New approach to Gogs Docker Container

- VOLUME for ‘/data’
- Usage of S6 as PID 1 Process
- Usage of ‘socat’ so linked container (like databases) are binded to
localhost
- OpenSSH, Socat Link and Gogs are supervised using S6
- Size of container reduced to ~75Mo

6 files changed, 91 insertions, 43 deletions

diff --git a/docker/build.sh b/docker/build.sh
new file mode 100755
index 0000000000..0616aa40f4
--- /dev/null
+++ b/docker/build.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Install build deps
+apk -U --no-progress add linux-pam-dev go@community gcc musl-dev
+
+# Init go environment to build Gogs
+mkdir -p ${GOPATH}/src/github.com/gogits/
+ln -s /app/gogs/ ${GOPATH}/src/github.com/gogits/gogs
+cd ${GOPATH}/src/github.com/gogits/gogs
+go get -v -tags "sqlite redis memcache cert pam"
+go build -tags "sqlite redis memcache cert pam"
+
+# Cleanup GOPATH
+rm -r $GOPATH
+
+# Remove build deps
+apk --no-progress del linux-pam-dev go gcc musl-dev
diff --git a/docker/s6/.s6-svscan/finish b/docker/s6/.s6-svscan/finish
new file mode 100755
index 0000000000..22665fa9bb
--- /dev/null
+++ b/docker/s6/.s6-svscan/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /bin/true
diff --git a/docker/s6/gogs/run b/docker/s6/gogs/run
new file mode 100755
index 0000000000..a7b4cc55ee
--- /dev/null
+++ b/docker/s6/gogs/run
@@ -0,0 +1,28 @@
+#!/bin/sh
+USER=git
+USERNAME=$USER
+
+if ! test -d /data/gogs; then
+	mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git
+fi
+
+if ! test -d ~git/.ssh; then
+    mkdir ~git/.ssh
+    chmod 700 ~git/.ssh
+fi
+
+if ! test -f ~git/.ssh/environment; then
+    echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment
+    chown git:git ~git/.ssh/environment
+    chown 600 ~git/.ssh/environment
+fi
+
+ln -sf /data/gogs/log  /app/gogs/log
+ln -sf /data/gogs/data /app/gogs/data
+ln -sf /data/gogs/conf /app/gogs/conf
+
+chown -R git:git /data /app/gogs ~git/
+
+export USER
+export USERNAME
+exec gosu $USER /app/gogs/gogs web
diff --git a/docker/s6/openssh/run b/docker/s6/openssh/run
new file mode 100755
index 0000000000..891285764a
--- /dev/null
+++ b/docker/s6/openssh/run
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+if ! test -d /data/ssh
+then
+	mkdir -p /data/ssh
+	ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1
+	ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
+	ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
+	ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
+	ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
+	chown -R root:root /data/ssh/*
+	chmod 600 /data/ssh/*
+fi
+
+exec gosu root /usr/sbin/sshd -D -f /etc/ssh/sshd_config
diff --git a/docker/sshd_config b/docker/sshd_config
new file mode 100644
index 0000000000..9b62f1486a
--- /dev/null
+++ b/docker/sshd_config
@@ -0,0 +1,17 @@
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+Protocol 2
+LogLevel INFO
+HostKey /data/ssh/ssh_host_key
+HostKey /data/ssh/ssh_host_rsa_key
+HostKey /data/ssh/ssh_host_dsa_key
+HostKey /data/ssh/ssh_host_ecdsa_key
+HostKey /data/ssh/ssh_host_ed25519_key
+PermitRootLogin no
+AuthorizedKeysFile	.ssh/authorized_keys
+PasswordAuthentication no
+UsePrivilegeSeparation no
+PermitUserEnvironment yes
+AllowUsers git
diff --git a/docker/start.sh b/docker/start.sh
index cea6e54e7d..b560b2bc0a 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,43 +1,12 @@
-#!/bin/bash -
-#
-
-if ! test -d /data/gogs
-then
-	mkdir -p /var/run/sshd
-	mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git
-fi
-
-if ! test -d /data/ssh
-then
-	mkdir /data/ssh
-	ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1
-	ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
-	ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
-	chown -R root:root /data/ssh/*
-	chmod 600 /data/ssh/*
-fi
-
-service ssh start
-
-ln -sf /data/gogs/log ./log
-ln -sf /data/gogs/data ./data
-ln -sf /data/git /home/git
-
-
-if ! test -d ~git/.ssh
-then
-  mkdir ~git/.ssh
-  chmod 700 ~git/.ssh
-fi
-
-if ! test -f ~git/.ssh/environment
-then
-  echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment
-  chown git:git ~git/.ssh/environment
-  chown 600 ~git/.ssh/environment
-fi
-
-chown -R git:git /data .
-exec su git -c "./gogs web"
+#!/bin/sh
+
+# Bind linked docker container to localhost socket using socat
+env | sed -En 's|(.*)_PORT_([0-9]*)_TCP=tcp://(.*):(.*)|\1_\2 socat -ls TCP4-LISTEN:\2,fork,reuseaddr TCP4:\3:\4|p' | \
+while read NAME CMD; do
+    mkdir -p /app/gogs/docker/s6/$NAME
+    echo -e "#!/bin/sh\nexec $CMD" > /app/gogs/docker/s6/$NAME/run
+    chmod +x /app/gogs/docker/s6/$NAME/run
+done
+
+# Exec S6 as process manager for gogs and dropbear ssh
+exec /usr/bin/s6-svscan /app/gogs/docker/s6/