Merge branch 'master' of gitlab.brainfood.com:brainfood/docker-image-recipes
Showing
33 changed files
with
412 additions
and
401 deletions
LICENSE
0 → 100644
1 | The MIT License (MIT) | ||
2 | |||
3 | Copyright (c) 2017 brainfood.com | ||
4 | |||
5 | Permission is hereby granted, free of charge, to any person obtaining a copy | ||
6 | of this software and associated documentation files (the "Software"), to deal | ||
7 | in the Software without restriction, including without limitation the rights | ||
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
9 | copies of the Software, and to permit persons to whom the Software is | ||
10 | furnished to do so, subject to the following conditions: | ||
11 | |||
12 | The above copyright notice and this permission notice shall be included in all | ||
13 | copies or substantial portions of the Software. | ||
14 | |||
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
21 | SOFTWARE. |
README
0 → 100644
1 | This repository contains a series of simple docker image recipes. These are | ||
2 | meant to be referenced via docker-compose, and built for each project | ||
3 | separately. No sharing of images. This provides sanity for each project, as | ||
4 | you don't have to worry about an image changing underneath you. It also means | ||
5 | that you can be certain you can rebuild on your own whenever the situation | ||
6 | calls for it. | ||
7 | |||
8 | Here are the best practices in these files: | ||
9 | |||
10 | * Generally, any image listed here should run without any external | ||
11 | dependencies. No includes from other images, etc. This makes it easier to | ||
12 | understand and extend. | ||
13 | |||
14 | * Each Dockerfile is designed to have minimal layers. This makes rebuilds | ||
15 | faster, as there are less docker-runs. It also makes many things easier to | ||
16 | accomplish, as there is a real shell script that can do sophisticated | ||
17 | things. | ||
18 | |||
19 | * Images also tend to make use of standard, unmodified debian packages. Let | ||
20 | someone else do the hard-work of system integration, while these recipes | ||
21 | then just do slight tweaks. | ||
22 | |||
23 | * Any files that need to be shared between a host and a container should make | ||
24 | use of UID/GID being sent in from the host. The daemon in the container | ||
25 | should run as the UID/GID, and it's files changed to have that ownership. | ||
26 | |||
27 | During entrypoint, the target container user is then modified to have the | ||
28 | correct uid/gid setting. If there is no target user, then one should be | ||
29 | added during the image build, generally calling it hostuser/hostgroup. | ||
30 | |||
31 | * Daemons that have complex binary file setups should have those files created | ||
32 | during image build, then the entire structure placed in a tarball. The | ||
33 | entrypoint can then extract this seed tarball, but only if the target | ||
34 | directory is empty. This allows for the volume mounting of these | ||
35 | directories from the host. Make certain the uid/gid mapping is sane when | ||
36 | this occurs. |
... | @@ -4,12 +4,12 @@ set -ex | ... | @@ -4,12 +4,12 @@ set -ex |
4 | 4 | ||
5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" | 5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" |
6 | 6 | ||
7 | if [[ $GID ]]; then | 7 | if [[ $GID && $GID -ne 0 ]]; then |
8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) | 8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) |
9 | groupmod -g $GID hostgroup | 9 | groupmod -g $GID hostgroup |
10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup | 10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup |
11 | fi | 11 | fi |
12 | if [[ $UID ]]; then | 12 | if [[ $UID && $UID -ne 0 ]]; then |
13 | usermod -u $UID hostuser | 13 | usermod -u $UID hostuser |
14 | fi | 14 | fi |
15 | 15 | ... | ... |
java/Dockerfile
0 → 100644
java/files/configure
0 → 100755
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | apt-get update | ||
5 | mkdir -p /usr/share/man/man1 | ||
6 | apt-get install -y ssmtp sudo openjdk-8-jdk $JAVA_EXTRA_PACKAGES | ||
7 | |||
8 | cp /tmp/files/entrypoint /sbin/entrypoint | ||
9 | |||
10 | addgroup hostgroup | ||
11 | adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser | ||
12 | |||
13 | rm -rf /tmp/files |
java/files/entrypoint
0 → 100755
1 | #!/bin/bash | ||
2 | |||
3 | set -ex | ||
4 | |||
5 | TARGET_USER=hostuser | ||
6 | TARGET_GROUP=hostgroup | ||
7 | |||
8 | target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)" | ||
9 | |||
10 | if [[ $GID && $GID -ne 0 ]]; then | ||
11 | groupmod -g $GID "$TARGET_GROUP" | ||
12 | fi | ||
13 | if [[ $UID && $UID -ne 0 ]]; then | ||
14 | usermod -u $UID "$TARGET_USER" | ||
15 | fi | ||
16 | |||
17 | find "$target_home" \ | ||
18 | '(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \ | ||
19 | '(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \ | ||
20 | '(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \ | ||
21 | -true | ||
22 | |||
23 | if [[ $http_proxy =~ ^([^:]+)://([^/:]*)(:([0-9]+?))?(/.*)?$ ]]; then | ||
