fc1d8a7a by Adam Heath

Merge branch 'master' of gitlab.brainfood.com:brainfood/docker-image-recipes

2 parents 88653337 82441f35
The MIT License (MIT)
Copyright (c) 2017 brainfood.com
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
This repository contains a series of simple docker image recipes. These are
meant to be referenced via docker-compose, and built for each project
separately. No sharing of images. This provides sanity for each project, as
you don't have to worry about an image changing underneath you. It also means
that you can be certain you can rebuild on your own whenever the situation
calls for it.
Here are the best practices in these files:
* Generally, any image listed here should run without any external
dependencies. No includes from other images, etc. This makes it easier to
understand and extend.
* Each Dockerfile is designed to have minimal layers. This makes rebuilds
faster, as there are less docker-runs. It also makes many things easier to
accomplish, as there is a real shell script that can do sophisticated
things.
* Images also tend to make use of standard, unmodified debian packages. Let
someone else do the hard-work of system integration, while these recipes
then just do slight tweaks.
* Any files that need to be shared between a host and a container should make
use of UID/GID being sent in from the host. The daemon in the container
should run as the UID/GID, and it's files changed to have that ownership.
During entrypoint, the target container user is then modified to have the
correct uid/gid setting. If there is no target user, then one should be
added during the image build, generally calling it hostuser/hostgroup.
* Daemons that have complex binary file setups should have those files created
during image build, then the entire structure placed in a tarball. The
entrypoint can then extract this seed tarball, but only if the target
directory is empty. This allows for the volume mounting of these
directories from the host. Make certain the uid/gid mapping is sane when
this occurs.
......@@ -4,12 +4,12 @@ set -ex
hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
if [[ $GID ]]; then
if [[ $GID && $GID -ne 0 ]]; then
old_gid=$(getent group hostgroup | cut -f 3 -d :)
groupmod -g $GID hostgroup
find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
fi
if [[ $UID ]]; then
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID hostuser
fi
......
FROM debian:stretch-slim
ARG JAVA_EXTRA_PACKAGES
COPY files/ /tmp/files/
RUN /tmp/files/configure
ENTRYPOINT ["/sbin/entrypoint"]
#!/bin/sh
set -e
apt-get update
mkdir -p /usr/share/man/man1
apt-get install -y ssmtp sudo openjdk-8-jdk $JAVA_EXTRA_PACKAGES
cp /tmp/files/entrypoint /sbin/entrypoint
addgroup hostgroup
adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser
rm -rf /tmp/files
#!/bin/bash
set -ex
TARGET_USER=hostuser
TARGET_GROUP=hostgroup
target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
if [[ $GID && $GID -ne 0 ]]; then
groupmod -g $GID "$TARGET_GROUP"
fi
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID "$TARGET_USER"
fi
find "$target_home" \
'(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
'(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
'(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
-true
if [[ $http_proxy =~ ^([^:]+)://([^/:]*)(:([0-9]+?))?(/.*)?$ ]]; then
http_proxy_protocol="${BASH_REMATCH[1]}"
http_proxy_domain="${BASH_REMATCH[2]}"
http_proxy_port="${BASH_REMATCH[4]}"
fi
if [[ $http_proxy ]]; then
mkdir -p "$target_home/.m2"
cat > "$target_home/.m2/settings.xml" << _EOF_
<settings>
<proxies>
<proxy>
<id>app-build-proxy</id>
<active>true</active>
<protocol>${http_proxy_protocol}</protocol>
<host>${http_proxy_domain}</host>
<port>${http_proxy_port}</port>
</proxy>
</proxies>
</settings>
_EOF_
fi
exec "$@"
FROM debian:stretch-slim
COPY files/ /tmp/files/
RUN /tmp/files/configure
ENTRYPOINT ["/sbin/entrypoint"]
VOLUME "/data"
CMD ["sudo", "-u", "mongodb", "/usr/bin/mongod", "--nounixsocket", "--dbpath", "/var/lib/mongodb"]
#!/bin/sh
set -e
apt-get update
apt-get install -y sudo ssmtp mongodb-server
