Merge pull request #3 from elrido/master
Making the PrivateBin container image more robust
This commit is contained in:
Jeroen Geusebroek
GitHub
10
.dockerignore
Normal file
10
.dockerignore
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
# Docs
|
||||||
|
README.md
|
||||||
|
LICENSE
|
||||||
|
|
||||||
|
# build
|
||||||
|
build.sh
|
||||||
|
buildNoCache.sh
|
||||||
|
|
||||||
|
# Git
|
||||||
|
.git/
|
||||||
36
Dockerfile
36
Dockerfile
@@ -10,32 +10,40 @@ RUN apk -U add \
|
|||||||
nginx \
|
nginx \
|
||||||
php7-fpm \
|
php7-fpm \
|
||||||
php7-gd \
|
php7-gd \
|
||||||
php7-mcrypt \
|
|
||||||
php7-json \
|
php7-json \
|
||||||
php7-zlib \
|
|
||||||
php7-pdo \
|
php7-pdo \
|
||||||
php7-pdo_mysql \
|
php7-pdo_mysql \
|
||||||
supervisor \
|
supervisor \
|
||||||
tini \
|
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
tar \
|
tar \
|
||||||
&& mkdir privatebin && cd privatebin \
|
gnupg \
|
||||||
&& curl -L -o privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz \
|
&& mkdir -p privatebin/data \
|
||||||
&& tar xvzf privatebin.tar.gz --strip 1 \
|
&& export GNUPGHOME="$(mktemp -d)" \
|
||||||
&& rm privatebin.tar.gz \
|
&& gpg2 --list-public-keys || /bin/true \
|
||||||
&& mv cfg/conf.sample.php /privatebin \
|
&& curl -s https://privatebin.info/key/rugk.asc | gpg2 --import - \
|
||||||
&& apk del tar ca-certificates curl libcurl \
|
&& curl -Lso privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/$VERSION/PrivateBin-$VERSION.tar.gz.asc \
|
||||||
&& rm -f /var/cache/apk/*
|
&& curl -Lso privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/$VERSION.tar.gz \
|
||||||
|
&& gpg2 --verify privatebin.tar.gz.asc \
|
||||||
|
&& rm -rf "$GNUPGHOME" /var/www/* \
|
||||||
|
&& cd /var/www \
|
||||||
|
&& tar -xzf /privatebin.tar.gz --strip 1 \
|
||||||
|
&& mv cfg/conf.sample.php /privatebin/ \
|
||||||
|
&& mv cfg /privatebin/ \
|
||||||
|
&& mv lib /privatebin \
|
||||||
|
&& mv tpl /privatebin \
|
||||||
|
&& mv vendor /privatebin \
|
||||||
|
&& sed -i "s#define('PATH', '');#define('PATH', '/privatebin/');#" index.php \
|
||||||
|
&& apk del tar ca-certificates curl gnupg \
|
||||||
|
&& rm -f /privatebin.tar.gz* *.md /var/cache/apk/*
|
||||||
|
|
||||||
COPY files/nginx.conf /etc/nginx/nginx.conf
|
COPY files/nginx.conf /etc/nginx/nginx.conf
|
||||||
COPY files/php-fpm.conf /etc/php7/php-fpm.conf
|
COPY files/php-fpm.conf /etc/php7/php-fpm.conf
|
||||||
COPY files/supervisord.conf /usr/local/etc/supervisord.conf
|
COPY files/supervisord.conf /usr/local/etc/supervisord.conf
|
||||||
COPY entrypoint.sh /
|
COPY entrypoint.sh /
|
||||||
|
|
||||||
RUN chmod +x /entrypoint.sh
|
# mark dirs as volumes that need to be writable, allows running the container --read-only
|
||||||
|
VOLUME [ "/privatebin/data", "/privatebin/cfg", "/etc", "/tmp", "/var/tmp", "/run", "/var/log" ]
|
||||||
VOLUME [ "/privatebin/data", "/privatebin/cfg" ]
|
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
LABEL description "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data."
|
LABEL description "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data."
