fc1d8a7a by Adam Heath

Merge branch 'master' of gitlab.brainfood.com:brainfood/docker-image-recipes

2 parents 88653337 82441f35
1 The MIT License (MIT)
2
3 Copyright (c) 2017 brainfood.com
4
5 Permission is hereby granted, free of charge, to any person obtaining a copy
6 of this software and associated documentation files (the "Software"), to deal
7 in the Software without restriction, including without limitation the rights
8 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 copies of the Software, and to permit persons to whom the Software is
10 furnished to do so, subject to the following conditions:
11
12 The above copyright notice and this permission notice shall be included in all
13 copies or substantial portions of the Software.
14
15 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 SOFTWARE.
1 This repository contains a series of simple docker image recipes. These are
2 meant to be referenced via docker-compose, and built for each project
3 separately. No sharing of images. This provides sanity for each project, as
4 you don't have to worry about an image changing underneath you. It also means
5 that you can be certain you can rebuild on your own whenever the situation
6 calls for it.
7
8 Here are the best practices in these files:
9
10 * Generally, any image listed here should run without any external
11 dependencies. No includes from other images, etc. This makes it easier to
12 understand and extend.
13
14 * Each Dockerfile is designed to have minimal layers. This makes rebuilds
15 faster, as there are less docker-runs. It also makes many things easier to
16 accomplish, as there is a real shell script that can do sophisticated
17 things.
18
19 * Images also tend to make use of standard, unmodified debian packages. Let
20 someone else do the hard-work of system integration, while these recipes
21 then just do slight tweaks.
22
23 * Any files that need to be shared between a host and a container should make
24 use of UID/GID being sent in from the host. The daemon in the container
25 should run as the UID/GID, and it's files changed to have that ownership.
26
27 During entrypoint, the target container user is then modified to have the
28 correct uid/gid setting. If there is no target user, then one should be
29 added during the image build, generally calling it hostuser/hostgroup.
30
31 * Daemons that have complex binary file setups should have those files created
32 during image build, then the entire structure placed in a tarball. The
33 entrypoint can then extract this seed tarball, but only if the target
34 directory is empty. This allows for the volume mounting of these
35 directories from the host. Make certain the uid/gid mapping is sane when
36 this occurs.
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 15
......
1 FROM debian:stretch-slim
2
3 ARG JAVA_EXTRA_PACKAGES
4
5 COPY files/ /tmp/files/
6 RUN /tmp/files/configure
7
8 ENTRYPOINT ["/sbin/entrypoint"]
1 #!/bin/sh
2
3 set -e
4 apt-get update
5 mkdir -p /usr/share/man/man1
6 apt-get install -y ssmtp sudo openjdk-8-jdk $JAVA_EXTRA_PACKAGES
7
8 cp /tmp/files/entrypoint /sbin/entrypoint
9
10 addgroup hostgroup
11 adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser
12
13 rm -rf /tmp/files
1 #!/bin/bash
2
3 set -ex
4
5 TARGET_USER=hostuser
6 TARGET_GROUP=hostgroup
7
8 target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
9
10 if [[ $GID && $GID -ne 0 ]]; then
11 groupmod -g $GID "$TARGET_GROUP"
12 fi
13 if [[ $UID && $UID -ne 0 ]]; then
14 usermod -u $UID "$TARGET_USER"
15 fi
16
17 find "$target_home" \
18 '(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
19 '(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
20 '(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
21 -true
22
23 if [[ $http_proxy =~ ^([^:]+)://([^/:]*)(:([0-9]+?))?(/.*)?$ ]]; then
24 http_proxy_protocol="${BASH_REMATCH[1]}"
25 http_proxy_domain="${BASH_REMATCH[2]}"
26 http_proxy_port="${BASH_REMATCH[4]}"
27 fi
28
29 if [[ $http_proxy ]]; then
30 mkdir -p "$target_home/.m2"
31 cat > "$target_home/.m2/settings.xml" << _EOF_
32 <settings>
33 <proxies>
34 <proxy>
35 <id>app-build-proxy</id>
36 <active>true</active>
37 <protocol>${http_proxy_protocol}</protocol>