cp /tmp/files/entrypoint /sbin/entrypoint
rm -rf /tmp/files
#!/bin/bash
set -ex
TARGET_USER=mongodb
TARGET_GROUP=mongodb
target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
if [[ $GID && $GID -ne 0 ]]; then
groupmod -g $GID "$TARGET_GROUP"
fi
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID "$TARGET_USER"
fi
find "$target_home" \
'(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
'(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
'(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
-true
exec "$@"
FROM debian:stretch-slim
COPY files/ /tmp/files/
RUN /tmp/files/configure
ENTRYPOINT ["/sbin/entrypoint"]
CMD ["/usr/bin/mysqld_safe"]
#!/bin/sh
set -e
apt-get update
apt-get install -y ssmtp mysql-server
mkdir /var/lib/container
tar -cC /var/lib/mysql/ . | gzip -9v > /var/lib/container/var_lib_mysql.tar.gz
rm -rf /var/lib/mysql
mkdir /var/lib/mysql
cp -a /tmp/files/entrypoint /sbin
rm -rf /tmp/files
#!/bin/bash
set -ex
_mysql() {
mysqld_safe "$@"
}
if [[ $GID && $GID -ne 0 ]]; then
old_gid=$(getent group mysql | cut -f 3 -d :)
groupmod -g $GID mysql
fi
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID mysql
fi
if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
mkdir -p /var/lib/mysql
zcat /var/lib/container/var_lib_mysql.tar.gz | tar -C /var/lib/mysql -xf -
fi
declare -i i=0
mysqld_safe --skip-networking &
while eval [[ \$DB_INFO_$i ]]; do
IFS=: eval declare -a DB_INFO=\(\$DB_INFO_$i\)
echo "database=${DB_INFO[0]} user=${DB_INFO[1]} password=${DB_INFO[2]}" 1>&2
mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "CREATE DATABASE IF NOT EXISTS \`${DB_INFO[0]}\` DEFAULT CHARACTER SET \`utf8mb4\` COLLATE \`utf8mb4_ci\`;"
mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "GRANT ALL PRIVILEGES ON \`${DB_INFO[0]}\`.* TO '${DB_INFO[1]}' IDENTIFIED BY '${DB_INFO[2]}';"
i=$(($i + 1))
done
mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "shutdown;"
wait
exec "$@"
FROM debian:stretch
FROM debian:stretch-slim
ARG NGINX_EXTRA_PACKAGES
COPY files/ /tmp/files/
RUN /tmp/files/configure
ENTRYPOINT ["/sbin/entrypoint.sh"]
ENTRYPOINT ["/sbin/entrypoint"]
CMD ["nginx", "-g", "daemon off;"]
......
......@@ -4,6 +4,6 @@ set -e
apt-get update
apt-get install -y ssmtp nginx libnginx-mod-http-subs-filter $NGINX_EXTRA_PACKAGES
rm /etc/nginx/sites-enabled/default
cp -a /tmp/files/entrypoint.sh /sbin
cp -a /tmp/files/entrypoint /sbin
rm -rf /tmp/files
......
FROM node
FROM debian:stretch-slim
ARG NODE_EXTRA_PACKAGES
COPY files/ /tmp/files/
RUN /tmp/files/configure
#ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp
#RUN ["chmod", "755", "/usr/local/bin/wp"]
ENTRYPOINT ["/root/entrypoint"]
#CMD ["/usr/sbin/php5-fpm", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php5/fpm/php-fpm.conf"]
ENTRYPOINT ["/sbin/entrypoint"]
......
; Per pool prefix
; It only applies on the following directives:
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
prefix = /srv/$pool
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 9000
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0666
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 10
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 1
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
; chroot = $prefix
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
; chdir = /
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/php5-fpm/error.log
php_admin_value[error_log] = /dev/stderr
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
......@@ -2,9 +2,20 @@
set -e
apt-get update
apt-get install -y ssmtp sudo $NODE_EXTRA_PACKAGES
#npm install -g gulp grunt
apt-get install -y apt-transport-https gnupg
cp /tmp/files/nodesource.list /etc/apt/sources.list.d
cp /tmp/files/nodesource.gpg.key /etc/apt/trusted.gpg.d/nodesource.asc
apt-get update
apt-get install -y ssmtp sudo nodejs npm $NODE_EXTRA_PACKAGES
if ! [ "z$NPM_GLOBAL_INSTALL" = "z" ]; then
npm install -g $NPM_GLOBAL_INSTALL
fi
addgroup node
adduser --gecos 'node' --ingroup node --disabled-password node
cp /tmp/files/entrypoint /root/entrypoint
cp /tmp/files/entrypoint /sbin/entrypoint
rm -rf /tmp/files
......