24 | http_proxy_protocol="${BASH_REMATCH[1]}" | ||
25 | http_proxy_domain="${BASH_REMATCH[2]}" | ||
26 | http_proxy_port="${BASH_REMATCH[4]}" | ||
27 | fi | ||
28 | |||
29 | if [[ $http_proxy ]]; then | ||
30 | mkdir -p "$target_home/.m2" | ||
31 | cat > "$target_home/.m2/settings.xml" << _EOF_ | ||
32 | <settings> | ||
33 | <proxies> | ||
34 | <proxy> | ||
35 | <id>app-build-proxy</id> | ||
36 | <active>true</active> | ||
37 | <protocol>${http_proxy_protocol}</protocol> | ||
38 | <host>${http_proxy_domain}</host> | ||
39 | <port>${http_proxy_port}</port> | ||
40 | </proxy> | ||
41 | </proxies> | ||
42 | </settings> | ||
43 | _EOF_ | ||
44 | fi | ||
45 | |||
46 | exec "$@" |
mongodb/Dockerfile
0 → 100644
mongodb/files/configure
0 → 100755
mongodb/files/entrypoint
0 → 100755
1 | #!/bin/bash | ||
2 | |||
3 | set -ex | ||
4 | |||
5 | TARGET_USER=mongodb | ||
6 | TARGET_GROUP=mongodb | ||
7 | |||
8 | target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)" | ||
9 | |||
10 | if [[ $GID && $GID -ne 0 ]]; then | ||
11 | groupmod -g $GID "$TARGET_GROUP" | ||
12 | fi | ||
13 | if [[ $UID && $UID -ne 0 ]]; then | ||
14 | usermod -u $UID "$TARGET_USER" | ||
15 | fi | ||
16 | |||
17 | find "$target_home" \ | ||
18 | '(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \ | ||
19 | '(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \ | ||
20 | '(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \ | ||
21 | -true | ||
22 | |||
23 | exec "$@" |
mysql/Dockerfile
0 → 100644
mysql/files/configure
0 → 100755
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | apt-get update | ||
5 | apt-get install -y ssmtp mysql-server | ||
6 | |||
7 | mkdir /var/lib/container | ||
8 | tar -cC /var/lib/mysql/ . | gzip -9v > /var/lib/container/var_lib_mysql.tar.gz | ||
9 | rm -rf /var/lib/mysql | ||
10 | mkdir /var/lib/mysql | ||
11 | |||
12 | cp -a /tmp/files/entrypoint /sbin | ||
13 | |||
14 | rm -rf /tmp/files |
mysql/files/entrypoint
0 → 100755
1 | #!/bin/bash | ||
2 | |||
3 | set -ex | ||
4 | |||
5 | _mysql() { | ||
6 | mysqld_safe "$@" | ||
7 | } | ||
8 | |||
9 | if [[ $GID && $GID -ne 0 ]]; then | ||
10 | old_gid=$(getent group mysql | cut -f 3 -d :) | ||
11 | groupmod -g $GID mysql | ||
12 | fi | ||
13 | |||
14 | if [[ $UID && $UID -ne 0 ]]; then | ||
15 | usermod -u $UID mysql | ||
16 | fi | ||
17 | |||
18 | if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then | ||
19 | mkdir -p /var/lib/mysql | ||
20 | zcat /var/lib/container/var_lib_mysql.tar.gz | tar -C /var/lib/mysql -xf - | ||
21 | fi | ||
22 | |||
23 | declare -i i=0 | ||
24 | mysqld_safe --skip-networking & | ||
25 | while eval [[ \$DB_INFO_$i ]]; do | ||
26 | IFS=: eval declare -a DB_INFO=\(\$DB_INFO_$i\) | ||
27 | echo "database=${DB_INFO[0]} user=${DB_INFO[1]} password=${DB_INFO[2]}" 1>&2 | ||
28 | mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "CREATE DATABASE IF NOT EXISTS \`${DB_INFO[0]}\` DEFAULT CHARACTER SET \`utf8mb4\` COLLATE \`utf8mb4_ci\`;" | ||
29 | mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "GRANT ALL PRIVILEGES ON \`${DB_INFO[0]}\`.* TO '${DB_INFO[1]}' IDENTIFIED BY '${DB_INFO[2]}';" | ||
30 | i=$(($i + 1)) | ||
31 | done | ||
32 | mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "shutdown;" | ||
33 | wait | ||
34 | |||
35 | exec "$@" |
1 | FROM debian:stretch | 1 | FROM debian:stretch-slim |
2 | 2 | ||
3 | ARG NGINX_EXTRA_PACKAGES | 3 | ARG NGINX_EXTRA_PACKAGES |
4 | 4 | ||
5 | COPY files/ /tmp/files/ | 5 | COPY files/ /tmp/files/ |
6 | RUN /tmp/files/configure | 6 | RUN /tmp/files/configure |
7 | 7 | ||
8 | ENTRYPOINT ["/sbin/entrypoint.sh"] | 8 | ENTRYPOINT ["/sbin/entrypoint"] |
9 | CMD ["nginx", "-g", "daemon off;"] | 9 | CMD ["nginx", "-g", "daemon off;"] | ... | ... |
... | @@ -4,6 +4,6 @@ set -e | ... | @@ -4,6 +4,6 @@ set -e |
4 | apt-get update | 4 | apt-get update |
5 | apt-get install -y ssmtp nginx libnginx-mod-http-subs-filter $NGINX_EXTRA_PACKAGES | 5 | apt-get install -y ssmtp nginx libnginx-mod-http-subs-filter $NGINX_EXTRA_PACKAGES |
6 | rm /etc/nginx/sites-enabled/default | 6 | rm /etc/nginx/sites-enabled/default |
7 | cp -a /tmp/files/entrypoint.sh /sbin | 7 | cp -a /tmp/files/entrypoint /sbin |
8 | 8 | ||
9 | rm -rf /tmp/files | 9 | rm -rf /tmp/files | ... | ... |
1 | FROM node | 1 | FROM debian:stretch-slim |
2 | 2 | ||
3 | ARG NODE_EXTRA_PACKAGES | 3 | ARG NODE_EXTRA_PACKAGES |
4 | 4 | ||
5 | COPY files/ /tmp/files/ | 5 | COPY files/ /tmp/files/ |
6 | RUN /tmp/files/configure | 6 | RUN /tmp/files/configure |
7 | 7 | ||
8 | #ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp | 8 | ENTRYPOINT ["/sbin/entrypoint"] |
9 | #RUN ["chmod", "755", "/usr/local/bin/wp"] | ||
10 | |||
11 | ENTRYPOINT ["/root/entrypoint"] | ||
12 | #CMD ["/usr/sbin/php5-fpm", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php5/fpm/php-fpm.conf"] | ... | ... |
node/files/app-defaults.conf
deleted
100644 → 0
1 | ; Per pool prefix | ||
2 | ; It only applies on the following directives: | ||
3 | ; - 'slowlog' | ||
4 | ; - 'listen' (unixsocket) | ||
5 | ; - 'chroot' | ||
6 | ; - 'chdir' | ||
7 | ; - 'php_values' | ||
8 | ; - 'php_admin_values' | ||
