From a5ffd6d25e5a11be0c13fe1d338a81b136686399 Mon Sep 17 00:00:00 2001 From: Morteza Milani Date: Sat, 24 Jan 2015 13:59:16 +0330 Subject: [PATCH] Fully working docker! --- Dockerfile | 11 +++-- containers/docker/apt_package_list.txt | 1 + containers/docker/container_start.sh | 30 ------------ containers/docker/init.sh | 67 ++++++++++++++++++++++++++ containers/docker/run.sh | 16 +++--- services/bind9.sh | 11 +++++ services/dovecot.sh | 3 ++ services/fail2ban.sh | 9 ++++ services/mailinabox.sh | 12 +++++ services/memcached.sh | 10 ++++ services/nginx.sh | 10 ++++ services/nsd.sh | 10 ++++ services/opendkim.sh | 10 ++++ services/php5-fpm.sh | 10 ++++ services/postfix.sh | 10 ++++ services/postgrey.sh | 10 ++++ services/rsyslogd.sh | 3 ++ services/spampd.sh | 10 ++++ setup/functions.sh | 15 +----- setup/start.sh | 3 +- setup/webmail.sh | 6 +-- 21 files changed, 207 insertions(+), 60 deletions(-) delete mode 100755 containers/docker/container_start.sh create mode 100755 containers/docker/init.sh create mode 100755 services/bind9.sh create mode 100755 services/dovecot.sh create mode 100755 services/fail2ban.sh create mode 100755 services/mailinabox.sh create mode 100755 services/memcached.sh create mode 100755 services/nginx.sh create mode 100755 services/nsd.sh create mode 100755 services/opendkim.sh create mode 100755 services/php5-fpm.sh create mode 100755 services/postfix.sh create mode 100755 services/postgrey.sh create mode 100755 services/rsyslogd.sh create mode 100755 services/spampd.sh diff --git a/Dockerfile b/Dockerfile index 18d8a808..74ec64b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,11 +15,12 @@ # base image doesn't provide enough to run most Ubuntu services. See # http://phusion.github.io/baseimage-docker/ for an explanation. -FROM phusion/baseimage:0.9.15 +FROM phusion/baseimage:0.9.16 # Dockerfile metadata. MAINTAINER Joshua Tauberer (http://razor.occams.info) -EXPOSE 22 25 53 80 443 587 993 +EXPOSE 25 53/udp 53/tcp 80 443 587 993 +VOLUME /data # Docker has a beautiful way to cache images after each step. The next few # steps of installing system packages are very intensive, so we take care @@ -35,13 +36,17 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt) RUN rm -f /tmp/mailinabox_apt_package_list.txt +RUN useradd -m user-data +RUN rm -rf /etc/service/syslog-ng # Now add Mail-in-a-Box to the system. ADD . /usr/local/mailinabox +#RUN /usr/local/mailinabox/containers/docker/setup.sh + # We can't know things like the IP address where the container will eventually # be deployed until the container is started. We also don't want to create any # private keys during the creation of the image --- that should wait until the # container is started too. So our whole setup process is deferred until the # container is started. -ENTRYPOINT ["/usr/local/mailinabox/containers/docker/container_start.sh"] +ENTRYPOINT /usr/local/mailinabox/containers/docker/init.sh diff --git a/containers/docker/apt_package_list.txt b/containers/docker/apt_package_list.txt index 96bfdb56..eac9073f 100644 --- a/containers/docker/apt_package_list.txt +++ b/containers/docker/apt_package_list.txt @@ -72,6 +72,7 @@ python3-pip pyzor razor resolvconf +rsyslog spampd sqlite3 sudo diff --git a/containers/docker/container_start.sh b/containers/docker/container_start.sh deleted file mode 100755 index 9e0e9650..00000000 --- a/containers/docker/container_start.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# This script is used within containers to turn it into a Mail-in-a-Box. -# It is referenced by the Dockerfile. You should not run it directly. -######################################################################## - -# Local configuration details were not known at the time the Docker -# image was created, so all setup is defered until the container -# is started. That's when this script runs. - -# If we're not in an interactive shell, set defaults. -if [ ! -t 0 ]; then - export PUBLIC_IP=auto - export PUBLIC_IPV6=auto - export PRIMARY_HOSTNAME=auto - export CSR_COUNTRY=US - export