38 <host>${http_proxy_domain}</host>
39 <port>${http_proxy_port}</port>
40 </proxy>
41 </proxies>
42 </settings>
43 _EOF_
44 fi
45
46 exec "$@"
1 FROM debian:stretch-slim
2
3 COPY files/ /tmp/files/
4 RUN /tmp/files/configure
5
6 ENTRYPOINT ["/sbin/entrypoint"]
7 VOLUME "/data"
8 CMD ["sudo", "-u", "mongodb", "/usr/bin/mongod", "--nounixsocket", "--dbpath", "/var/lib/mongodb"]
1 #!/bin/sh
2
3 set -e
4 apt-get update
5 apt-get install -y sudo ssmtp mongodb-server
6
7 cp /tmp/files/entrypoint /sbin/entrypoint
8
9 rm -rf /tmp/files
1 #!/bin/bash
2
3 set -ex
4
5 TARGET_USER=mongodb
6 TARGET_GROUP=mongodb
7
8 target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
9
10 if [[ $GID && $GID -ne 0 ]]; then
11 groupmod -g $GID "$TARGET_GROUP"
12 fi
13 if [[ $UID && $UID -ne 0 ]]; then
14 usermod -u $UID "$TARGET_USER"
15 fi
16
17 find "$target_home" \
18 '(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
19 '(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
20 '(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
21 -true
22
23 exec "$@"
1 FROM debian:stretch-slim
2
3 COPY files/ /tmp/files/
4 RUN /tmp/files/configure
5
6 ENTRYPOINT ["/sbin/entrypoint"]
7 CMD ["/usr/bin/mysqld_safe"]
1 #!/bin/sh
2
3 set -e
4 apt-get update
5 apt-get install -y ssmtp mysql-server
6
7 mkdir /var/lib/container
8 tar -cC /var/lib/mysql/ . | gzip -9v > /var/lib/container/var_lib_mysql.tar.gz
9 rm -rf /var/lib/mysql
10 mkdir /var/lib/mysql
11
12 cp -a /tmp/files/entrypoint /sbin
13
14 rm -rf /tmp/files
1 #!/bin/bash
2
3 set -ex
4
5 _mysql() {
6 mysqld_safe "$@"
7 }
8
9 if [[ $GID && $GID -ne 0 ]]; then
10 old_gid=$(getent group mysql | cut -f 3 -d :)
11 groupmod -g $GID mysql
12 fi
13
14 if [[ $UID && $UID -ne 0 ]]; then
15 usermod -u $UID mysql
16 fi
17
18 if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
19 mkdir -p /var/lib/mysql
20 zcat /var/lib/container/var_lib_mysql.tar.gz | tar -C /var/lib/mysql -xf -
21 fi
22
23 declare -i i=0
24 mysqld_safe --skip-networking &
25 while eval [[ \$DB_INFO_$i ]]; do
26 IFS=: eval declare -a DB_INFO=\(\$DB_INFO_$i\)
27 echo "database=${DB_INFO[0]} user=${DB_INFO[1]} password=${DB_INFO[2]}" 1>&2
28 mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "CREATE DATABASE IF NOT EXISTS \`${DB_INFO[0]}\` DEFAULT CHARACTER SET \`utf8mb4\` COLLATE \`utf8mb4_ci\`;"
29 mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "GRANT ALL PRIVILEGES ON \`${DB_INFO[0]}\`.* TO '${DB_INFO[1]}' IDENTIFIED BY '${DB_INFO[2]}';"
30 i=$(($i + 1))
31 done
32 mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "shutdown;"
33 wait
34
35 exec "$@"
1 FROM debian:stretch 1 FROM debian:stretch-slim
2 2
3 ARG NGINX_EXTRA_PACKAGES 3 ARG NGINX_EXTRA_PACKAGES
4 4
5 COPY files/ /tmp/files/ 5 COPY files/ /tmp/files/
6 RUN /tmp/files/configure 6 RUN /tmp/files/configure
7 7
8 ENTRYPOINT ["/sbin/entrypoint.sh"] 8 ENTRYPOINT ["/sbin/entrypoint"]
9 CMD ["nginx", "-g", "daemon off;"] 9 CMD ["nginx", "-g", "daemon off;"]
......
...@@ -4,6 +4,6 @@ set -e ...@@ -4,6 +4,6 @@ set -e
4 apt-get update 4 apt-get update
5 apt-get install -y ssmtp nginx libnginx-mod-http-subs-filter $NGINX_EXTRA_PACKAGES 5 apt-get install -y ssmtp nginx libnginx-mod-http-subs-filter $NGINX_EXTRA_PACKAGES
6 rm /etc/nginx/sites-enabled/default 6 rm /etc/nginx/sites-enabled/default
7 cp -a /tmp/files/entrypoint.sh /sbin 7 cp -a /tmp/files/entrypoint /sbin
8 8
9 rm -rf /tmp/files 9 rm -rf /tmp/files
......
1 FROM node 1 FROM debian:stretch-slim
2 2
3 ARG NODE_EXTRA_PACKAGES 3 ARG NODE_EXTRA_PACKAGES
4 4
5 COPY files/ /tmp/files/ 5 COPY files/ /tmp/files/
6 RUN /tmp/files/configure 6 RUN /tmp/files/configure
7 7
8 #ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp 8 ENTRYPOINT ["/sbin/entrypoint"]
9 #RUN ["chmod", "755", "/usr/local/bin/wp"]
10
11 ENTRYPOINT ["/root/entrypoint"]
12 #CMD ["/usr/sbin/php5-fpm", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php5/fpm/php-fpm.conf"]
......
1 ; Per pool prefix
2 ; It only applies on the following directives:
3 ; - 'slowlog'
4 ; - 'listen' (unixsocket)
5 ; - 'chroot'
6 ; - 'chdir'
7 ; - 'php_values'
8 ; - 'php_admin_values'
9 ; When not set, the global prefix (or /usr) applies instead.