9 | ; When not set, the global prefix (or /usr) applies instead. | ||
10 | ; Note: This directive can also be relative to the global prefix. | ||
11 | ; Default Value: none | ||
12 | prefix = /srv/$pool | ||
13 | |||
14 | ; The address on which to accept FastCGI requests. | ||
15 | ; Valid syntaxes are: | ||
16 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on | ||
17 | ; a specific port; | ||
18 | ; 'port' - to listen on a TCP socket to all addresses on a | ||
19 | ; specific port; | ||
20 | ; '/path/to/unix/socket' - to listen on a unix socket. | ||
21 | ; Note: This value is mandatory. | ||
22 | listen = 9000 | ||
23 | |||
24 | ; Set listen(2) backlog. | ||
25 | ; Default Value: 128 (-1 on FreeBSD and OpenBSD) | ||
26 | ;listen.backlog = 128 | ||
27 | |||
28 | ; Set permissions for unix socket, if one is used. In Linux, read/write | ||
29 | ; permissions must be set in order to allow connections from a web server. Many | ||
30 | ; BSD-derived systems allow connections regardless of permissions. | ||
31 | ; Default Values: user and group are set as the running user | ||
32 | ; mode is set to 0666 | ||
33 | ;listen.owner = www-data | ||
34 | ;listen.group = www-data | ||
35 | ;listen.mode = 0666 | ||
36 | |||
37 | ; List of ipv4 addresses of FastCGI clients which are allowed to connect. | ||
38 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original | ||
39 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address | ||
40 | ; must be separated by a comma. If this value is left blank, connections will be | ||
41 | ; accepted from any ip address. | ||
42 | ; Default Value: any | ||
43 | ;listen.allowed_clients = 127.0.0.1 | ||
44 | |||
45 | ; Choose how the process manager will control the number of child processes. | ||
46 | ; Possible Values: | ||
47 | ; static - a fixed number (pm.max_children) of child processes; | ||
48 | ; dynamic - the number of child processes are set dynamically based on the | ||
49 | ; following directives. With this process management, there will be | ||
50 | ; always at least 1 children. | ||
51 | ; pm.max_children - the maximum number of children that can | ||
52 | ; be alive at the same time. | ||
53 | ; pm.start_servers - the number of children created on startup. | ||
54 | ; pm.min_spare_servers - the minimum number of children in 'idle' | ||
55 | ; state (waiting to process). If the number | ||
56 | ; of 'idle' processes is less than this | ||
57 | ; number then some children will be created. | ||
58 | ; pm.max_spare_servers - the maximum number of children in 'idle' | ||
59 | ; state (waiting to process). If the number | ||
60 | ; of 'idle' processes is greater than this | ||
61 | ; number then some children will be killed. | ||
62 | ; ondemand - no children are created at startup. Children will be forked when | ||
63 | ; new requests will connect. The following parameter are used: | ||
64 | ; pm.max_children - the maximum number of children that | ||
65 | ; can be alive at the same time. | ||
66 | ; pm.process_idle_timeout - The number of seconds after which | ||
67 | ; an idle process will be killed. | ||
68 | ; Note: This value is mandatory. | ||
69 | pm = ondemand | ||
70 | |||
71 | ; The number of child processes to be created when pm is set to 'static' and the | ||
72 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. | ||
73 | ; This value sets the limit on the number of simultaneous requests that will be | ||
74 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. | ||
75 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP | ||
76 | ; CGI. The below defaults are based on a server without much resources. Don't | ||
77 | ; forget to tweak pm.* to fit your needs. | ||
78 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' | ||
79 | ; Note: This value is mandatory. | ||
80 | pm.max_children = 10 | ||
81 | |||
82 | ; The number of child processes created on startup. | ||
83 | ; Note: Used only when pm is set to 'dynamic' | ||
84 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 | ||
85 | pm.start_servers = 1 | ||
86 | |||
87 | ; The desired minimum number of idle server processes. | ||
88 | ; Note: Used only when pm is set to 'dynamic' | ||
89 | ; Note: Mandatory when pm is set to 'dynamic' | ||
90 | pm.min_spare_servers = 1 | ||
91 | |||
92 | ; The desired maximum number of idle server processes. | ||
93 | ; Note: Used only when pm is set to 'dynamic' | ||
94 | ; Note: Mandatory when pm is set to 'dynamic' | ||
95 | pm.max_spare_servers = 3 | ||
96 | |||
97 | ; The number of seconds after which an idle process will be killed. | ||
98 | ; Note: Used only when pm is set to 'ondemand' | ||
99 | ; Default Value: 10s | ||
100 | ;pm.process_idle_timeout = 10s; | ||
101 | |||
102 | ; The number of requests each child process should execute before respawning. | ||
103 | ; This can be useful to work around memory leaks in 3rd party libraries. For | ||
104 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. | ||
105 | ; Default Value: 0 | ||
106 | ;pm.max_requests = 500 | ||
107 | |||
108 | ; The URI to view the FPM status page. If this value is not set, no URI will be | ||
