Fully working docker!

This commit is contained in:
Morteza Milani 2015-01-24 13:59:16 +03:30 committed by Joshua Tauberer
parent 299a5c6355
commit 51d89a780d
21 changed files with 207 additions and 60 deletions

View File

@ -15,11 +15,12 @@
# base image doesn't provide enough to run most Ubuntu services. See # base image doesn't provide enough to run most Ubuntu services. See
# http://phusion.github.io/baseimage-docker/ for an explanation. # http://phusion.github.io/baseimage-docker/ for an explanation.
FROM phusion/baseimage:0.9.15 FROM phusion/baseimage:0.9.16
# Dockerfile metadata. # Dockerfile metadata.
MAINTAINER Joshua Tauberer (http://razor.occams.info) MAINTAINER Joshua Tauberer (http://razor.occams.info)
EXPOSE 22 25 53 80 443 587 993 EXPOSE 25 53/udp 53/tcp 80 443 587 993
VOLUME /data
# Docker has a beautiful way to cache images after each step. The next few # Docker has a beautiful way to cache images after each step. The next few
# steps of installing system packages are very intensive, so we take care # steps of installing system packages are very intensive, so we take care
@ -35,13 +36,17 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt) RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
RUN rm -f /tmp/mailinabox_apt_package_list.txt RUN rm -f /tmp/mailinabox_apt_package_list.txt
RUN useradd -m user-data
RUN rm -rf /etc/service/syslog-ng
# Now add Mail-in-a-Box to the system. # Now add Mail-in-a-Box to the system.
ADD . /usr/local/mailinabox ADD . /usr/local/mailinabox
#RUN /usr/local/mailinabox/containers/docker/setup.sh
# We can't know things like the IP address where the container will eventually # We can't know things like the IP address where the container will eventually
# be deployed until the container is started. We also don't want to create any # be deployed until the container is started. We also don't want to create any
# private keys during the creation of the image --- that should wait until the # private keys during the creation of the image --- that should wait until the
# container is started too. So our whole setup process is deferred until the # container is started too. So our whole setup process is deferred until the
# container is started. # container is started.
ENTRYPOINT ["/usr/local/mailinabox/containers/docker/container_start.sh"] ENTRYPOINT /usr/local/mailinabox/containers/docker/init.sh

View File

@ -76,6 +76,7 @@ python3-pip
pyzor pyzor
razor razor
resolvconf resolvconf
rsyslog
spampd spampd
sqlite3 sqlite3
sudo sudo

View File

@ -1,30 +0,0 @@
#!/bin/bash
# This script is used within containers to turn it into a Mail-in-a-Box.
# It is referenced by the Dockerfile. You should not run it directly.
########################################################################
# Local configuration details were not known at the time the Docker
# image was created, so all setup is defered until the container
# is started. That's when this script runs.
# If we're not in an interactive shell, set defaults.
if [ ! -t 0 ]; then
export PUBLIC_IP=auto
export PUBLIC_IPV6=auto
export PRIMARY_HOSTNAME=auto
export CSR_COUNTRY=US
export NONINTERACTIVE=1
fi
# Start configuration.
cd /usr/local/mailinabox
export IS_DOCKER=1
export DISABLE_FIREWALL=1
source setup/start.sh # using 'source' means an exit from inside also exits this script and terminates container
# Once the configuration is complete, start the Unix init process
# provided by the base image. We're running as process 0, and
# /sbin/my_init needs to run as process 0, so use 'exec' to replace
# this shell process and not fork a new one. Nifty right?
exec /sbin/my_init -- bash

67
containers/docker/init.sh Executable file
View File

@ -0,0 +1,67 @@
#!/bin/bash
# This script is used within containers to turn it into a Mail-in-a-Box.
# It is referenced by the Dockerfile. You should not run it directly.
########################################################################
# Local configuration details were not known at the time the Docker
# image was created, so all setup is defered until the container
# is started. That's when this script runs.
# If we're not in an interactive shell, set defaults.
if [ ! -t 0 ]; then
export PUBLIC_IP=auto
export PUBLIC_IPV6=auto
export PRIMARY_HOSTNAME=auto
export CSR_COUNTRY=US
export NONINTERACTIVE=1
fi
# Start configuration.
cd /usr/local/mailinabox
export IS_DOCKER=1
export STORAGE_ROOT=/data
export STORAGE_USER=user-data
export DISABLE_FIREWALL=1
mkdir /etc/service/rsyslogd
mkdir /etc/service/bind9
mkdir /etc/service/dovecot
mkdir /etc/service/fail2ban
mkdir /etc/service/mailinabox
mkdir /etc/service/memcached
mkdir /etc/service/nginx
mkdir /etc/service/nsd
mkdir /etc/service/opendkim
mkdir /etc/service/php5-fpm
mkdir /etc/service/postfix
mkdir /etc/service/postgrey
mkdir /etc/service/spampd
cp services/rsyslogd.sh /etc/service/rsyslogd/run
cp services/bind9.sh /etc/service/bind9/run
cp services/dovecot.sh /etc/service/dovecot/run
cp services/fail2ban.sh /etc/service/fail2ban/run
cp services/mailinabox.sh /etc/service/mailinabox/run
cp services/memcached.sh /etc/service/memcached/run
cp services/nginx.sh /etc/service/nginx/run
cp services/nsd.sh /etc/service/nsd/run
cp services/opendkim.sh /etc/service/opendkim/run
cp services/php5-fpm.sh /etc/service/php5-fpm/run
cp services/postfix.sh /etc/service/postfix/run
cp services/postgrey.sh /etc/service/postgrey/run
cp services/spampd.sh /etc/service/spampd/run
rsyslogd
source setup/start.sh
/etc/init.d/mailinabox start
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
sleep 5
curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/update
curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update
source setup/firstuser.sh
/etc/init.d/mailinabox stop
kill $(pidof dovecot)
/etc/init.d/resolvconf start
killall rsyslogd
my_init