10 ; Note: This directive can also be relative to the global prefix.
11 ; Default Value: none
12 prefix = /srv/$pool
13
14 ; The address on which to accept FastCGI requests.
15 ; Valid syntaxes are:
16 ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
17 ; a specific port;
18 ; 'port' - to listen on a TCP socket to all addresses on a
19 ; specific port;
20 ; '/path/to/unix/socket' - to listen on a unix socket.
21 ; Note: This value is mandatory.
22 listen = 9000
23
24 ; Set listen(2) backlog.
25 ; Default Value: 128 (-1 on FreeBSD and OpenBSD)
26 ;listen.backlog = 128
27
28 ; Set permissions for unix socket, if one is used. In Linux, read/write
29 ; permissions must be set in order to allow connections from a web server. Many
30 ; BSD-derived systems allow connections regardless of permissions.
31 ; Default Values: user and group are set as the running user
32 ; mode is set to 0666
33 ;listen.owner = www-data
34 ;listen.group = www-data
35 ;listen.mode = 0666
36
37 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
38 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
39 ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
40 ; must be separated by a comma. If this value is left blank, connections will be
41 ; accepted from any ip address.
42 ; Default Value: any
43 ;listen.allowed_clients = 127.0.0.1
44
45 ; Choose how the process manager will control the number of child processes.
46 ; Possible Values:
47 ; static - a fixed number (pm.max_children) of child processes;
48 ; dynamic - the number of child processes are set dynamically based on the
49 ; following directives. With this process management, there will be
50 ; always at least 1 children.
51 ; pm.max_children - the maximum number of children that can
52 ; be alive at the same time.
53 ; pm.start_servers - the number of children created on startup.
54 ; pm.min_spare_servers - the minimum number of children in 'idle'
55 ; state (waiting to process). If the number
56 ; of 'idle' processes is less than this
57 ; number then some children will be created.
58 ; pm.max_spare_servers - the maximum number of children in 'idle'
59 ; state (waiting to process). If the number
60 ; of 'idle' processes is greater than this
61 ; number then some children will be killed.
62 ; ondemand - no children are created at startup. Children will be forked when
63 ; new requests will connect. The following parameter are used:
64 ; pm.max_children - the maximum number of children that
65 ; can be alive at the same time.
66 ; pm.process_idle_timeout - The number of seconds after which
67 ; an idle process will be killed.
68 ; Note: This value is mandatory.
69 pm = ondemand
70
71 ; The number of child processes to be created when pm is set to 'static' and the
72 ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
73 ; This value sets the limit on the number of simultaneous requests that will be
74 ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
75 ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
76 ; CGI. The below defaults are based on a server without much resources. Don't
77 ; forget to tweak pm.* to fit your needs.
78 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
79 ; Note: This value is mandatory.
80 pm.max_children = 10
81
82 ; The number of child processes created on startup.
83 ; Note: Used only when pm is set to 'dynamic'
84 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
85 pm.start_servers = 1
86
87 ; The desired minimum number of idle server processes.
88 ; Note: Used only when pm is set to 'dynamic'
89 ; Note: Mandatory when pm is set to 'dynamic'
90 pm.min_spare_servers = 1
91
92 ; The desired maximum number of idle server processes.
93 ; Note: Used only when pm is set to 'dynamic'
94 ; Note: Mandatory when pm is set to 'dynamic'
95 pm.max_spare_servers = 3
96
97 ; The number of seconds after which an idle process will be killed.
98 ; Note: Used only when pm is set to 'ondemand'
99 ; Default Value: 10s
100 ;pm.process_idle_timeout = 10s;
101
102 ; The number of requests each child process should execute before respawning.
103 ; This can be useful to work around memory leaks in 3rd party libraries. For
104 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
105 ; Default Value: 0
106 ;pm.max_requests = 500
107
108 ; The URI to view the FPM status page. If this value is not set, no URI will be
109 ; recognized as a status page. It shows the following informations:
110 ; pool - the name of the pool;
111 ; process manager - static, dynamic or ondemand;
112 ; start time - the date and time FPM has started;
113 ; start since - number of seconds since FPM has started;
114 ; accepted conn - the number of request accepted by the pool;
115 ; listen queue - the number of request in the queue of pending
116 ; connections (see backlog in listen(2));
117 ; max listen queue - the maximum number of requests in the queue
118 ; of pending connections since FPM has started;
119 ; listen queue len - the size of the socket queue of pending connections;
120 ; idle processes - the number of idle processes;
121 ; active processes - the number of active processes;
122 ; total processes - the number of idle + active processes;
123 ; max active processes - the maximum number of active processes since FPM
124 ; has started;
125 ; max children reached - number of times, the process limit has been reached,
126 ; when pm tries to start more children (works only for
127 ; pm 'dynamic' and 'ondemand');
128 ; Value are updated in real time.