109 | ; recognized as a status page. It shows the following informations: | ||
110 | ; pool - the name of the pool; | ||
111 | ; process manager - static, dynamic or ondemand; | ||
112 | ; start time - the date and time FPM has started; | ||
113 | ; start since - number of seconds since FPM has started; | ||
114 | ; accepted conn - the number of request accepted by the pool; | ||
115 | ; listen queue - the number of request in the queue of pending | ||
116 | ; connections (see backlog in listen(2)); | ||
117 | ; max listen queue - the maximum number of requests in the queue | ||
118 | ; of pending connections since FPM has started; | ||
119 | ; listen queue len - the size of the socket queue of pending connections; | ||
120 | ; idle processes - the number of idle processes; | ||
121 | ; active processes - the number of active processes; | ||
122 | ; total processes - the number of idle + active processes; | ||
123 | ; max active processes - the maximum number of active processes since FPM | ||
124 | ; has started; | ||
125 | ; max children reached - number of times, the process limit has been reached, | ||
126 | ; when pm tries to start more children (works only for | ||
127 | ; pm 'dynamic' and 'ondemand'); | ||
128 | ; Value are updated in real time. | ||
129 | ; Example output: | ||
130 | ; pool: www | ||
131 | ; process manager: static | ||
132 | ; start time: 01/Jul/2011:17:53:49 +0200 | ||
133 | ; start since: 62636 | ||
134 | ; accepted conn: 190460 | ||
135 | ; listen queue: 0 | ||
136 | ; max listen queue: 1 | ||
137 | ; listen queue len: 42 | ||
138 | ; idle processes: 4 | ||
139 | ; active processes: 11 | ||
140 | ; total processes: 15 | ||
141 | ; max active processes: 12 | ||
142 | ; max children reached: 0 | ||
143 | ; | ||
144 | ; By default the status page output is formatted as text/plain. Passing either | ||
145 | ; 'html', 'xml' or 'json' in the query string will return the corresponding | ||
146 | ; output syntax. Example: | ||
147 | ; http://www.foo.bar/status | ||
148 | ; http://www.foo.bar/status?json | ||
149 | ; http://www.foo.bar/status?html | ||
150 | ; http://www.foo.bar/status?xml | ||
151 | ; | ||
152 | ; By default the status page only outputs short status. Passing 'full' in the | ||
153 | ; query string will also return status for each pool process. | ||
154 | ; Example: | ||
155 | ; http://www.foo.bar/status?full | ||
156 | ; http://www.foo.bar/status?json&full | ||
157 | ; http://www.foo.bar/status?html&full | ||
158 | ; http://www.foo.bar/status?xml&full | ||
159 | ; The Full status returns for each process: | ||
160 | ; pid - the PID of the process; | ||
161 | ; state - the state of the process (Idle, Running, ...); | ||
162 | ; start time - the date and time the process has started; | ||
163 | ; start since - the number of seconds since the process has started; | ||
164 | ; requests - the number of requests the process has served; | ||
165 | ; request duration - the duration in µs of the requests; | ||
166 | ; request method - the request method (GET, POST, ...); | ||
167 | ; request URI - the request URI with the query string; | ||
168 | ; content length - the content length of the request (only with POST); | ||
169 | ; user - the user (PHP_AUTH_USER) (or '-' if not set); | ||
170 | ; script - the main script called (or '-' if not set); | ||
171 | ; last request cpu - the %cpu the last request consumed | ||
172 | ; it's always 0 if the process is not in Idle state | ||
173 | ; because CPU calculation is done when the request | ||
174 | ; processing has terminated; | ||
175 | ; last request memory - the max amount of memory the last request consumed | ||
176 | ; it's always 0 if the process is not in Idle state | ||
177 | ; because memory calculation is done when the request | ||
178 | ; processing has terminated; | ||
179 | ; If the process is in Idle state, then informations are related to the | ||
180 | ; last request the process has served. Otherwise informations are related to | ||
181 | ; the current request being served. | ||
182 | ; Example output: | ||
183 | ; ************************ | ||
184 | ; pid: 31330 | ||
185 | ; state: Running | ||
186 | ; start time: 01/Jul/2011:17:53:49 +0200 | ||
187 | ; start since: 63087 | ||
188 | ; requests: 12808 | ||
189 | ; request duration: 1250261 | ||
190 | ; request method: GET | ||
191 | ; request URI: /test_mem.php?N=10000 | ||
192 | ; content length: 0 | ||
193 | ; user: - | ||
194 | ; script: /home/fat/web/docs/php/test_mem.php | ||
195 | ; last request cpu: 0.00 | ||
196 | ; last request memory: 0 | ||
197 | ; | ||
198 | ; Note: There is a real-time FPM status monitoring sample web page available | ||
199 | ; It's available in: ${prefix}/share/fpm/status.html | ||
200 | ; | ||
201 | ; Note: The value must start with a leading slash (/). The value can be | ||
202 | ; anything, but it may not be a good idea to use the .php extension or it | ||
203 | ; may conflict with a real PHP file. | ||
204 | ; Default Value: not set | ||
205 | ;pm.status_path = /status | ||
206 | |||
207 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no | ||