......@@ -4,14 +4,24 @@ set -ex
node_home="$(getent passwd node | cut -f 6 -d :)"
if [[ $GID ]]; then
old_gid=$(getent group node | cut -f 3 -d :)
if [[ $GID && $GID -ne 0 ]]; then
groupmod -g $GID node
find "$node_home" -gid $old_gid -print0 | xargs -0r chgrp node
fi
if [[ $UID ]]; then
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID node
fi
find "$node_home" \
'(' -not -user node -a -not -group node -exec chown node:node '{}' + ')' -o \
'(' -not -user node -exec chown node '{}' + ')' -o \
'(' -not -group node -exec chgrp node '{}' + ')' -o \
-true
npm -g config set http_proxy "$http_proxy"
npm -g config set https_proxy "$http_proxy"
sudo -u node npm config set http_proxy "$http_proxy"
sudo -u node npm config set https_proxy "$http_proxy"
if [[ -e package.json ]]; then
sudo -u node npm install
fi
......
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
Comment: GPGTools - https://gpgtools.org
mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+
W6DHY3kK3a+2bxrax9EqKe7uxkSKf95gfns+I9+R+RJfRpb1qvljURr54y35IZgs
fMG22Np+TmM2RLgdFCZa18h0+RbH9i0b+ZrB9XPZmLb/h9ou7SowGqQ3wwOtT3Vy
qmif0A2GCcjFTqWW6TXaY8eZJ9BCEqW3k/0Cjw7K/mSy/utxYiUIvZNKgaG/P8U7
89QyvxeRxAf93YFAVzMXhoKxu12IuH4VnSwAfb8gQyxKRyiGOUwk0YoBPpqRnMmD
Dl7SdmY3oQHEJzBelTMjTM8AjbB9mWoPBX5G8t4u47/FZ6PgdfmRg9hsKXhkLJc7
C1btblOHNgDx19fzASWX+xOjZiKpP6MkEEzq1bilUFul6RDtxkTWsTa5TGixgCB/
G2fK8I9JL/yQhDc6OGY9mjPOxMb5PgUlT8ox3v8wt25erWj9z30QoEBwfSg4tzLc
Jq6N/iepQemNfo6Is+TG+JzI6vhXjlsBm/Xmz0ZiFPPObAH/vGCY5I6886vXQ7ft
qWHYHT8jz/R4tigMGC+tvZ/kcmYBsLCCI5uSEP6JJRQQhHrCvOX0UaytItfsQfLm
EYRd2F72o1yGh3yvWWfDIBXRmaBuIGXGpajC0JyBGSOWb9UxMNZY/2LJEwARAQAB
tB9Ob2RlU291cmNlIDxncGdAbm9kZXNvdXJjZS5jb20+iQI4BBMBAgAiBQJTmyS2
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWVaCraFdigHTmD/9OKhUy
jJ+h8gMRg6ri5EQxOExccSRU0i7UHktecSs0DVC4lZG9AOzBe+Q36cym5Z1di6JQ
kHl69q3zBdV3KTW+H1pdmnZlebYGz8paG9iQ/wS9gpnSeEyx0Enyi167Bzm0O4A1
GK0prkLnz/yROHHEfHjsTgMvFwAnf9uaxwWgE1d1RitIWgJpAnp1DZ5O0uVlsPPm
XAhuBJ32mU8S5BezPTuJJICwBlLYECGb1Y65Cil4OALU7T7sbUqfLCuaRKxuPtcU
VnJ6/qiyPygvKZWhV6Od0Yxlyed1kftMJyYoL8kPHfeHJ+vIyt0s7cropfiwXoka
1iJB5nKyt/eqMnPQ9aRpqkm9ABS/r7AauMA/9RALudQRHBdWIzfIg0Mlqb52yyTI
