Fully working docker!

Dockerfile

@@ -15,11 +15,12 @@
 # base image doesn't provide enough to run most Ubuntu services. See
 # http://phusion.github.io/baseimage-docker/ for an explanation.
 
-FROM phusion/baseimage:0.9.15
+FROM phusion/baseimage:0.9.16
 
 # Dockerfile metadata.
 MAINTAINER Joshua Tauberer (http://razor.occams.info)
-EXPOSE 22 25 53 80 443 587 993
+EXPOSE 25 53/udp 53/tcp 80 443 587 993
+VOLUME /data
 
 # Docker has a beautiful way to cache images after each step. The next few
 # steps of installing system packages are very intensive, so we take care
@@ -35,13 +36,17 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
 ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
 RUN rm -f /tmp/mailinabox_apt_package_list.txt
+RUN useradd -m user-data
+RUN rm -rf /etc/service/syslog-ng
 
 # Now add Mail-in-a-Box to the system.
 ADD . /usr/local/mailinabox
 
+#RUN /usr/local/mailinabox/containers/docker/setup.sh 
+
 # We can't know things like the IP address where the container will eventually
 # be deployed until the container is started. We also don't want to create any
 # private keys during the creation of the image --- that should wait until the
 # container is started too. So our whole setup process is deferred until the
 # container is started.
-ENTRYPOINT ["/usr/local/mailinabox/containers/docker/container_start.sh"]
+ENTRYPOINT /usr/local/mailinabox/containers/docker/init.sh

containers/docker/apt_package_list.txt

@@ -76,6 +76,7 @@ python3-pip
 pyzor
 razor
 resolvconf
+rsyslog
 spampd
 sqlite3
 sudo

containers/docker/container_start.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-
-# This script is used within containers to turn it into a Mail-in-a-Box.
-# It is referenced by the Dockerfile. You should not run it directly.
-########################################################################
-
-# Local configuration details were not known at the time the Docker
-# image was created, so all setup is defered until the container
-# is started. That's when this script runs.
-
-# If we're not in an interactive shell, set defaults.
-if [ ! -t 0 ]; then
-	export PUBLIC_IP=auto
-	export PUBLIC_IPV6=auto
-	export PRIMARY_HOSTNAME=auto
-	export CSR_COUNTRY=US
-	export NONINTERACTIVE=1
-fi
-
-# Start configuration.
-cd /usr/local/mailinabox
-export IS_DOCKER=1
-export DISABLE_FIREWALL=1
-source setup/start.sh # using 'source' means an exit from inside also exits this script and terminates container
-
-# Once the configuration is complete, start the Unix init process
-# provided by the base image. We're running as process 0, and
-# /sbin/my_init needs to run as process 0, so use 'exec' to replace
-# this shell process and not fork a new one. Nifty right?
-exec /sbin/my_init -- bash

containers/docker/init.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# This script is used within containers to turn it into a Mail-in-a-Box.
+# It is referenced by the Dockerfile. You should not run it directly.
+########################################################################
+
+# Local configuration details were not known at the time the Docker
+# image was created, so all setup is defered until the container
+# is started. That's when this script runs.
+
+# If we're not in an interactive shell, set defaults.
+if [ ! -t 0 ]; then
+	export PUBLIC_IP=auto
+	export PUBLIC_IPV6=auto
+	export PRIMARY_HOSTNAME=auto
+	export CSR_COUNTRY=US
+	export NONINTERACTIVE=1
+fi
+
+# Start configuration.
+cd /usr/local/mailinabox
+export IS_DOCKER=1
+export STORAGE_ROOT=/data
+export STORAGE_USER=user-data
+export DISABLE_FIREWALL=1
+
+mkdir /etc/service/rsyslogd
+mkdir /etc/service/bind9
+mkdir /etc/service/dovecot
+mkdir /etc/service/fail2ban
+mkdir /etc/service/mailinabox
+mkdir /etc/service/memcached
+mkdir /etc/service/nginx
+mkdir /etc/service/nsd
+mkdir /etc/service/opendkim
+mkdir /etc/service/php5-fpm
+mkdir /etc/service/postfix
+mkdir /etc/service/postgrey
+mkdir /etc/service/spampd
+cp services/rsyslogd.sh /etc/service/rsyslogd/run
+cp services/bind9.sh /etc/service/bind9/run
+cp services/dovecot.sh /etc/service/dovecot/run
+cp services/fail2ban.sh /etc/service/fail2ban/run
+cp services/mailinabox.sh /etc/service/mailinabox/run
+cp services/memcached.sh /etc/service/memcached/run
+cp services/nginx.sh /etc/service/nginx/run
+cp services/nsd.sh /etc/service/nsd/run
+cp services/opendkim.sh /etc/service/opendkim/run
+cp services/php5-fpm.sh /etc/service/php5-fpm/run
+cp services/postfix.sh /etc/service/postfix/run
+cp services/postgrey.sh /etc/service/postgrey/run
+cp services/spampd.sh /etc/service/spampd/run
+
+rsyslogd
+source setup/start.sh
+/etc/init.d/mailinabox start
+/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
+sleep 5
+curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/update
+curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update
+source setup/firstuser.sh
+/etc/init.d/mailinabox stop
+kill $(pidof dovecot)
+/etc/init.d/resolvconf start
+killall rsyslogd
+my_init
+

containers/docker/run.sh

@@ -17,21 +17,18 @@
 # volume if the volume is new.
 