208 | ; URI will be recognized as a ping page. This could be used to test from outside | ||
209 | ; that FPM is alive and responding, or to | ||
210 | ; - create a graph of FPM availability (rrd or such); | ||
211 | ; - remove a server from a group if it is not responding (load balancing); | ||
212 | ; - trigger alerts for the operating team (24/7). | ||
213 | ; Note: The value must start with a leading slash (/). The value can be | ||
214 | ; anything, but it may not be a good idea to use the .php extension or it | ||
215 | ; may conflict with a real PHP file. | ||
216 | ; Default Value: not set | ||
217 | ;ping.path = /ping | ||
218 | |||
219 | ; This directive may be used to customize the response of a ping request. The | ||
220 | ; response is formatted as text/plain with a 200 response code. | ||
221 | ; Default Value: pong | ||
222 | ;ping.response = pong | ||
223 | |||
224 | ; The access log file | ||
225 | ; Default: not set | ||
226 | ;access.log = log/$pool.access.log | ||
227 | |||
228 | ; The access log format. | ||
229 | ; The following syntax is allowed | ||
230 | ; %%: the '%' character | ||
231 | ; %C: %CPU used by the request | ||
232 | ; it can accept the following format: | ||
233 | ; - %{user}C for user CPU only | ||
234 | ; - %{system}C for system CPU only | ||
235 | ; - %{total}C for user + system CPU (default) | ||
236 | ; %d: time taken to serve the request | ||
237 | ; it can accept the following format: | ||
238 | ; - %{seconds}d (default) | ||
239 | ; - %{miliseconds}d | ||
240 | ; - %{mili}d | ||
241 | ; - %{microseconds}d | ||
242 | ; - %{micro}d | ||
243 | ; %e: an environment variable (same as $_ENV or $_SERVER) | ||
244 | ; it must be associated with embraces to specify the name of the env | ||
245 | ; variable. Some exemples: | ||
246 | ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e | ||
247 | ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e | ||
248 | ; %f: script filename | ||
249 | ; %l: content-length of the request (for POST request only) | ||
250 | ; %m: request method | ||
251 | ; %M: peak of memory allocated by PHP | ||
252 | ; it can accept the following format: | ||
253 | ; - %{bytes}M (default) | ||
254 | ; - %{kilobytes}M | ||
255 | ; - %{kilo}M | ||
256 | ; - %{megabytes}M | ||
257 | ; - %{mega}M | ||
258 | ; %n: pool name | ||
259 | ; %o: ouput header | ||
260 | ; it must be associated with embraces to specify the name of the header: | ||
261 | ; - %{Content-Type}o | ||
262 | ; - %{X-Powered-By}o | ||
263 | ; - %{Transfert-Encoding}o | ||
264 | ; - .... | ||
265 | ; %p: PID of the child that serviced the request | ||
266 | ; %P: PID of the parent of the child that serviced the request | ||
267 | ; %q: the query string | ||
268 | ; %Q: the '?' character if query string exists | ||
269 | ; %r: the request URI (without the query string, see %q and %Q) | ||
270 | ; %R: remote IP address | ||
271 | ; %s: status (response code) | ||
272 | ; %t: server time the request was received | ||
273 | ; it can accept a strftime(3) format: | ||
274 | ; %d/%b/%Y:%H:%M:%S %z (default) | ||
275 | ; %T: time the log has been written (the request has finished) | ||
276 | ; it can accept a strftime(3) format: | ||
277 | ; %d/%b/%Y:%H:%M:%S %z (default) | ||
278 | ; %u: remote user | ||
279 | ; | ||
280 | ; Default: "%R - %u %t \"%m %r\" %s" | ||
281 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" | ||
282 | |||
283 | ; The log file for slow requests | ||
284 | ; Default Value: not set | ||
285 | ; Note: slowlog is mandatory if request_slowlog_timeout is set | ||
286 | ;slowlog = log/$pool.log.slow | ||
287 | |||
288 | ; The timeout for serving a single request after which a PHP backtrace will be | ||
289 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. | ||
290 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) | ||
291 | ; Default Value: 0 | ||
292 | ;request_slowlog_timeout = 0 | ||
293 | |||
294 | ; The timeout for serving a single request after which the worker process will | ||
295 | ; be killed. This option should be used when the 'max_execution_time' ini option | ||
296 | ; does not stop script execution for some reason. A value of '0' means 'off'. | ||
297 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) | ||
298 | ; Default Value: 0 | ||
299 | ;request_terminate_timeout = 0 | ||
300 | |||
301 | ; Set open file descriptor rlimit. | ||
302 | ; Default Value: system defined value | ||
303 | ;rlimit_files = 1024 | ||
304 | |||
305 | ; Set max core size rlimit. | ||
306 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 | ||
307 | ; Default Value: system defined value | ||
308 | ;rlimit_core = 0 | ||
309 | |||
310 | ; Chroot to this directory at the start. This value must be defined as an | ||
311 | ; absolute path. When this value is not set, chroot is not used. | ||
312 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one | ||
313 | ; of its subdirectories. If the pool prefix is not set, the global prefix | ||
314 | ; will be used instead. | ||
315 | ; Note: chrooting is a great security feature and should be used whenever | ||