IgQJHNGNX1T3z1XgZhI+Vi8SLFFSh8x9FeUZC6YJu0VXXj5iz+eZmk/nYjUt4Mtc
pVsVYIB7oIDIbImODm8ggsgrIzqxOzQVP1zsCGek5U6QFc9GYrQ+Wv3/fG8hfkDn
xXLww0OGaEQxfodm8cLFZ5b8JaG3+Yxfe7JkNclwvRimvlAjqIiW5OK0vvfHco+Y
gANhQrlMnTx//IdZssaxvYytSHpPZTYw+qPEjbBJOLpoLrz8ZafN1uekpAqQjffI
AOqW9SdIzq/kSHgl0bzWbPJPw86XzzftewjKNbkCDQRTmyS2ARAAxSSdQi+WpPQZ
fOflkx9sYJa0cWzLl2w++FQnZ1Pn5F09D/kPMNh4qOsyvXWlekaV/SseDZtVziHJ
Km6V8TBG3flmFlC3DWQfNNFwn5+pWSB8WHG4bTA5RyYEEYfpbekMtdoWW/Ro8Kmh
41nuxZDSuBJhDeFIp0ccnN2Lp1o6XfIeDYPegyEPSSZqrudfqLrSZhStDlJgXjea
JjW6UP6txPtYaaila9/Hn6vF87AQ5bR2dEWB/xRJzgNwRiax7KSU0xca6xAuf+TD
xCjZ5pp2JwdCjquXLTmUnbIZ9LGV54UZ/MeiG8yVu6pxbiGnXo4Ekbk6xgi1ewLi
vGmz4QRfVklV0dba3Zj0fRozfZ22qUHxCfDM7ad0eBXMFmHiN8hg3IUHTO+UdlX/
aH3gADFAvSVDv0v8t6dGc6XE9Dr7mGEFnQMHO4zhM1HaS2Nh0TiL2tFLttLbfG5o
QlxCfXX9/nasj3K9qnlEg9G3+4T7lpdPmZRRe1O8cHCI5imVg6cLIiBLPO16e0fK
yHIgYswLdrJFfaHNYM/SWJxHpX795zn+iCwyvZSlLfH9mlegOeVmj9cyhN/VOmS3
QRhlYXoA2z7WZTNoC6iAIlyIpMTcZr+ntaGVtFOLS6fwdBqDXjmSQu66mDKwU5Ek
fNlbyrpzZMyFCDWEYo4AIR/18aGZBYUAEQEAAYkCHwQYAQIACQUCU5sktgIbDAAK
CRAWVaCraFdigIPQEACcYh8rR19wMZZ/hgYv5so6Y1HcJNARuzmffQKozS/rxqec
0xM3wceL1AIMuGhlXFeGd0wRv/RVzeZjnTGwhN1DnCDy1I66hUTgehONsfVanuP1
PZKoL38EAxsMzdYgkYH6T9a4wJH/IPt+uuFTFFy3o8TKMvKaJk98+Jsp2X/QuNxh
qpcIGaVbtQ1bn7m+k5Qe/fz+bFuUeXPivafLLlGc6KbdgMvSW9EVMO7yBy/2JE15
ZJgl7lXKLQ31VQPAHT3an5IV2C/ie12eEqZWlnCiHV/wT+zhOkSpWdrheWfBT+ac
hR4jDH80AS3F8jo3byQATJb3RoCYUCVc3u1ouhNZa5yLgYZ/iZkpk5gKjxHPudFb
DdWjbGflN9k17VCf4Z9yAb9QMqHzHwIGXrb7ryFcuROMCLLVUp07PrTrRxnO9A/4
xxECi0l/BzNxeU1gK88hEaNjIfviPR/h6Gq6KOcNKZ8rVFdwFpjbvwHMQBWhrqfu
G3KaePvbnObKHXpfIKoAM7X2qfO+IFnLGTPyhFTcrl6vZBTMZTfZiC1XDQLuGUnd
sckuXINIU3DFWzZGr0QrqkuE/jyr7FXeUJj9B7cLo+s/TXo+RaVfi3kOc9BoxIvy
/qiNGs/TKy2/Ujqp/affmIMoMXSozKmga81JSwkADO1JMgUy6dApXz9kP4EE3g==
=CLGF
-----END PGP PUBLIC KEY BLOCK-----
deb https://deb.nodesource.com/node_8.x stretch main
FROM debian:stretch
FROM debian:stretch-slim
ARG PHPFPM_EXTRA_PACKAGES
......@@ -8,5 +8,5 @@ RUN /tmp/files/configure
ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp
RUN ["chmod", "755", "/usr/local/bin/wp"]
ENTRYPOINT ["/root/entrypoint"]
ENTRYPOINT ["/sbin/entrypoint"]
CMD ["/usr/sbin/php-fpm7.0", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"]
......
