- VOLUME for ‘/data’ - Usage of S6 as PID 1 Process - Usage of ‘socat’ so linked container (like databases) are binded to localhost - OpenSSH, Socat Link and Gogs are supervised using S6 - Size of container reduced to ~75Mofor-closed-social
@ -1,54 +1,31 @@ | |||
FROM google/debian:wheezy | |||
MAINTAINER u@gogs.io | |||
FROM alpine:3.2 | |||
MAINTAINER roemer.jp@gmail.com | |||
RUN echo "deb http://ftp.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list && \ | |||
apt-get update -qqy && \ | |||
apt-get install --no-install-recommends -qqy \ | |||
curl build-essential ca-certificates git \ | |||
openssh-server libpam-dev && \ | |||
apt-get autoclean && \ | |||
apt-get autoremove && \ | |||
rm -rf /var/lib/apt/lists/* | |||
# Install system utils & Gogs runtime dependencies | |||
ADD https://github.com/tianon/gosu/releases/download/1.5/gosu-amd64 /usr/sbin/gosu | |||
RUN echo "@edge http://dl-4.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories \ | |||
&& echo "@community http://dl-4.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories \ | |||
&& apk -U --no-progress upgrade \ | |||
&& apk -U --no-progress add ca-certificates git linux-pam s6@edge curl openssh socat \ | |||
&& chmod +x /usr/sbin/gosu | |||
ENV GOROOT /goroot | |||
ENV GOPATH /gopath | |||
ENV PATH $PATH:$GOROOT/bin:$GOPATH/bin | |||
# Configure SSH | |||
COPY docker/sshd_config /etc/ssh/sshd_config | |||
COPY . /gopath/src/github.com/gogits/gogs/ | |||
WORKDIR /gopath/src/github.com/gogits/gogs/ | |||
# Build binary and clean up useless files | |||
RUN mkdir /goroot && \ | |||
curl https://storage.googleapis.com/golang/go1.5.linux-amd64.tar.gz | tar xzf - -C /goroot --strip-components=1 && \ | |||
go get -v -tags "sqlite redis memcache cert pam" && \ | |||
go build -tags "sqlite redis memcache cert pam" && \ | |||
mkdir /app/ && \ | |||
mv /gopath/src/github.com/gogits/gogs/ /app/gogs/ && \ | |||
rm -r $GOROOT $GOPATH | |||
# Configure Go and build Gogs | |||
ENV GOPATH /tmp/go | |||
ENV PATH $PATH:$GOPATH/bin | |||
COPY . /app/gogs/ | |||
WORKDIR /app/gogs/ | |||
RUN ./docker/build.sh | |||
RUN useradd --shell /bin/bash --system --comment gogits git | |||
# SSH login fix, otherwise user is kicked off after login | |||
RUN mkdir /var/run/sshd && \ | |||
sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && \ | |||
sed 's@UsePrivilegeSeparation yes@UsePrivilegeSeparation no@' -i /etc/ssh/sshd_config && \ | |||
echo "export VISIBLE=now" >> /etc/profile && \ | |||
echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config | |||
# Setup server keys on startup | |||
RUN sed 's@^HostKey@\#HostKey@' -i /etc/ssh/sshd_config && \ | |||
echo "HostKey /data/ssh/ssh_host_key" >> /etc/ssh/sshd_config && \ | |||
echo "HostKey /data/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config && \ | |||
echo "HostKey /data/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config && \ | |||
echo "HostKey /data/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config && \ | |||
echo "HostKey /data/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config | |||
# Prepare data | |||
ENV GOGS_CUSTOM /data/gogs | |||
# Create git user for Gogs | |||
RUN adduser -D -g 'Gogs Git User' git -h /data/git/ -s /bin/sh && passwd -u git | |||
RUN echo "export GOGS_CUSTOM=/data/gogs" >> /etc/profile | |||
VOLUME ["/data"] | |||
EXPOSE 22 3000 | |||
ENTRYPOINT [] | |||
CMD ["./docker/start.sh"] | |||
CMD ["./docker/start.sh"] |
@ -0,0 +1,17 @@ | |||
#!/bin/sh | |||
# Install build deps | |||
apk -U --no-progress add linux-pam-dev go@community gcc musl-dev | |||
# Init go environment to build Gogs | |||
mkdir -p ${GOPATH}/src/github.com/gogits/ | |||
ln -s /app/gogs/ ${GOPATH}/src/github.com/gogits/gogs | |||
cd ${GOPATH}/src/github.com/gogits/gogs | |||