129 ; Example output:
130 ; pool: www
131 ; process manager: static
132 ; start time: 01/Jul/2011:17:53:49 +0200
133 ; start since: 62636
134 ; accepted conn: 190460
135 ; listen queue: 0
136 ; max listen queue: 1
137 ; listen queue len: 42
138 ; idle processes: 4
139 ; active processes: 11
140 ; total processes: 15
141 ; max active processes: 12
142 ; max children reached: 0
143 ;
144 ; By default the status page output is formatted as text/plain. Passing either
145 ; 'html', 'xml' or 'json' in the query string will return the corresponding
146 ; output syntax. Example:
147 ; http://www.foo.bar/status
148 ; http://www.foo.bar/status?json
149 ; http://www.foo.bar/status?html
150 ; http://www.foo.bar/status?xml
151 ;
152 ; By default the status page only outputs short status. Passing 'full' in the
153 ; query string will also return status for each pool process.
154 ; Example:
155 ; http://www.foo.bar/status?full
156 ; http://www.foo.bar/status?json&full
157 ; http://www.foo.bar/status?html&full
158 ; http://www.foo.bar/status?xml&full
159 ; The Full status returns for each process:
160 ; pid - the PID of the process;
161 ; state - the state of the process (Idle, Running, ...);
162 ; start time - the date and time the process has started;
163 ; start since - the number of seconds since the process has started;
164 ; requests - the number of requests the process has served;
165 ; request duration - the duration in µs of the requests;
166 ; request method - the request method (GET, POST, ...);
167 ; request URI - the request URI with the query string;
168 ; content length - the content length of the request (only with POST);
169 ; user - the user (PHP_AUTH_USER) (or '-' if not set);
170 ; script - the main script called (or '-' if not set);
171 ; last request cpu - the %cpu the last request consumed
172 ; it's always 0 if the process is not in Idle state
173 ; because CPU calculation is done when the request
174 ; processing has terminated;
175 ; last request memory - the max amount of memory the last request consumed
176 ; it's always 0 if the process is not in Idle state
177 ; because memory calculation is done when the request
178 ; processing has terminated;
179 ; If the process is in Idle state, then informations are related to the
180 ; last request the process has served. Otherwise informations are related to
181 ; the current request being served.
182 ; Example output:
183 ; ************************
184 ; pid: 31330
185 ; state: Running
186 ; start time: 01/Jul/2011:17:53:49 +0200
187 ; start since: 63087
188 ; requests: 12808
189 ; request duration: 1250261
190 ; request method: GET
191 ; request URI: /test_mem.php?N=10000
192 ; content length: 0
193 ; user: -
194 ; script: /home/fat/web/docs/php/test_mem.php
195 ; last request cpu: 0.00
196 ; last request memory: 0
197 ;
198 ; Note: There is a real-time FPM status monitoring sample web page available
199 ; It's available in: ${prefix}/share/fpm/status.html
200 ;
201 ; Note: The value must start with a leading slash (/). The value can be
202 ; anything, but it may not be a good idea to use the .php extension or it
203 ; may conflict with a real PHP file.
204 ; Default Value: not set
205 ;pm.status_path = /status
206
207 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
208 ; URI will be recognized as a ping page. This could be used to test from outside
209 ; that FPM is alive and responding, or to
210 ; - create a graph of FPM availability (rrd or such);
211 ; - remove a server from a group if it is not responding (load balancing);
212 ; - trigger alerts for the operating team (24/7).
213 ; Note: The value must start with a leading slash (/). The value can be
214 ; anything, but it may not be a good idea to use the .php extension or it
215 ; may conflict with a real PHP file.
216 ; Default Value: not set
217 ;ping.path = /ping
218
219 ; This directive may be used to customize the response of a ping request. The
220 ; response is formatted as text/plain with a 200 response code.
221 ; Default Value: pong
222 ;ping.response = pong
223
224 ; The access log file
225 ; Default: not set
226 ;access.log = log/$pool.access.log
227
228 ; The access log format.
229 ; The following syntax is allowed
230 ; %%: the '%' character
231 ; %C: %CPU used by the request
232 ; it can accept the following format:
233 ; - %{user}C for user CPU only
234 ; - %{system}C for system CPU only
235 ; - %{total}C for user + system CPU (default)
236 ; %d: time taken to serve the request
237 ; it can accept the following format:
238 ; - %{seconds}d (default)
239 ; - %{miliseconds}d
240 ; - %{mili}d
241 ; - %{microseconds}d
242 ; - %{micro}d
243 ; %e: an environment variable (same as $_ENV or $_SERVER)
244 ; it must be associated with embraces to specify the name of the env
245 ; variable. Some exemples:
246 ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
247 ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
248 ; %f: script filename
249 ; %l: content-length of the request (for POST request only)
250 ; %m: request method
251 ; %M: peak of memory allocated by PHP
252 ; it can accept the following format:
253 ; - %{bytes}M (default)
254 ; - %{kilobytes}M
255 ; - %{kilo}M
256 ; - %{megabytes}M
257 ; - %{mega}M
258 ; %n: pool name
259 ; %o: ouput header
260 ; it must be associated with embraces to specify the name of the header:
261 ; - %{Content-Type}o
262 ; - %{X-Powered-By}o
263 ; - %{Transfert-Encoding}o
264 ; - ....