......@@ -7,7 +7,7 @@ apt-get install -y sudo ssmtp php7.0-fpm php7.0-mysql php7.0-curl php7.0-imagick
rm /etc/php/7.0/fpm/pool.d/www.conf
cp -a /tmp/files/app-defaults.conf /etc/php/7.0/fpm
cp /tmp/files/entrypoint /root/entrypoint
cp /tmp/files/entrypoint /sbin/entrypoint
addgroup hostgroup
adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser
......
......@@ -4,12 +4,12 @@ set -ex
hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
if [[ $GID ]]; then
if [[ $GID && $GID -ne 0 ]]; then
old_gid=$(getent group hostgroup | cut -f 3 -d :)
groupmod -g $GID hostgroup
find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
fi
if [[ $UID ]]; then
if [[ $UID && $GID -ne 0 ]]; then
usermod -u $UID hostuser
fi
mkdir -p /run/php
......
......@@ -4,12 +4,12 @@ set -ex
hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
if [[ $GID ]]; then
if [[ $GID && $GID -ne 0 ]]; then
old_gid=$(getent group hostgroup | cut -f 3 -d :)
groupmod -g $GID hostgroup
find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
fi
if [[ $UID ]]; then
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID hostuser
fi
......
FROM debian:stretch-slim
ARG POSTGRESQL_EXTRA_PACKAGES
COPY files/ /tmp/files
RUN /tmp/files/configure
ENTRYPOINT ["/sbin/entrypoint"]
CMD ["pg_ctlcluster", "9.6", "main", "start", "--foreground"]
#!/bin/sh
set -e
mkdir /usr/share/man/man1 /usr/share/man/man7
cp /tmp/files/no-suggests-recommends.conf /etc/apt/apt.conf.d/no-suggests-recommends
apt-get update
apt-get install -y postgresql-9.6 \
$POSTGRESQL_EXTRA_PACKAGES \
&& true
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
mkdir /var/lib/container
tar -cC /var/lib/postgresql/ . | gzip -9v > /var/lib/container/var_lib_postgresql.tar.gz
rm -rf /var/lib/postgresql
mkdir /var/lib/postgresql
cp -a /tmp/files/entrypoint /sbin
rm -rf /tmp/files
#!/bin/bash
set -ex
if [[ $(find /var/lib/postgresql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
zcat /var/lib/container/var_lib_postgresql.tar.gz | tar xf - -C /var/lib/postgresql
fi
postgres_home="$(getent passwd postgres | cut -f 6 -d :)"
if [[ $GID && $GID -ne 0 ]]; then
old_gid=$(getent group postgres | cut -f 3 -d :)
groupmod -g $GID postgres
find "$postgres_home" /etc/postgresql /var/run/postgresql -gid $old_gid -print0 | xargs -0r chgrp postgres
fi
if [[ $UID && $UID -ne 0 ]]; then
old_uid=$(getent passwd postgres | cut -f 3 -d :)
usermod -u $UID postgres
find /etc/postgresql /var/run/postgresql -uid $old_uid -print0 | xargs -0r chown postgres
fi
exec "$@"
APT::Install-Suggests false;
APT::Install-Recommends false;
FROM debian:stretch-slim
COPY files/ /tmp/files/
RUN /tmp/files/configure
ENTRYPOINT ["/sbin/entrypoint"]
VOLUME "/data"
CMD ["sudo", "-u", "redis", "redis-server", "/etc/redis/redis.conf"],
#!/bin/sh
set -e
apt-get update
apt-get install -y sudo ssmtp redis-server
cp /tmp/files/entrypoint /sbin/entrypoint
rm -rf /tmp/files
#!/bin/bash
set -ex
TARGET_GROUP=redis
TARGET_USER=redis
target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
if [[ $GID && $GID -ne 0 ]]; then
groupmod -g $GID "$TARGET_GROUP"
fi
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID "$TARGET_USER"
fi
find "$target_home" \
'(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
'(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
'(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
-true
exec "$@"
......@@ -4,12 +4,12 @@ set -ex
hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
if [[ $GID ]]; then
if [[ $GID && $GID -ne 0 ]]; then
old_gid=$(getent group hostgroup | cut -f 3 -d :)
groupmod -g $GID hostgroup
find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
fi
if [[ $UID ]]; then
if [[ $UID && $UID -ne 0 ]]; then
usermod -u $UID hostuser
fi
......