From e63e0b3105124bd8ec3028a39dc71c8d8ca103e3 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Roemer Date: Fri, 2 Oct 2015 10:56:36 +0100 Subject: New approach to Gogs Docker Container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - VOLUME for ‘/data’ - Usage of S6 as PID 1 Process - Usage of ‘socat’ so linked container (like databases) are binded to localhost - OpenSSH, Socat Link and Gogs are supervised using S6 - Size of container reduced to ~75Mo --- docker/build.sh | 17 ++++++++++++++ docker/s6/.s6-svscan/finish | 2 ++ docker/s6/gogs/run | 28 +++++++++++++++++++++++ docker/s6/openssh/run | 15 +++++++++++++ docker/sshd_config | 17 ++++++++++++++ docker/start.sh | 55 ++++++++++----------------------------------- 6 files changed, 91 insertions(+), 43 deletions(-) create mode 100755 docker/build.sh create mode 100755 docker/s6/.s6-svscan/finish create mode 100755 docker/s6/gogs/run create mode 100755 docker/s6/openssh/run create mode 100644 docker/sshd_config (limited to 'docker') diff --git a/docker/build.sh b/docker/build.sh new file mode 100755 index 0000000000..0616aa40f4 --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# Install build deps +apk -U --no-progress add linux-pam-dev go@community gcc musl-dev + +# Init go environment to build Gogs +mkdir -p ${GOPATH}/src/github.com/gogits/ +ln -s /app/gogs/ ${GOPATH}/src/github.com/gogits/gogs +cd ${GOPATH}/src/github.com/gogits/gogs +go get -v -tags "sqlite redis memcache cert pam" +go build -tags "sqlite redis memcache cert pam" + +# Cleanup GOPATH +rm -r $GOPATH + +# Remove build deps +apk --no-progress del linux-pam-dev go gcc musl-dev diff --git a/docker/s6/.s6-svscan/finish b/docker/s6/.s6-svscan/finish new file mode 100755 index 0000000000..22665fa9bb --- /dev/null +++ b/docker/s6/.s6-svscan/finish @@ -0,0 +1,2 @@ +#!/bin/sh +exec /bin/true diff --git a/docker/s6/gogs/run b/docker/s6/gogs/run new file mode 100755 index 0000000000..a7b4cc55ee --- /dev/null +++ b/docker/s6/gogs/run @@ -0,0 +1,28 @@ +#!/bin/sh +USER=git +USERNAME=$USER + +if ! test -d /data/gogs; then + mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git +fi + +if ! test -d ~git/.ssh; then + mkdir ~git/.ssh + chmod 700 ~git/.ssh +fi + +if ! test -f ~git/.ssh/environment; then + echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment + chown git:git ~git/.ssh/environment + chown 600 ~git/.ssh/environment +fi + +ln -sf /data/gogs/log /app/gogs/log +ln -sf /data/gogs/data /app/gogs/data +ln -sf /data/gogs/conf /app/gogs/conf + +chown -R git:git /data /app/gogs ~git/ + +export USER +export USERNAME +exec gosu $USER /app/gogs/gogs web diff --git a/docker/s6/openssh/run b/docker/s6/openssh/run new file mode 100755 index 0000000000..891285764a --- /dev/null +++ b/docker/s6/openssh/run @@ -0,0 +1,15 @@ +#!/bin/sh + +if ! test -d /data/ssh +then + mkdir -p /data/ssh + ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1 + ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa + ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa + ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa + ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519 + chown -R root:root /data/ssh/* + chmod 600 /data/ssh/* +fi + +exec gosu root /usr/sbin/sshd -D -f /etc/ssh/sshd_config diff --git a/docker/sshd_config b/docker/sshd_config new file mode 100644 index 0000000000..9b62f1486a --- /dev/null +++ b/docker/sshd_config @@ -0,0 +1,17 @@ +Port 22 +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: +Protocol 2 +LogLevel INFO +HostKey /data/ssh/ssh_host_key +HostKey /data/ssh/ssh_host_rsa_key +HostKey /data/ssh/ssh_host_dsa_key +HostKey /data/ssh/ssh_host_ecdsa_key +HostKey /data/ssh/ssh_host_ed25519_key +PermitRootLogin no +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +UsePrivilegeSeparation no +PermitUserEnvironment yes +AllowUsers git diff --git a/docker/start.sh b/docker/start.sh index cea6e54e7d..b560b2bc0a 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -1,43 +1,12 @@ -#!/bin/bash - -# - -if ! test -d /data/gogs -then - mkdir -p /var/run/sshd - mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git -fi - -if ! test -d /data/ssh -then - mkdir /data/ssh - ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1 - ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa - ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa - ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa - ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519 - chown -R root:root /data/ssh/* - chmod 600 /data/ssh/* -fi - -service ssh start - -ln -sf /data/gogs/log ./log -ln -sf /data/gogs/data ./data -ln -sf /data/git /home/git - - -if ! test -d ~git/.ssh -then - mkdir ~git/.ssh - chmod 700 ~git/.ssh -fi - -if ! test -f ~git/.ssh/environment -then - echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment - chown git:git ~git/.ssh/environment - chown 600 ~git/.ssh/environment -fi - -chown -R git:git /data . -exec su git -c "./gogs web" +#!/bin/sh + +# Bind linked docker container to localhost socket using socat +env | sed -En 's|(.*)_PORT_([0-9]*)_TCP=tcp://(.*):(.*)|\1_\2 socat -ls TCP4-LISTEN:\2,fork,reuseaddr TCP4:\3:\4|p' | \ +while read NAME CMD; do + mkdir -p /app/gogs/docker/s6/$NAME + echo -e "#!/bin/sh\nexec $CMD" > /app/gogs/docker/s6/$NAME/run + chmod +x /app/gogs/docker/s6/$NAME/run +done + +# Exec S6 as process manager for gogs and dropbear ssh +exec /usr/bin/s6-svscan /app/gogs/docker/s6/ -- cgit v1.2.3