265 ; %p: PID of the child that serviced the request
266 ; %P: PID of the parent of the child that serviced the request
267 ; %q: the query string
268 ; %Q: the '?' character if query string exists
269 ; %r: the request URI (without the query string, see %q and %Q)
270 ; %R: remote IP address
271 ; %s: status (response code)
272 ; %t: server time the request was received
273 ; it can accept a strftime(3) format:
274 ; %d/%b/%Y:%H:%M:%S %z (default)
275 ; %T: time the log has been written (the request has finished)
276 ; it can accept a strftime(3) format:
277 ; %d/%b/%Y:%H:%M:%S %z (default)
278 ; %u: remote user
279 ;
280 ; Default: "%R - %u %t \"%m %r\" %s"
281 ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
282
283 ; The log file for slow requests
284 ; Default Value: not set
285 ; Note: slowlog is mandatory if request_slowlog_timeout is set
286 ;slowlog = log/$pool.log.slow
287
288 ; The timeout for serving a single request after which a PHP backtrace will be
289 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
290 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
291 ; Default Value: 0
292 ;request_slowlog_timeout = 0
293
294 ; The timeout for serving a single request after which the worker process will
295 ; be killed. This option should be used when the 'max_execution_time' ini option
296 ; does not stop script execution for some reason. A value of '0' means 'off'.
297 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
298 ; Default Value: 0
299 ;request_terminate_timeout = 0
300
301 ; Set open file descriptor rlimit.
302 ; Default Value: system defined value
303 ;rlimit_files = 1024
304
305 ; Set max core size rlimit.
306 ; Possible Values: 'unlimited' or an integer greater or equal to 0
307 ; Default Value: system defined value
308 ;rlimit_core = 0
309
310 ; Chroot to this directory at the start. This value must be defined as an
311 ; absolute path. When this value is not set, chroot is not used.
312 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
313 ; of its subdirectories. If the pool prefix is not set, the global prefix
314 ; will be used instead.
315 ; Note: chrooting is a great security feature and should be used whenever
316 ; possible. However, all PHP paths will be relative to the chroot
317 ; (error_log, sessions.save_path, ...).
318 ; Default Value: not set
319 ; chroot = $prefix
320
321 ; Chdir to this directory at the start.
322 ; Note: relative path can be used.
323 ; Default Value: current directory or / when chroot
324 ; chdir = /
325
326 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
327 ; stderr will be redirected to /dev/null according to FastCGI specs.
328 ; Note: on highloaded environement, this can cause some delay in the page
329 ; process time (several ms).
330 ; Default Value: no
331 ;catch_workers_output = yes
332
333 ; Limits the extensions of the main script FPM will allow to parse. This can
334 ; prevent configuration mistakes on the web server side. You should only limit
335 ; FPM to .php extensions to prevent malicious users to use other extensions to
336 ; exectute php code.
337 ; Note: set an empty value to allow all extensions.
338 ; Default Value: .php
339 ;security.limit_extensions = .php .php3 .php4 .php5
340
341 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
342 ; the current environment.
343 ; Default Value: clean env
344 ;env[HOSTNAME] = $HOSTNAME
345 ;env[PATH] = /usr/local/bin:/usr/bin:/bin
346 ;env[TMP] = /tmp
347 ;env[TMPDIR] = /tmp
348 ;env[TEMP] = /tmp
349
350 ; Additional php.ini defines, specific to this pool of workers. These settings
351 ; overwrite the values previously defined in the php.ini. The directives are the
352 ; same as the PHP SAPI:
353 ; php_value/php_flag - you can set classic ini defines which can
354 ; be overwritten from PHP call 'ini_set'.
355 ; php_admin_value/php_admin_flag - these directives won't be overwritten by
356 ; PHP call 'ini_set'
357 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
358
359 ; Defining 'extension' will load the corresponding shared extension from
360 ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
361 ; overwrite previously defined php.ini values, but will append the new value
362 ; instead.