NONINTERACTIVE=1 -fi - -# Start configuration. -cd /usr/local/mailinabox -export IS_DOCKER=1 -export DISABLE_FIREWALL=1 -source setup/start.sh # using 'source' means an exit from inside also exits this script and terminates container - -# Once the configuration is complete, start the Unix init process -# provided by the base image. We're running as process 0, and -# /sbin/my_init needs to run as process 0, so use 'exec' to replace -# this shell process and not fork a new one. Nifty right? -exec /sbin/my_init -- bash diff --git a/containers/docker/init.sh b/containers/docker/init.sh new file mode 100755 index 00000000..aea2ef3d --- /dev/null +++ b/containers/docker/init.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +# This script is used within containers to turn it into a Mail-in-a-Box. +# It is referenced by the Dockerfile. You should not run it directly. +######################################################################## + +# Local configuration details were not known at the time the Docker +# image was created, so all setup is defered until the container +# is started. That's when this script runs. + +# If we're not in an interactive shell, set defaults. +if [ ! -t 0 ]; then + export PUBLIC_IP=auto + export PUBLIC_IPV6=auto + export PRIMARY_HOSTNAME=auto + export CSR_COUNTRY=US + export NONINTERACTIVE=1 +fi + +# Start configuration. +cd /usr/local/mailinabox +export IS_DOCKER=1 +export STORAGE_ROOT=/data +export STORAGE_USER=user-data +export DISABLE_FIREWALL=1 + +mkdir /etc/service/rsyslogd +mkdir /etc/service/bind9 +mkdir /etc/service/dovecot +mkdir /etc/service/fail2ban +mkdir /etc/service/mailinabox +mkdir /etc/service/memcached +mkdir /etc/service/nginx +mkdir /etc/service/nsd +mkdir /etc/service/opendkim +mkdir /etc/service/php5-fpm +mkdir /etc/service/postfix +mkdir /etc/service/postgrey +mkdir /etc/service/spampd +cp services/rsyslogd.sh /etc/service/rsyslogd/run +cp services/bind9.sh /etc/service/bind9/run +cp services/dovecot.sh /etc/service/dovecot/run +cp services/fail2ban.sh /etc/service/fail2ban/run +cp services/mailinabox.sh /etc/service/mailinabox/run +cp services/memcached.sh /etc/service/memcached/run +cp services/nginx.sh /etc/service/nginx/run +cp services/nsd.sh /etc/service/nsd/run +cp services/opendkim.sh /etc/service/opendkim/run +cp services/php5-fpm.sh /etc/service/php5-fpm/run +cp services/postfix.sh /etc/service/postfix/run +cp services/postgrey.sh /etc/service/postgrey/run +cp services/spampd.sh /etc/service/spampd/run + +rsyslogd +source setup/start.sh +/etc/init.d/mailinabox start +/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf +sleep 5 +curl -s -d POSTDATA --user $( /dev/null; then echo Starting user-data volume container... $DOCKER run -d \ --name mailinabox-userdata \ -v /home/user-data \ - scratch bash + scratch /bin/bash fi # End a running container. @@ -43,8 +40,9 @@ fi # Start container. echo Starting new container... $DOCKER run \ - -p 25 -p 53 -p 80 -p 443 -p 587 -p 993 \ - --volumes-from mailinabox-userdata \ + --privileged \ + -v /dev/urandom:/dev/random \ + -p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \ --name mailinabox-services \ - -t -i \ - mailinabox + --volumes-from mailinabox-userdata \ + mailinabox \ No newline at end of file diff --git a/services/bind9.sh b/services/bind9.sh new file mode 100755 index 00000000..a962510b --- /dev/null +++ b/services/bind9.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +EXEC=bind9 +PROCESS=named + +/etc/init.d/$EXEC start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/dovecot.sh b/services/dovecot.sh new file mode 100755 index 00000000..5e5c1474 --- /dev/null +++ b/services/dovecot.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf &> /var/log/dovecot.log diff --git a/services/fail2ban.sh b/services/fail2ban.sh new file mode 100755 index 00000000..3a5720e4 --- /dev/null +++ b/services/fail2ban.