 
-DOCKER=docker.io
+DOCKER=docker
 
 # Build or rebuild the image.
 # Rebuilds are very fast.
 $DOCKER build -q -t mailinabox .
 
-# Start the user-data containerw which is merely to create
-# a container that maintains a reference to a volume so that
-# we can destroy the main container without losing user data.
 if ! $DOCKER ps -a | grep mailinabox-userdata > /dev/null; then
 	echo Starting user-data volume container...
 	$DOCKER run -d \
 		--name mailinabox-userdata \
 		-v /home/user-data \
-		scratch bash
+		scratch /bin/bash
 fi
 
 # End a running container.
@@ -43,8 +40,9 @@ fi
 # Start container.
 echo Starting new container...
 $DOCKER run \
-	-p 25 -p 53 -p 80 -p 443 -p 587 -p 993 \
+	--privileged \
-	--volumes-from mailinabox-userdata \
+	-v /dev/urandom:/dev/random \
+	-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \
 	--name mailinabox-services \
-	-t -i \
+	--volumes-from mailinabox-userdata \
 	mailinabox

services/bind9.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+EXEC=bind9
+PROCESS=named
+
+/etc/init.d/$EXEC start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/dovecot.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf &> /var/log/dovecot.log

services/fail2ban.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+PROCESS=fail2ban
+
+/etc/init.d/$PROCESS start
+
+while [ `ps aux | grep fail2ban | grep -v grep  | wc -l` -gt 0 ]; do
+	sleep 30
+done

services/mailinabox.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+EXEC=mailinabox
+PROCESS=mailinabox-daemon
+
+if [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -eq 0 ]; then
+	/etc/init.d/$EXEC start
+fi
+
+while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
+	sleep 30
+done

services/memcached.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=memcached
+
+/etc/init.d/$PROCESS start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 60
+done
+

services/nginx.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=nginx
+
+/etc/init.d/$PROCESS start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/nsd.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=nsd
+
+/etc/init.d/$PROCESS start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/opendkim.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=opendkim
+
+/etc/init.d/$PROCESS start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/php5-fpm.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=php5-fpm
+
+/etc/init.d/$PROCESS start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/postfix.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=postfix
+
+/etc/init.d/$PROCESS start
+
+while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/postgrey.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=postgrey
+
+/etc/init.d/$PROCESS start
+
+while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

services/rsyslogd.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rsyslogd -n

services/spampd.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+PROCESS=spampd
+
+/etc/init.d/$PROCESS start
+
+while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
+	sleep 30
+done
+

setup/functions.sh

@@ -39,6 +39,7 @@ function apt_get_quiet {
 }
 
 function apt_install {
+  if [ ! "$IS_DOCKER" ];then
 	# Report any packages already installed.
 	PACKAGES=$@
 	TO_INSTALL=""
@@ -165,20 +166,6 @@ function restart_service {
 	if [ ! "$IS_DOCKER" ]; then
 		# The normal way to restart a service.
 		hide_output service $1 restart
-	else
- 		# On docker, sysvinit is not present. Our base image provides
- 		# a weird way to manage running services. But we're not going
- 		# to use it. Just execute the init.d script directly.
-
-	 	if [ "$1" == "dovecot" ]; then
-			# Dovecot does not provide an init.d script. It just provides
-			# an upstart init configuration. But Docker doesn't provide
-			# upstart. Start Dovecot specially.
-			killall dovecot
-			dovecot -c /etc/dovecot/dovecot.conf
-		else
-	 		hide_output /etc/init.d/$1 restart
-	 	fi
 	fi
 }
 

setup/start.sh

@@ -69,7 +69,7 @@ if [ ! -d $STORAGE_ROOT ]; then
 fi
 if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
 	echo $(setup/migrate.py --current) > $STORAGE_ROOT/mailinabox.version
-	chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
+	chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox.version
 fi
 
 
@@ -140,3 +140,4 @@ openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
 echo
 echo Then you can confirm the security exception and continue.
 echo
+

setup/webmail.sh

@@ -126,7 +126,7 @@ EOF
 
 # Create writable directories.
 mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
-chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
+chown -R www-data:www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
 
 # Password changing plugin settings
 # The config comes empty by default, so we need the settings 
@@ -147,9 +147,9 @@ usermod -a -G dovecot www-data
 
 # set permissions so that PHP can use users.sqlite
 # could use dovecot instead of www-data, but not sure it matters
-chown root.www-data $STORAGE_ROOT/mail
+chown root:www-data $STORAGE_ROOT/mail
 chmod 775 $STORAGE_ROOT/mail
-chown root.www-data $STORAGE_ROOT/mail/users.sqlite 
+chown root:www-data $STORAGE_ROOT/mail/users.sqlite
 chmod 664 $STORAGE_ROOT/mail/users.sqlite 
 
 # Enable PHP modules.