363
364 ; Note: path INI options can be relative and will be expanded with the prefix
365 ; (pool, global or /usr)
366
367 ; Default Value: nothing is defined by default except the values in php.ini and
368 ; specified at startup with the -d argument
369 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
370 ;php_flag[display_errors] = off
371 ;php_admin_value[error_log] = /var/log/php5-fpm/error.log
372 php_admin_value[error_log] = /dev/stderr
373 php_admin_flag[log_errors] = on
374 ;php_admin_value[memory_limit] = 32M
...@@ -2,9 +2,20 @@ ...@@ -2,9 +2,20 @@
2 2
3 set -e 3 set -e
4 apt-get update 4 apt-get update
5 apt-get install -y ssmtp sudo $NODE_EXTRA_PACKAGES 5 apt-get install -y apt-transport-https gnupg
6 #npm install -g gulp grunt 6 cp /tmp/files/nodesource.list /etc/apt/sources.list.d
7 cp /tmp/files/nodesource.gpg.key /etc/apt/trusted.gpg.d/nodesource.asc
8 apt-get update
9
10 apt-get install -y ssmtp sudo nodejs npm $NODE_EXTRA_PACKAGES
11
12 if ! [ "z$NPM_GLOBAL_INSTALL" = "z" ]; then
13 npm install -g $NPM_GLOBAL_INSTALL
14 fi
15
16 addgroup node
17 adduser --gecos 'node' --ingroup node --disabled-password node
7 18
8 cp /tmp/files/entrypoint /root/entrypoint 19 cp /tmp/files/entrypoint /sbin/entrypoint
9 20
10 rm -rf /tmp/files 21 rm -rf /tmp/files
......
...@@ -4,14 +4,24 @@ set -ex ...@@ -4,14 +4,24 @@ set -ex
4 4
5 node_home="$(getent passwd node | cut -f 6 -d :)" 5 node_home="$(getent passwd node | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group node | cut -f 3 -d :)
9 groupmod -g $GID node 8 groupmod -g $GID node
10 find "$node_home" -gid $old_gid -print0 | xargs -0r chgrp node
11 fi 9 fi
12 if [[ $UID ]]; then 10 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID node 11 usermod -u $UID node
14 fi 12 fi
13
14 find "$node_home" \
15 '(' -not -user node -a -not -group node -exec chown node:node '{}' + ')' -o \
16 '(' -not -user node -exec chown node '{}' + ')' -o \
17 '(' -not -group node -exec chgrp node '{}' + ')' -o \
18 -true
19
20 npm -g config set http_proxy "$http_proxy"
21 npm -g config set https_proxy "$http_proxy"
22 sudo -u node npm config set http_proxy "$http_proxy"
23 sudo -u node npm config set https_proxy "$http_proxy"
24
15 if [[ -e package.json ]]; then 25 if [[ -e package.json ]]; then
16 sudo -u node npm install 26 sudo -u node npm install
17 fi 27 fi
......
1 -----BEGIN PGP PUBLIC KEY BLOCK-----
2 Version: GnuPG v1
3 Comment: GPGTools - https://gpgtools.org
4
5 mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+
6 W6DHY3kK3a+2bxrax9EqKe7uxkSKf95gfns+I9+R+RJfRpb1qvljURr54y35IZgs
7 fMG22Np+TmM2RLgdFCZa18h0+RbH9i0b+ZrB9XPZmLb/h9ou7SowGqQ3wwOtT3Vy
8 qmif0A2GCcjFTqWW6TXaY8eZJ9BCEqW3k/0Cjw7K/mSy/utxYiUIvZNKgaG/P8U7
9 89QyvxeRxAf93YFAVzMXhoKxu12IuH4VnSwAfb8gQyxKRyiGOUwk0YoBPpqRnMmD
10 Dl7SdmY3oQHEJzBelTMjTM8AjbB9mWoPBX5G8t4u47/FZ6PgdfmRg9hsKXhkLJc7
11 C1btblOHNgDx19fzASWX+xOjZiKpP6MkEEzq1bilUFul6RDtxkTWsTa5TGixgCB/
12 G2fK8I9JL/yQhDc6OGY9mjPOxMb5PgUlT8ox3v8wt25erWj9z30QoEBwfSg4tzLc
13 Jq6N/iepQemNfo6Is+TG+JzI6vhXjlsBm/Xmz0ZiFPPObAH/vGCY5I6886vXQ7ft
14 qWHYHT8jz/R4tigMGC+tvZ/kcmYBsLCCI5uSEP6JJRQQhHrCvOX0UaytItfsQfLm
15 EYRd2F72o1yGh3yvWWfDIBXRmaBuIGXGpajC0JyBGSOWb9UxMNZY/2LJEwARAQAB