go get -v -tags "sqlite redis memcache cert pam" | |||
go build -tags "sqlite redis memcache cert pam" | |||
# Cleanup GOPATH | |||
rm -r $GOPATH | |||
# Remove build deps | |||
apk --no-progress del linux-pam-dev go gcc musl-dev |
@ -0,0 +1,2 @@ | |||
#!/bin/sh | |||
exec /bin/true |
@ -0,0 +1,28 @@ | |||
#!/bin/sh | |||
USER=git | |||
USERNAME=$USER | |||
if ! test -d /data/gogs; then | |||
mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git | |||
fi | |||
if ! test -d ~git/.ssh; then | |||
mkdir ~git/.ssh | |||
chmod 700 ~git/.ssh | |||
fi | |||
if ! test -f ~git/.ssh/environment; then | |||
echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment | |||
chown git:git ~git/.ssh/environment | |||
chown 600 ~git/.ssh/environment | |||
fi | |||
ln -sf /data/gogs/log /app/gogs/log | |||
ln -sf /data/gogs/data /app/gogs/data | |||
ln -sf /data/gogs/conf /app/gogs/conf | |||
chown -R git:git /data /app/gogs ~git/ | |||
export USER | |||
export USERNAME | |||
exec gosu $USER /app/gogs/gogs web |
@ -0,0 +1,15 @@ | |||
#!/bin/sh | |||
if ! test -d /data/ssh | |||
then | |||
mkdir -p /data/ssh | |||
ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1 | |||
ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa | |||
ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa | |||
ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa | |||
ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519 | |||
chown -R root:root /data/ssh/* | |||
chmod 600 /data/ssh/* | |||
fi | |||
exec gosu root /usr/sbin/sshd -D -f /etc/ssh/sshd_config |
@ -0,0 +1,17 @@ | |||
Port 22 | |||
AddressFamily any | |||
ListenAddress 0.0.0.0 | |||
ListenAddress :: | |||
Protocol 2 | |||
LogLevel INFO | |||
HostKey /data/ssh/ssh_host_key | |||
HostKey /data/ssh/ssh_host_rsa_key | |||
HostKey /data/ssh/ssh_host_dsa_key | |||
HostKey /data/ssh/ssh_host_ecdsa_key | |||
HostKey /data/ssh/ssh_host_ed25519_key | |||
PermitRootLogin no | |||
AuthorizedKeysFile .ssh/authorized_keys | |||
PasswordAuthentication no | |||
UsePrivilegeSeparation no | |||
PermitUserEnvironment yes | |||
AllowUsers git |
@ -1,43 +1,12 @@ | |||
#!/bin/bash - | |||
# | |||
if ! test -d /data/gogs | |||
then | |||
mkdir -p /var/run/sshd | |||
mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git | |||
fi | |||
if ! test -d /data/ssh | |||
then | |||
mkdir /data/ssh | |||
ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1 | |||
ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa | |||
ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa | |||
ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa | |||
ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519 | |||
chown -R root:root /data/ssh/* | |||
chmod 600 /data/ssh/* | |||
fi | |||
service ssh start | |||
ln -sf /data/gogs/log ./log | |||
ln -sf /data/gogs/data ./data | |||
ln -sf /data/git /home/git | |||
if ! test -d ~git/.ssh | |||
then | |||
mkdir ~git/.ssh | |||
chmod 700 ~git/.ssh | |||
fi | |||
if ! test -f ~git/.ssh/environment | |||
then | |||
echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment | |||
chown git:git ~git/.ssh/environment | |||
chown 600 ~git/.ssh/environment | |||
fi | |||
chown -R git:git /data . | |||
exec su git -c "./gogs web" | |||
#!/bin/sh | |||
# Bind linked docker container to localhost socket using socat | |||
env | sed -En 's|(.*)_PORT_([0-9]*)_TCP=tcp://(.*):(.*)|\1_\2 socat -ls TCP4-LISTEN:\2,fork,reuseaddr TCP4:\3:\4|p' | \ | |||
while read NAME CMD; do | |||
mkdir -p /app/gogs/docker/s6/$NAME | |||
echo -e "#!/bin/sh\nexec $CMD" > /app/gogs/docker/s6/$NAME/run | |||
chmod +x /app/gogs/docker/s6/$NAME/run | |||
done | |||
# Exec S6 as process manager for gogs and dropbear ssh | |||
exec /usr/bin/s6-svscan /app/gogs/docker/s6/ |