvidia . docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-amd64nvidia --file docker/Dockerfile.ffmpeg.amd64nvidia .
amd64nvidia_frigate: version web amd64nvidia_frigate: version web
docker build --no-cache --tag frigate-base --build-arg ARCH=amd64nvidia --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base . docker build --no-cache --tag frigate-base --build-arg ARCH=amd64nvidia --build-arg OVERLAY_ARCH=amd64 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
docker build --no-cache --tag frigate --file docker/Dockerfile.amd64nvidia . docker build --no-cache --tag frigate --file docker/Dockerfile.amd64nvidia .
amd64nvidia_all: amd64nvidia_wheels amd64nvidia_ffmpeg amd64nvidia_frigate amd64nvidia_all: amd64nvidia_wheels amd64nvidia_ffmpeg amd64nvidia_frigate
@ -42,7 +42,7 @@ aarch64_ffmpeg:
docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-aarch64 --file docker/Dockerfile.ffmpeg.aarch64 . docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-aarch64 --file docker/Dockerfile.ffmpeg.aarch64 .
aarch64_frigate: version web aarch64_frigate: version web
docker build --no-cache --tag frigate-base --build-arg ARCH=aarch64 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base . docker build --no-cache --tag frigate-base --build-arg ARCH=aarch64 --build-arg OVERLAY_ARCH=aarch64 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
docker build --no-cache --tag frigate --file docker/Dockerfile.aarch64 . docker build --no-cache --tag frigate --file docker/Dockerfile.aarch64 .
armv7_all: armv7_wheels armv7_ffmpeg armv7_frigate armv7_all: armv7_wheels armv7_ffmpeg armv7_frigate
@ -54,7 +54,7 @@ armv7_ffmpeg:
docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-armv7 --file docker/Dockerfile.ffmpeg.armv7 . docker build --no-cache --pull --tag blakeblackshear/frigate-ffmpeg:1.2.0-armv7 --file docker/Dockerfile.ffmpeg.armv7 .
armv7_frigate: version web armv7_frigate: version web
docker build --no-cache --tag frigate-base --build-arg ARCH=armv7 --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base . docker build --no-cache --tag frigate-base --build-arg ARCH=armv7 --build-arg OVERLAY_ARCH=armhf --build-arg FFMPEG_VERSION=1.0.0 --build-arg WHEELS_VERSION=1.0.3 --build-arg NGINX_VERSION=1.0.2 --file docker/Dockerfile.base .
docker build --no-cache --tag frigate --file docker/Dockerfile.armv7 . docker build --no-cache --tag frigate --file docker/Dockerfile.armv7 .
armv7_all: armv7_wheels armv7_ffmpeg armv7_frigate armv7_all: armv7_wheels armv7_ffmpeg armv7_frigate

4
docker/Dockerfile.aarch64
View File

@ -19,10 +19,6 @@ RUN apt-get -qq update \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& (apt-get autoremove -y; apt-get autoclean -y) && (apt-get autoremove -y; apt-get autoclean -y)
# s6-overlay
ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-aarch64-installer /tmp/
RUN chmod +x /tmp/s6-overlay-aarch64-installer && /tmp/s6-overlay-aarch64-installer /
ENTRYPOINT ["/init"] ENTRYPOINT ["/init"]
CMD ["python3", "-u", "-m", "frigate"] CMD ["python3", "-u", "-m", "frigate"]

4
docker/Dockerfile.amd64
View File

@ -19,10 +19,6 @@ RUN apt-get -qq update \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& (apt-get autoremove -y; apt-get autoclean -y) && (apt-get autoremove -y; apt-get autoclean -y)
# s6-overlay
ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-amd64-installer /tmp/
RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer /
ENTRYPOINT ["/init"] ENTRYPOINT ["/init"]
CMD ["python3", "-u", "-m", "frigate"] CMD ["python3", "-u", "-m", "frigate"]

4
docker/Dockerfile.amd64nvidia
View File

@ -42,10 +42,6 @@ ENV NVIDIA_VISIBLE_DEVICES all
ENV NVIDIA_DRIVER_CAPABILITIES compute,utility,video ENV NVIDIA_DRIVER_CAPABILITIES compute,utility,video
ENV NVIDIA_REQUIRE_CUDA "cuda>=11.1 brand=tesla,driver>=418,driver<419 brand=tesla,driver>=440,driver<441 brand=tesla,driver>=450,driver<451" ENV NVIDIA_REQUIRE_CUDA "cuda>=11.1 brand=tesla,driver>=418,driver<419 brand=tesla,driver>=440,driver<441 brand=tesla,driver>=450,driver<451"
# s6-overlay
ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-amd64-installer /tmp/
RUN chmod +x /tmp/s6-overlay-amd64-installer && /tmp/s6-overlay-amd64-installer /
ENTRYPOINT ["/init"] ENTRYPOINT ["/init"]
CMD ["python3", "-u", "-m", "frigate"] CMD ["python3", "-u", "-m", "frigate"]

4
docker/Dockerfile.armv7
View File

@ -21,10 +21,6 @@ RUN apt-get -qq update \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& (apt-get autoremove -y; apt-get autoclean -y) && (apt-get autoremove -y; apt-get autoclean -y)
# s6-overlay
ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-armhf-installer /tmp/
RUN chmod +x /tmp/s6-overlay-armhf-installer && /tmp/s6-overlay-armhf-installer /
ENTRYPOINT ["/init"] ENTRYPOINT ["/init"]
CMD ["python3", "-u", "-m", "frigate"] CMD ["python3", "-u", "-m", "frigate"]