|
||||||
CMD ["/sbin/tini","--","/entrypoint.sh"]
|
CMD ["/entrypoint.sh"]
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ A tiny image running [alpine](https://github.com/gliderlabs/docker-alpine) Linux
|
|||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
docker run --restart=always -d \
|
docker run --restart=always -d \
|
||||||
|
--read-only
|
||||||
-p 0.0.0.0:80:80 \
|
-p 0.0.0.0:80:80 \
|
||||||
--hostname=privatebin \
|
--hostname=privatebin \
|
||||||
--name=privatebin \
|
--name=privatebin \
|
||||||
@@ -13,7 +14,7 @@ A tiny image running [alpine](https://github.com/gliderlabs/docker-alpine) Linux
|
|||||||
-v /<host_cfg_directory>:/privatebin/cfg \
|
-v /<host_cfg_directory>:/privatebin/cfg \
|
||||||
jgeusebroek/privatebin
|
jgeusebroek/privatebin
|
||||||
|
|
||||||
On first run it will copy the sample config file if there isn't a config file already.
|
On first run it will copy the sample config file, if there isn't a config file already.
|
||||||
|
|
||||||
## Optional environment variables
|
## Optional environment variables
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1,2 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
docker build --rm --pull --no-cache -t jgeusebroek/zerobin .
|
docker build --rm --pull --no-cache -t jgeusebroek/privatebin .
|
||||||
|
|||||||
6
entrypoint.sh
Normal file → Executable file
6
entrypoint.sh
Normal file → Executable file
@@ -1,11 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
addgroup -g ${GID} privatebin && adduser -h /privatebin -s /bin/sh -D -G privatebin -u ${UID} privatebin
|
addgroup -g ${GID} privatebin && \
|
||||||
touch /var/run/php-fpm.sock
|
adduser -h /privatebin -H -s /bin/sh -D -G privatebin -u ${UID} privatebin
|
||||||
|
|
||||||
if [ ! -f /privatebin/cfg/conf.php ]; then
|
if [ ! -f /privatebin/cfg/conf.php ]; then
|
||||||
cp /privatebin/conf.sample.php /privatebin/cfg/conf.php
|
cp /privatebin/conf.sample.php /privatebin/cfg/conf.php
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chown -R privatebin:privatebin /privatebin /var/run/php-fpm.sock /var/lib/nginx /tmp /var/tmp/nginx
|
chown -R privatebin:privatebin /privatebin/data
|
||||||
supervisord -c /usr/local/etc/supervisord.conf
|
supervisord -c /usr/local/etc/supervisord.conf
|
||||||
|
|||||||
@@ -12,8 +12,8 @@ http {
|
|||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
||||||
access_log off;
|
access_log /dev/stdout;
|
||||||
error_log /var/log/nginx/error.log error;
|
error_log /dev/stderr error;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
keepalive_timeout 15;
|
keepalive_timeout 15;
|
||||||
@@ -48,7 +48,7 @@ http {
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
root /privatebin;
|
root /var/www;
|
||||||
index index.php index.html;
|
index index.php index.html;
|
||||||
|
|
||||||
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
|
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
|
||||||
@@ -78,7 +78,5 @@ http {
|
|||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
include /etc/nginx/fastcgi_params;
|
include /etc/nginx/fastcgi_params;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
[global]
|
||||||
|
daemonize = no
|
||||||
[www]
|
[www]
|
||||||
user = privatebin
|
user = privatebin
|
||||||
group = privatebin
|
group = privatebin
|
||||||
@@ -9,4 +11,4 @@ pm.max_children = 5
|
|||||||
pm.start_servers = 2
|
pm.start_servers = 2
|
||||||
pm.min_spare_servers = 1
|
pm.min_spare_servers = 1
|
||||||
pm.max_spare_servers = 3
|
pm.max_spare_servers = 3
|
||||||
chdir = /
|
chdir = /var/www
|
||||||
|
|||||||
@@ -1,8 +1,19 @@
|
|||||||
[supervisord]
|
[supervisord]
|
||||||
nodaemon=true
|
nodaemon=true
|
||||||
|
pidfile=/var/run/supervisord.pid
|
||||||
|
logfile=/var/log/supervisord.log
|
||||||
|
|
||||||
[program:php-fpm]
|
[program:php-fpm]
|
||||||
command=php-fpm7 --nodaemonize
|
command=php-fpm7
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
|
||||||
[program:nginx]
|
[program:nginx]
|
||||||
command=nginx
|
command=nginx
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user