316 | ; possible. However, all PHP paths will be relative to the chroot | ||
317 | ; (error_log, sessions.save_path, ...). | ||
318 | ; Default Value: not set | ||
319 | ; chroot = $prefix | ||
320 | |||
321 | ; Chdir to this directory at the start. | ||
322 | ; Note: relative path can be used. | ||
323 | ; Default Value: current directory or / when chroot | ||
324 | ; chdir = / | ||
325 | |||
326 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and | ||
327 | ; stderr will be redirected to /dev/null according to FastCGI specs. | ||
328 | ; Note: on highloaded environement, this can cause some delay in the page | ||
329 | ; process time (several ms). | ||
330 | ; Default Value: no | ||
331 | ;catch_workers_output = yes | ||
332 | |||
333 | ; Limits the extensions of the main script FPM will allow to parse. This can | ||
334 | ; prevent configuration mistakes on the web server side. You should only limit | ||
335 | ; FPM to .php extensions to prevent malicious users to use other extensions to | ||
336 | ; exectute php code. | ||
337 | ; Note: set an empty value to allow all extensions. | ||
338 | ; Default Value: .php | ||
339 | ;security.limit_extensions = .php .php3 .php4 .php5 | ||
340 | |||
341 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from | ||
342 | ; the current environment. | ||
343 | ; Default Value: clean env | ||
344 | ;env[HOSTNAME] = $HOSTNAME | ||
345 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin | ||
346 | ;env[TMP] = /tmp | ||
347 | ;env[TMPDIR] = /tmp | ||
348 | ;env[TEMP] = /tmp | ||
349 | |||
350 | ; Additional php.ini defines, specific to this pool of workers. These settings | ||
351 | ; overwrite the values previously defined in the php.ini. The directives are the | ||
352 | ; same as the PHP SAPI: | ||
353 | ; php_value/php_flag - you can set classic ini defines which can | ||
354 | ; be overwritten from PHP call 'ini_set'. | ||
355 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by | ||
356 | ; PHP call 'ini_set' | ||
357 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. | ||
358 | |||
359 | ; Defining 'extension' will load the corresponding shared extension from | ||
360 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not | ||
361 | ; overwrite previously defined php.ini values, but will append the new value | ||
362 | ; instead. | ||
363 | |||
364 | ; Note: path INI options can be relative and will be expanded with the prefix | ||
365 | ; (pool, global or /usr) | ||
366 | |||
367 | ; Default Value: nothing is defined by default except the values in php.ini and | ||
368 | ; specified at startup with the -d argument | ||
369 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com | ||
370 | ;php_flag[display_errors] = off | ||
371 | ;php_admin_value[error_log] = /var/log/php5-fpm/error.log | ||
372 | php_admin_value[error_log] = /dev/stderr | ||
373 | php_admin_flag[log_errors] = on | ||
374 | ;php_admin_value[memory_limit] = 32M |
... | @@ -2,9 +2,20 @@ | ... | @@ -2,9 +2,20 @@ |
2 | 2 | ||
3 | set -e | 3 | set -e |
4 | apt-get update | 4 | apt-get update |
5 | apt-get install -y ssmtp sudo $NODE_EXTRA_PACKAGES | 5 | apt-get install -y apt-transport-https gnupg |
6 | #npm install -g gulp grunt | 6 | cp /tmp/files/nodesource.list /etc/apt/sources.list.d |
7 | cp /tmp/files/nodesource.gpg.key /etc/apt/trusted.gpg.d/nodesource.asc | ||
8 | apt-get update | ||
9 | |||
10 | apt-get install -y ssmtp sudo nodejs npm $NODE_EXTRA_PACKAGES | ||
11 | |||
12 | if ! [ "z$NPM_GLOBAL_INSTALL" = "z" ]; then | ||
13 | npm install -g $NPM_GLOBAL_INSTALL | ||
14 | fi | ||
15 | |||
16 | addgroup node | ||
17 | adduser --gecos 'node' --ingroup node --disabled-password node | ||
7 | 18 | ||
8 | cp /tmp/files/entrypoint /root/entrypoint | 19 | cp /tmp/files/entrypoint /sbin/entrypoint |
9 | 20 | ||
10 | rm -rf /tmp/files | 21 | rm -rf /tmp/files | ... | ... |
... | @@ -4,14 +4,24 @@ set -ex | ... | @@ -4,14 +4,24 @@ set -ex |
4 | 4 | ||
5 | node_home="$(getent passwd node | cut -f 6 -d :)" | 5 | node_home="$(getent passwd node | cut -f 6 -d :)" |
6 | 6 | ||
7 | if [[ $GID ]]; then | 7 | if [[ $GID && $GID -ne 0 ]]; then |
8 | old_gid=$(getent group node | cut -f 3 -d :) | ||
9 | groupmod -g $GID node | 8 | groupmod -g $GID node |
10 | find "$node_home" -gid $old_gid -print0 | xargs -0r chgrp node | ||
11 | fi | 9 | fi |
12 | if [[ $UID ]]; then | 10 | if [[ $UID && $UID -ne 0 ]]; then |
13 | usermod -u $UID node | 11 | usermod -u $UID node |
14 | fi | 12 | fi |
13 | |||
14 | find "$node_home" \ | ||
15 | '(' -not -user node -a -not -group node -exec chown node:node '{}' + ')' -o \ | ||
16 | '(' -not -user node -exec chown node '{}' + ')' -o \ | ||
17 | '(' -not -group node -exec chgrp node '{}' + ')' -o \ | ||
18 | -true | ||
19 | |||
20 | npm -g config set http_proxy "$http_proxy" | ||
21 | npm -g config set https_proxy "$http_proxy" | ||
22 | sudo -u node npm config set http_proxy "$http_proxy" | ||
23 | sudo -u node npm config set https_proxy "$http_proxy" | ||
24 | |||
15 | if [[ -e package.json ]]; then | 25 | if [[ -e package.json ]]; then |
16 | sudo -u node npm install | 26 | sudo -u node npm install |