View File

@ -17,21 +17,18 @@
# volume if the volume is new. # volume if the volume is new.
DOCKER=docker.io DOCKER=docker
# Build or rebuild the image. # Build or rebuild the image.
# Rebuilds are very fast. # Rebuilds are very fast.
$DOCKER build -q -t mailinabox . $DOCKER build -q -t mailinabox .
# Start the user-data containerw which is merely to create
# a container that maintains a reference to a volume so that
# we can destroy the main container without losing user data.
if ! $DOCKER ps -a | grep mailinabox-userdata > /dev/null; then if ! $DOCKER ps -a | grep mailinabox-userdata > /dev/null; then
echo Starting user-data volume container... echo Starting user-data volume container...
$DOCKER run -d \ $DOCKER run -d \
--name mailinabox-userdata \ --name mailinabox-userdata \
-v /home/user-data \ -v /home/user-data \
scratch bash scratch /bin/bash
fi fi
# End a running container. # End a running container.
@ -43,8 +40,9 @@ fi
# Start container. # Start container.
echo Starting new container... echo Starting new container...
$DOCKER run \ $DOCKER run \
-p 25 -p 53 -p 80 -p 443 -p 587 -p 993 \ --privileged \
--volumes-from mailinabox-userdata \ -v /dev/urandom:/dev/random \
-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \
--name mailinabox-services \ --name mailinabox-services \
-t -i \ --volumes-from mailinabox-userdata \
mailinabox mailinabox

11
services/bind9.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
EXEC=bind9
PROCESS=named
/etc/init.d/$EXEC start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done

3
services/dovecot.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf &> /var/log/dovecot.log

9
services/fail2ban.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
PROCESS=fail2ban
/etc/init.d/$PROCESS start
while [ `ps aux | grep fail2ban | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done

12
services/mailinabox.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
EXEC=mailinabox
PROCESS=mailinabox-daemon
if [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -eq 0 ]; then
/etc/init.d/$EXEC start
fi
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done

10
services/memcached.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=memcached
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 60
done

10
services/nginx.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=nginx
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done

10
services/nsd.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=nsd
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done

10
services/opendkim.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=opendkim
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done

10
services/php5-fpm.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=php5-fpm
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done

10
services/postfix.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=postfix
/etc/init.d/$PROCESS start
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done

10
services/postgrey.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=postgrey
/etc/init.d/$PROCESS start
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done

3
services/rsyslogd.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
rsyslogd -n

10
services/spampd.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
PROCESS=spampd
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done

View File

@ -39,6 +39,7 @@ function apt_get_quiet {
} }
function apt_install { function apt_install {
if [ ! "$IS_DOCKER" ];then
# Report any packages already installed. # Report any packages already installed.
PACKAGES=$@ PACKAGES=$@
TO_INSTALL="" TO_INSTALL=""
@ -165,20 +166,6 @@ function restart_service {
if [ ! "$IS_DOCKER" ]; then if [ ! "$IS_DOCKER" ]; then
# The normal way to restart a service. # The normal way to restart a service.
hide_output service $1 restart hide_output service $1 restart
else
# On docker, sysvinit is not present. Our base image provides
# a weird way to manage running services. But we're not going
# to use it. Just execute the init.d script directly.
if [ "$1" == "dovecot" ]; then
# Dovecot does not provide an init.d script. It just provides
# an upstart init configuration. But Docker doesn't provide
# upstart. Start Dovecot specially.
killall dovecot
dovecot -c /etc/dovecot/dovecot.conf
else
hide_output /etc/init.d/$1 restart
fi
fi fi
} }

View File

@ -69,7 +69,7 @@ if [ ! -d $STORAGE_ROOT ]; then
fi fi
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
echo $(setup/migrate.py --current) > $STORAGE_ROOT/mailinabox.version echo $(setup/migrate.py --current) > $STORAGE_ROOT/mailinabox.version
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox.version
fi fi
@ -140,3 +140,4 @@ openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
echo echo
echo Then you can confirm the security exception and continue. echo Then you can confirm the security exception and continue.
echo echo

View File

@ -126,7 +126,7 @@ EOF
# Create writable directories. # Create writable directories.
mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube chown -R www-data:www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
# Password changing plugin settings # Password changing plugin settings
# The config comes empty by default, so we need the settings # The config comes empty by default, so we need the settings
@ -147,9 +147,9 @@ usermod -a -G dovecot www-data
# set permissions so that PHP can use users.sqlite # set permissions so that PHP can use users.sqlite
# could use dovecot instead of www-data, but not sure it matters # could use dovecot instead of www-data, but not sure it matters
chown root.www-data $STORAGE_ROOT/mail chown root:www-data $STORAGE_ROOT/mail
chmod 775 $STORAGE_ROOT/mail chmod 775 $STORAGE_ROOT/mail
chown root.www-data $STORAGE_ROOT/mail/users.sqlite chown root:www-data $STORAGE_ROOT/mail/users.sqlite
chmod 664 $STORAGE_ROOT/mail/users.sqlite chmod 664 $STORAGE_ROOT/mail/users.sqlite
# Enable PHP modules. # Enable PHP modules.