16 tB9Ob2RlU291cmNlIDxncGdAbm9kZXNvdXJjZS5jb20+iQI4BBMBAgAiBQJTmyS2
17 AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWVaCraFdigHTmD/9OKhUy
18 jJ+h8gMRg6ri5EQxOExccSRU0i7UHktecSs0DVC4lZG9AOzBe+Q36cym5Z1di6JQ
19 kHl69q3zBdV3KTW+H1pdmnZlebYGz8paG9iQ/wS9gpnSeEyx0Enyi167Bzm0O4A1
20 GK0prkLnz/yROHHEfHjsTgMvFwAnf9uaxwWgE1d1RitIWgJpAnp1DZ5O0uVlsPPm
21 XAhuBJ32mU8S5BezPTuJJICwBlLYECGb1Y65Cil4OALU7T7sbUqfLCuaRKxuPtcU
22 VnJ6/qiyPygvKZWhV6Od0Yxlyed1kftMJyYoL8kPHfeHJ+vIyt0s7cropfiwXoka
23 1iJB5nKyt/eqMnPQ9aRpqkm9ABS/r7AauMA/9RALudQRHBdWIzfIg0Mlqb52yyTI
24 IgQJHNGNX1T3z1XgZhI+Vi8SLFFSh8x9FeUZC6YJu0VXXj5iz+eZmk/nYjUt4Mtc
25 pVsVYIB7oIDIbImODm8ggsgrIzqxOzQVP1zsCGek5U6QFc9GYrQ+Wv3/fG8hfkDn
26 xXLww0OGaEQxfodm8cLFZ5b8JaG3+Yxfe7JkNclwvRimvlAjqIiW5OK0vvfHco+Y
27 gANhQrlMnTx//IdZssaxvYytSHpPZTYw+qPEjbBJOLpoLrz8ZafN1uekpAqQjffI
28 AOqW9SdIzq/kSHgl0bzWbPJPw86XzzftewjKNbkCDQRTmyS2ARAAxSSdQi+WpPQZ
29 fOflkx9sYJa0cWzLl2w++FQnZ1Pn5F09D/kPMNh4qOsyvXWlekaV/SseDZtVziHJ
30 Km6V8TBG3flmFlC3DWQfNNFwn5+pWSB8WHG4bTA5RyYEEYfpbekMtdoWW/Ro8Kmh
31 41nuxZDSuBJhDeFIp0ccnN2Lp1o6XfIeDYPegyEPSSZqrudfqLrSZhStDlJgXjea
32 JjW6UP6txPtYaaila9/Hn6vF87AQ5bR2dEWB/xRJzgNwRiax7KSU0xca6xAuf+TD
33 xCjZ5pp2JwdCjquXLTmUnbIZ9LGV54UZ/MeiG8yVu6pxbiGnXo4Ekbk6xgi1ewLi
34 vGmz4QRfVklV0dba3Zj0fRozfZ22qUHxCfDM7ad0eBXMFmHiN8hg3IUHTO+UdlX/
35 aH3gADFAvSVDv0v8t6dGc6XE9Dr7mGEFnQMHO4zhM1HaS2Nh0TiL2tFLttLbfG5o
36 QlxCfXX9/nasj3K9qnlEg9G3+4T7lpdPmZRRe1O8cHCI5imVg6cLIiBLPO16e0fK
37 yHIgYswLdrJFfaHNYM/SWJxHpX795zn+iCwyvZSlLfH9mlegOeVmj9cyhN/VOmS3
38 QRhlYXoA2z7WZTNoC6iAIlyIpMTcZr+ntaGVtFOLS6fwdBqDXjmSQu66mDKwU5Ek
39 fNlbyrpzZMyFCDWEYo4AIR/18aGZBYUAEQEAAYkCHwQYAQIACQUCU5sktgIbDAAK
40 CRAWVaCraFdigIPQEACcYh8rR19wMZZ/hgYv5so6Y1HcJNARuzmffQKozS/rxqec
41 0xM3wceL1AIMuGhlXFeGd0wRv/RVzeZjnTGwhN1DnCDy1I66hUTgehONsfVanuP1
42 PZKoL38EAxsMzdYgkYH6T9a4wJH/IPt+uuFTFFy3o8TKMvKaJk98+Jsp2X/QuNxh
43 qpcIGaVbtQ1bn7m+k5Qe/fz+bFuUeXPivafLLlGc6KbdgMvSW9EVMO7yBy/2JE15
44 ZJgl7lXKLQ31VQPAHT3an5IV2C/ie12eEqZWlnCiHV/wT+zhOkSpWdrheWfBT+ac
45 hR4jDH80AS3F8jo3byQATJb3RoCYUCVc3u1ouhNZa5yLgYZ/iZkpk5gKjxHPudFb
46 DdWjbGflN9k17VCf4Z9yAb9QMqHzHwIGXrb7ryFcuROMCLLVUp07PrTrRxnO9A/4
47 xxECi0l/BzNxeU1gK88hEaNjIfviPR/h6Gq6KOcNKZ8rVFdwFpjbvwHMQBWhrqfu
48 G3KaePvbnObKHXpfIKoAM7X2qfO+IFnLGTPyhFTcrl6vZBTMZTfZiC1XDQLuGUnd
49 sckuXINIU3DFWzZGr0QrqkuE/jyr7FXeUJj9B7cLo+s/TXo+RaVfi3kOc9BoxIvy
50 /qiNGs/TKy2/Ujqp/affmIMoMXSozKmga81JSwkADO1JMgUy6dApXz9kP4EE3g==
51 =CLGF
52 -----END PGP PUBLIC KEY BLOCK-----
1 deb https://deb.nodesource.com/node_8.x stretch main
1 FROM debian:stretch 1 FROM debian:stretch-slim
2 2
3 ARG PHPFPM_EXTRA_PACKAGES 3 ARG PHPFPM_EXTRA_PACKAGES
4 4
...@@ -8,5 +8,5 @@ RUN /tmp/files/configure ...@@ -8,5 +8,5 @@ RUN /tmp/files/configure
8 ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp 8 ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp
9 RUN ["chmod", "755", "/usr/local/bin/wp"] 9 RUN ["chmod", "755", "/usr/local/bin/wp"]
10 10
11 ENTRYPOINT ["/root/entrypoint"] 11 ENTRYPOINT ["/sbin/entrypoint"]
12 CMD ["/usr/sbin/php-fpm7.0", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"] 12 CMD ["/usr/sbin/php-fpm7.0", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"]
......