17 | fi | 27 | fi | ... | ... |
node/files/nodesource.gpg.key
0 → 100644
1 | -----BEGIN PGP PUBLIC KEY BLOCK----- | ||
2 | Version: GnuPG v1 | ||
3 | Comment: GPGTools - https://gpgtools.org | ||
4 | |||
5 | mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+ | ||
6 | W6DHY3kK3a+2bxrax9EqKe7uxkSKf95gfns+I9+R+RJfRpb1qvljURr54y35IZgs | ||
7 | fMG22Np+TmM2RLgdFCZa18h0+RbH9i0b+ZrB9XPZmLb/h9ou7SowGqQ3wwOtT3Vy | ||
8 | qmif0A2GCcjFTqWW6TXaY8eZJ9BCEqW3k/0Cjw7K/mSy/utxYiUIvZNKgaG/P8U7 | ||
9 | 89QyvxeRxAf93YFAVzMXhoKxu12IuH4VnSwAfb8gQyxKRyiGOUwk0YoBPpqRnMmD | ||
10 | Dl7SdmY3oQHEJzBelTMjTM8AjbB9mWoPBX5G8t4u47/FZ6PgdfmRg9hsKXhkLJc7 | ||
11 | C1btblOHNgDx19fzASWX+xOjZiKpP6MkEEzq1bilUFul6RDtxkTWsTa5TGixgCB/ | ||
12 | G2fK8I9JL/yQhDc6OGY9mjPOxMb5PgUlT8ox3v8wt25erWj9z30QoEBwfSg4tzLc | ||
13 | Jq6N/iepQemNfo6Is+TG+JzI6vhXjlsBm/Xmz0ZiFPPObAH/vGCY5I6886vXQ7ft | ||
14 | qWHYHT8jz/R4tigMGC+tvZ/kcmYBsLCCI5uSEP6JJRQQhHrCvOX0UaytItfsQfLm | ||
15 | EYRd2F72o1yGh3yvWWfDIBXRmaBuIGXGpajC0JyBGSOWb9UxMNZY/2LJEwARAQAB | ||
16 | tB9Ob2RlU291cmNlIDxncGdAbm9kZXNvdXJjZS5jb20+iQI4BBMBAgAiBQJTmyS2 | ||
17 | AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWVaCraFdigHTmD/9OKhUy | ||
18 | jJ+h8gMRg6ri5EQxOExccSRU0i7UHktecSs0DVC4lZG9AOzBe+Q36cym5Z1di6JQ | ||
19 | kHl69q3zBdV3KTW+H1pdmnZlebYGz8paG9iQ/wS9gpnSeEyx0Enyi167Bzm0O4A1 | ||
20 | GK0prkLnz/yROHHEfHjsTgMvFwAnf9uaxwWgE1d1RitIWgJpAnp1DZ5O0uVlsPPm | ||
21 | XAhuBJ32mU8S5BezPTuJJICwBlLYECGb1Y65Cil4OALU7T7sbUqfLCuaRKxuPtcU | ||
22 | VnJ6/qiyPygvKZWhV6Od0Yxlyed1kftMJyYoL8kPHfeHJ+vIyt0s7cropfiwXoka | ||
23 | 1iJB5nKyt/eqMnPQ9aRpqkm9ABS/r7AauMA/9RALudQRHBdWIzfIg0Mlqb52yyTI | ||
24 | IgQJHNGNX1T3z1XgZhI+Vi8SLFFSh8x9FeUZC6YJu0VXXj5iz+eZmk/nYjUt4Mtc | ||
25 | pVsVYIB7oIDIbImODm8ggsgrIzqxOzQVP1zsCGek5U6QFc9GYrQ+Wv3/fG8hfkDn | ||
26 | xXLww0OGaEQxfodm8cLFZ5b8JaG3+Yxfe7JkNclwvRimvlAjqIiW5OK0vvfHco+Y | ||
27 | gANhQrlMnTx//IdZssaxvYytSHpPZTYw+qPEjbBJOLpoLrz8ZafN1uekpAqQjffI | ||
28 | AOqW9SdIzq/kSHgl0bzWbPJPw86XzzftewjKNbkCDQRTmyS2ARAAxSSdQi+WpPQZ | ||
29 | fOflkx9sYJa0cWzLl2w++FQnZ1Pn5F09D/kPMNh4qOsyvXWlekaV/SseDZtVziHJ | ||
30 | Km6V8TBG3flmFlC3DWQfNNFwn5+pWSB8WHG4bTA5RyYEEYfpbekMtdoWW/Ro8Kmh | ||
31 | 41nuxZDSuBJhDeFIp0ccnN2Lp1o6XfIeDYPegyEPSSZqrudfqLrSZhStDlJgXjea | ||
32 | JjW6UP6txPtYaaila9/Hn6vF87AQ5bR2dEWB/xRJzgNwRiax7KSU0xca6xAuf+TD | ||
33 | xCjZ5pp2JwdCjquXLTmUnbIZ9LGV54UZ/MeiG8yVu6pxbiGnXo4Ekbk6xgi1ewLi | ||
34 | vGmz4QRfVklV0dba3Zj0fRozfZ22qUHxCfDM7ad0eBXMFmHiN8hg3IUHTO+UdlX/ | ||
35 | aH3gADFAvSVDv0v8t6dGc6XE9Dr7mGEFnQMHO4zhM1HaS2Nh0TiL2tFLttLbfG5o | ||
36 | QlxCfXX9/nasj3K9qnlEg9G3+4T7lpdPmZRRe1O8cHCI5imVg6cLIiBLPO16e0fK | ||
37 | yHIgYswLdrJFfaHNYM/SWJxHpX795zn+iCwyvZSlLfH9mlegOeVmj9cyhN/VOmS3 | ||
38 | QRhlYXoA2z7WZTNoC6iAIlyIpMTcZr+ntaGVtFOLS6fwdBqDXjmSQu66mDKwU5Ek | ||
39 | fNlbyrpzZMyFCDWEYo4AIR/18aGZBYUAEQEAAYkCHwQYAQIACQUCU5sktgIbDAAK | ||
40 | CRAWVaCraFdigIPQEACcYh8rR19wMZZ/hgYv5so6Y1HcJNARuzmffQKozS/rxqec | ||
41 | 0xM3wceL1AIMuGhlXFeGd0wRv/RVzeZjnTGwhN1DnCDy1I66hUTgehONsfVanuP1 | ||
42 | PZKoL38EAxsMzdYgkYH6T9a4wJH/IPt+uuFTFFy3o8TKMvKaJk98+Jsp2X/QuNxh | ||
43 | qpcIGaVbtQ1bn7m+k5Qe/fz+bFuUeXPivafLLlGc6KbdgMvSW9EVMO7yBy/2JE15 | ||
44 | ZJgl7lXKLQ31VQPAHT3an5IV2C/ie12eEqZWlnCiHV/wT+zhOkSpWdrheWfBT+ac | ||
45 | hR4jDH80AS3F8jo3byQATJb3RoCYUCVc3u1ouhNZa5yLgYZ/iZkpk5gKjxHPudFb | ||
46 | DdWjbGflN9k17VCf4Z9yAb9QMqHzHwIGXrb7ryFcuROMCLLVUp07PrTrRxnO9A/4 | ||
47 | xxECi0l/BzNxeU1gK88hEaNjIfviPR/h6Gq6KOcNKZ8rVFdwFpjbvwHMQBWhrqfu | ||
48 | G3KaePvbnObKHXpfIKoAM7X2qfO+IFnLGTPyhFTcrl6vZBTMZTfZiC1XDQLuGUnd | ||
49 | sckuXINIU3DFWzZGr0QrqkuE/jyr7FXeUJj9B7cLo+s/TXo+RaVfi3kOc9BoxIvy | ||
50 | /qiNGs/TKy2/Ujqp/affmIMoMXSozKmga81JSwkADO1JMgUy6dApXz9kP4EE3g== | ||
51 | =CLGF | ||
52 | -----END PGP PUBLIC KEY BLOCK----- |
node/files/nodesource.list
0 → 100644
1 | deb https://deb.nodesource.com/node_8.x stretch main |
1 | FROM debian:stretch | 1 | FROM debian:stretch-slim |
2 | 2 | ||
3 | ARG PHPFPM_EXTRA_PACKAGES | 3 | ARG PHPFPM_EXTRA_PACKAGES |
4 | 4 | ||
... | @@ -8,5 +8,5 @@ RUN /tmp/files/configure | ... | @@ -8,5 +8,5 @@ RUN /tmp/files/configure |
8 | ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp | 8 | ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp |
9 | RUN ["chmod", "755", "/usr/local/bin/wp"] | 9 | RUN ["chmod", "755", "/usr/local/bin/wp"] |
10 | 10 | ||
11 | ENTRYPOINT ["/root/entrypoint"] | 11 | ENTRYPOINT ["/sbin/entrypoint"] |
12 | CMD ["/usr/sbin/php-fpm7.0", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"] | 12 | CMD ["/usr/sbin/php-fpm7.0", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"] | ... | ... |
... | @@ -7,7 +7,7 @@ apt-get install -y sudo ssmtp php7.0-fpm php7.0-mysql php7.0-curl php7.0-imagick | ... | @@ -7,7 +7,7 @@ apt-get install -y sudo ssmtp php7.0-fpm php7.0-mysql php7.0-curl php7.0-imagick |
7 | rm /etc/php/7.0/fpm/pool.d/www.conf | 7 | rm /etc/php/7.0/fpm/pool.d/www.conf |
8 | cp -a /tmp/files/app-defaults.conf /etc/php/7.0/fpm | 8 | cp -a /tmp/files/app-defaults.conf /etc/php/7.0/fpm |
9 | 9 | ||
10 | cp /tmp/files/entrypoint /root/entrypoint | 10 | cp /tmp/files/entrypoint /sbin/entrypoint |
11 | 11 | ||