10
docker/Dockerfile.base
View File

@ -10,6 +10,8 @@ FROM frigate-web as web
FROM ubuntu:20.04 FROM ubuntu:20.04
LABEL maintainer "blakeb@blakeshome.com" LABEL maintainer "blakeb@blakeshome.com"
ARG OVERLAY_ARCH=amd64
COPY --from=ffmpeg /usr/local /usr/local/ COPY --from=ffmpeg /usr/local /usr/local/
COPY --from=wheels /wheels/. /wheels/ COPY --from=wheels /wheels/. /wheels/
@ -49,6 +51,14 @@ ADD migrations migrations/
COPY --from=web /opt/frigate/build web/ COPY --from=web /opt/frigate/build web/
# s6-overlay
ADD https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-${OVERLAY_ARCH}-installer /tmp/
RUN chmod +x /tmp/s6-overlay-${OVERLAY_ARCH}-installer && \
/tmp/s6-overlay-${OVERLAY_ARCH}-installer / && \
useradd -u 1000 -U -d /config -s /bin/false frigate && \
usermod -G users frigate && \
mv /usr/bin/with-contenv /usr/bin/with-contenvb
COPY docker/rootfs/ / COPY docker/rootfs/ /
EXPOSE 5000 EXPOSE 5000

16
docker/rootfs/etc/cont-init.d/01-envfile Normal file
View File

@ -0,0 +1,16 @@
#! /bin/bash
if [[ "$(ls /var/run/s6/container_environment/ | xargs)" == *"FILE__"* ]]; then
for FILENAME in /var/run/s6/container_environment/*; do
if [[ "${FILENAME##*/}" == "FILE__"* ]]; then
SECRETFILE=$(cat ${FILENAME})
if [[ -f ${SECRETFILE} ]]; then
FILESTRIP=${FILENAME//FILE__/}
cat ${SECRETFILE} > ${FILESTRIP}
echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
else
echo "[env-init] cannot find secret in ${FILENAME##*/}"
fi
fi
done
fi

12
docker/rootfs/etc/cont-init.d/10-adduser Normal file
View File

@ -0,0 +1,12 @@
#!/usr/bin/with-contenv bash
PUID=${PUID:-1000}
PGID=${PGID:-1000}
groupmod -o -g "$PGID" frigate
usermod -o -u "$PUID" frigate
chown -R frigate:frigate /opt/frigate/frigate
chown -R frigate:frigate /opt/frigate/migrations
chown -R frigate:frigate /opt/frigate/web
chown -R frigate:frigate /usr/local/nginx

7
docker/rootfs/usr/bin/with-contenv Executable file
View File

@ -0,0 +1,7 @@
#! /bin/bash
if [[ -f /var/run/s6/container_environment/UMASK ]] && [[ "$(pwdx $$)" =~ "/run/s6/services/" ]]; then
umask $(cat /var/run/s6/container_environment/UMASK)
exec /usr/bin/with-contenvb "$@"
else
exec /usr/bin/with-contenvb "$@"
fi

12
docker/rootfs/usr/local/nginx/conf/nginx.conf
View File

@ -1,8 +1,8 @@
daemon off; daemon off;
worker_processes 1; worker_processes 1;
user frigate;
error_log /usr/local/nginx/logs/error.log warn; error_log /usr/local/nginx/logs/error.log warn;
pid /var/run/nginx.pid; pid /usr/local/nginx/nginx.pid;
events { events {
worker_connections 1024; worker_connections 1024;
@ -71,9 +71,6 @@ http {
location /vod/ { location /vod/ {
vod hls; vod hls;
secure_token $args;
secure_token_types application/vnd.apple.mpegurl;
add_header Access-Control-Allow-Headers '*'; add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range'; add_header Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range';
add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS'; add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';
@ -125,11 +122,6 @@ http {
root /media/frigate; root /media/frigate;
} }
location /cache/ {
internal; # This tells nginx it's not accessible from the outside
alias /tmp/cache/;
}
location /recordings/ { location /recordings/ {
add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Credentials' 'true';

4
docs/docs/installation.md
View File

@ -57,6 +57,8 @@ services:
- "1935:1935" # RTMP feeds - "1935:1935" # RTMP feeds
environment: environment:
FRIGATE_RTSP_PASSWORD: "password" FRIGATE_RTSP_PASSWORD: "password"
PUID: 1000 # uid for frigate process
PGID: 1000 # gid for frigate process
``` ```
If you can't use docker compose, you can run the container with something similar to this: If you can't use docker compose, you can run the container with something similar to this:
@ -72,6 +74,8 @@ docker run -d \
-v <path_to_config_file>:/config/config.yml:ro \ -v <path_to_config_file>:/config/config.yml:ro \
-v /etc/localtime:/etc/localtime:ro \ -v /etc/localtime:/etc/localtime:ro \
-e FRIGATE_RTSP_PASSWORD='password' \ -e FRIGATE_RTSP_PASSWORD='password' \
-e PUID=1000 \
-e PGID=1000 \
-p 5000:5000 \ -p 5000:5000 \
-p 1935:1935 \ -p 1935:1935 \
blakeblackshear/frigate:<specify_version_tag> blakeblackshear/frigate:<specify_version_tag>