...@@ -7,7 +7,7 @@ apt-get install -y sudo ssmtp php7.0-fpm php7.0-mysql php7.0-curl php7.0-imagick ...@@ -7,7 +7,7 @@ apt-get install -y sudo ssmtp php7.0-fpm php7.0-mysql php7.0-curl php7.0-imagick
7 rm /etc/php/7.0/fpm/pool.d/www.conf 7 rm /etc/php/7.0/fpm/pool.d/www.conf
8 cp -a /tmp/files/app-defaults.conf /etc/php/7.0/fpm 8 cp -a /tmp/files/app-defaults.conf /etc/php/7.0/fpm
9 9
10 cp /tmp/files/entrypoint /root/entrypoint 10 cp /tmp/files/entrypoint /sbin/entrypoint
11 11
12 addgroup hostgroup 12 addgroup hostgroup
13 adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser 13 adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser
......
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $GID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 mkdir -p /run/php 15 mkdir -p /run/php
......
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 15
......
1 FROM debian:stretch-slim
2
3 ARG POSTGRESQL_EXTRA_PACKAGES
4
5 COPY files/ /tmp/files
6 RUN /tmp/files/configure
7
8 ENTRYPOINT ["/sbin/entrypoint"]
9 CMD ["pg_ctlcluster", "9.6", "main", "start", "--foreground"]
1 #!/bin/sh
2
3 set -e
4
5 mkdir /usr/share/man/man1 /usr/share/man/man7
6 cp /tmp/files/no-suggests-recommends.conf /etc/apt/apt.conf.d/no-suggests-recommends
7 apt-get update
8 apt-get install -y postgresql-9.6 \
9 $POSTGRESQL_EXTRA_PACKAGES \
10 && true
11
12 rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
13
14 mkdir /var/lib/container
15 tar -cC /var/lib/postgresql/ . | gzip -9v > /var/lib/container/var_lib_postgresql.tar.gz
16 rm -rf /var/lib/postgresql
17 mkdir /var/lib/postgresql
18
19 cp -a /tmp/files/entrypoint /sbin
20
21 rm -rf /tmp/files
1 #!/bin/bash
2
3 set -ex
4
5 if [[ $(find /var/lib/postgresql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
6 zcat /var/lib/container/var_lib_postgresql.tar.gz | tar xf - -C /var/lib/postgresql
7 fi
8
9 postgres_home="$(getent passwd postgres | cut -f 6 -d :)"
10
11 if [[ $GID && $GID -ne 0 ]]; then
12 old_gid=$(getent group postgres | cut -f 3 -d :)
13 groupmod -g $GID postgres
14 find "$postgres_home" /etc/postgresql /var/run/postgresql -gid $old_gid -print0 | xargs -0r chgrp postgres
15 fi
16
17 if [[ $UID && $UID -ne 0 ]]; then
18 old_uid=$(getent passwd postgres | cut -f 3 -d :)
19 usermod -u $UID postgres
20 find /etc/postgresql /var/run/postgresql -uid $old_uid -print0 | xargs -0r chown postgres
21 fi
22
23 exec "$@"
1 APT::Install-Suggests false;
2 APT::Install-Recommends false;
1 FROM debian:stretch-slim
2
3 COPY files/ /tmp/files/
4 RUN /tmp/files/configure
5
6 ENTRYPOINT ["/sbin/entrypoint"]
7 VOLUME "/data"
8 CMD ["sudo", "-u", "redis", "redis-server", "/etc/redis/redis.conf"],
1 #!/bin/sh
2
3 set -e
4 apt-get update
5 apt-get install -y sudo ssmtp redis-server
6
7 cp /tmp/files/entrypoint /sbin/entrypoint
8
9 rm -rf /tmp/files
1 #!/bin/bash
2
3 set -ex
4
5 TARGET_GROUP=redis
6 TARGET_USER=redis
7
8 target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
9
10 if [[ $GID && $GID -ne 0 ]]; then
11 groupmod -g $GID "$TARGET_GROUP"
12 fi
13 if [[ $UID && $UID -ne 0 ]]; then
14 usermod -u $UID "$TARGET_USER"
15 fi
16
17 find "$target_home" \
18 '(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
19 '(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
20 '(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
21 -true
22
23 exec "$@"
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 15
......