12 | addgroup hostgroup | 12 | addgroup hostgroup |
13 | adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser | 13 | adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser | ... | ... |
... | @@ -4,12 +4,12 @@ set -ex | ... | @@ -4,12 +4,12 @@ set -ex |
4 | 4 | ||
5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" | 5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" |
6 | 6 | ||
7 | if [[ $GID ]]; then | 7 | if [[ $GID && $GID -ne 0 ]]; then |
8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) | 8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) |
9 | groupmod -g $GID hostgroup | 9 | groupmod -g $GID hostgroup |
10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup | 10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup |
11 | fi | 11 | fi |
12 | if [[ $UID ]]; then | 12 | if [[ $UID && $GID -ne 0 ]]; then |
13 | usermod -u $UID hostuser | 13 | usermod -u $UID hostuser |
14 | fi | 14 | fi |
15 | mkdir -p /run/php | 15 | mkdir -p /run/php | ... | ... |
... | @@ -4,12 +4,12 @@ set -ex | ... | @@ -4,12 +4,12 @@ set -ex |
4 | 4 | ||
5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" | 5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" |
6 | 6 | ||
7 | if [[ $GID ]]; then | 7 | if [[ $GID && $GID -ne 0 ]]; then |
8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) | 8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) |
9 | groupmod -g $GID hostgroup | 9 | groupmod -g $GID hostgroup |
10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup | 10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup |
11 | fi | 11 | fi |
12 | if [[ $UID ]]; then | 12 | if [[ $UID && $UID -ne 0 ]]; then |
13 | usermod -u $UID hostuser | 13 | usermod -u $UID hostuser |
14 | fi | 14 | fi |
15 | 15 | ... | ... |
postgresql/Dockerfile
0 → 100644
postgresql/files/configure
0 → 100755
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | mkdir /usr/share/man/man1 /usr/share/man/man7 | ||
6 | cp /tmp/files/no-suggests-recommends.conf /etc/apt/apt.conf.d/no-suggests-recommends | ||
7 | apt-get update | ||
8 | apt-get install -y postgresql-9.6 \ | ||
9 | $POSTGRESQL_EXTRA_PACKAGES \ | ||
10 | && true | ||
11 | |||
12 | rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* | ||
13 | |||
14 | mkdir /var/lib/container | ||
15 | tar -cC /var/lib/postgresql/ . | gzip -9v > /var/lib/container/var_lib_postgresql.tar.gz | ||
16 | rm -rf /var/lib/postgresql | ||
17 | mkdir /var/lib/postgresql | ||
18 | |||
19 | cp -a /tmp/files/entrypoint /sbin | ||
20 | |||
21 | rm -rf /tmp/files |
postgresql/files/entrypoint
0 → 100755
1 | #!/bin/bash | ||
2 | |||
3 | set -ex | ||
4 | |||
5 | if [[ $(find /var/lib/postgresql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then | ||
6 | zcat /var/lib/container/var_lib_postgresql.tar.gz | tar xf - -C /var/lib/postgresql | ||
7 | fi | ||
8 | |||
9 | postgres_home="$(getent passwd postgres | cut -f 6 -d :)" | ||
10 | |||
11 | if [[ $GID && $GID -ne 0 ]]; then | ||
12 | old_gid=$(getent group postgres | cut -f 3 -d :) | ||
13 | groupmod -g $GID postgres | ||
14 | find "$postgres_home" /etc/postgresql /var/run/postgresql -gid $old_gid -print0 | xargs -0r chgrp postgres | ||
15 | fi | ||
16 | |||
17 | if [[ $UID && $UID -ne 0 ]]; then | ||
18 | old_uid=$(getent passwd postgres | cut -f 3 -d :) | ||
19 | usermod -u $UID postgres | ||
20 | find /etc/postgresql /var/run/postgresql -uid $old_uid -print0 | xargs -0r chown postgres | ||
21 | fi | ||
22 | |||
23 | exec "$@" |
postgresql/files/no-suggests-recommends.conf
0 → 100644
redis/Dockerfile
0 → 100644
redis/files/configure
0 → 100755
redis/files/entrypoint
0 → 100755
1 | #!/bin/bash | ||
2 | |||
3 | set -ex | ||
4 | |||
5 | TARGET_GROUP=redis | ||
6 | TARGET_USER=redis | ||
7 | |||
8 | target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)" | ||
9 | |||
10 | if [[ $GID && $GID -ne 0 ]]; then | ||
11 | groupmod -g $GID "$TARGET_GROUP" | ||
12 | fi | ||
13 | if [[ $UID && $UID -ne 0 ]]; then | ||
14 | usermod -u $UID "$TARGET_USER" | ||
15 | fi | ||
16 | |||
17 | find "$target_home" \ | ||
18 | '(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \ | ||
19 | '(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \ | ||
20 | '(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \ | ||
21 | -true | ||
22 | |||
23 | exec "$@" |
... | @@ -4,12 +4,12 @@ set -ex | ... | @@ -4,12 +4,12 @@ set -ex |
4 | 4 | ||
5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" | 5 | hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" |
6 | 6 | ||
7 | if [[ $GID ]]; then | 7 | if [[ $GID && $GID -ne 0 ]]; then |
8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) | 8 | old_gid=$(getent group hostgroup | cut -f 3 -d :) |
9 | groupmod -g $GID hostgroup | 9 | groupmod -g $GID hostgroup |
10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup | 10 | find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup |
11 | fi | 11 | fi |
12 | if [[ $UID ]]; then | 12 | if [[ $UID && $UID -ne 0 ]]; then |
13 | usermod -u $UID hostuser | 13 | usermod -u $UID hostuser |
14 | fi | 14 | fi |
15 | 15 | ... | ... |
-
Please register or sign in to post a comment