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +PROCESS=fail2ban + +/etc/init.d/$PROCESS start + +while [ `ps aux | grep fail2ban | grep -v grep | wc -l` -gt 0 ]; do + sleep 30 +done diff --git a/services/mailinabox.sh b/services/mailinabox.sh new file mode 100755 index 00000000..2ed281c9 --- /dev/null +++ b/services/mailinabox.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +EXEC=mailinabox +PROCESS=mailinabox-daemon + +if [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -eq 0 ]; then + /etc/init.d/$EXEC start +fi + +while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do + sleep 30 +done diff --git a/services/memcached.sh b/services/memcached.sh new file mode 100755 index 00000000..823997f1 --- /dev/null +++ b/services/memcached.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=memcached + +/etc/init.d/$PROCESS start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 60 +done + diff --git a/services/nginx.sh b/services/nginx.sh new file mode 100755 index 00000000..ea73ae92 --- /dev/null +++ b/services/nginx.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=nginx + +/etc/init.d/$PROCESS start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/nsd.sh b/services/nsd.sh new file mode 100755 index 00000000..392215d4 --- /dev/null +++ b/services/nsd.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=nsd + +/etc/init.d/$PROCESS start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/opendkim.sh b/services/opendkim.sh new file mode 100755 index 00000000..a3a76eb2 --- /dev/null +++ b/services/opendkim.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=opendkim + +/etc/init.d/$PROCESS start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/php5-fpm.sh b/services/php5-fpm.sh new file mode 100755 index 00000000..e00987a8 --- /dev/null +++ b/services/php5-fpm.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=php5-fpm + +/etc/init.d/$PROCESS start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/postfix.sh b/services/postfix.sh new file mode 100755 index 00000000..18755980 --- /dev/null +++ b/services/postfix.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=postfix + +/etc/init.d/$PROCESS start + +while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/postgrey.sh b/services/postgrey.sh new file mode 100755 index 00000000..7a052f0d --- /dev/null +++ b/services/postgrey.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=postgrey + +/etc/init.d/$PROCESS start + +while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/services/rsyslogd.sh b/services/rsyslogd.sh new file mode 100755 index 00000000..497d38ad --- /dev/null +++ b/services/rsyslogd.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +rsyslogd -n diff --git a/services/spampd.sh b/services/spampd.sh new file mode 100755 index 00000000..a9fd4393 --- /dev/null +++ b/services/spampd.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +PROCESS=spampd + +/etc/init.d/$PROCESS start + +while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do + sleep 30 +done + diff --git a/setup/functions.sh b/setup/functions.sh index 06809ddc..283bf00b 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -37,6 +37,7 @@ function apt_get_quiet { } function apt_install { + if [ ! "$IS_DOCKER" ];then # Report any packages already installed. PACKAGES=$@ TO_INSTALL="" @@ -163,20 +164,6 @@ function restart_service { if [ ! "$IS_DOCKER" ]; then # The normal way to restart a service. hide_output service $1 restart - else - # On docker, sysvinit is not present. Our base image provides - # a weird way to manage running services. But we're not going - # to use it. Just execute the init.d script directly. - - if [ "$1" == "dovecot" ]; then - # Dovecot does not provide an init.d script. It just provides - # an upstart init configuration. But Docker doesn't provide - # upstart. Start Dovecot specially. - killall dovecot - dovecot -c /etc/dovecot/dovecot.conf - else - hide_output /etc/init.d/$1 restart - fi fi } diff --git a/setup/start.sh b/setup/start.sh index 2c701f0c..e851a611 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -114,7 +114,7 @@ fi if [ ! -d $STORAGE_ROOT ]; then mkdir -p $STORAGE_ROOT echo $(setup/migrate.py --current) > $STORAGE_ROOT/mailinabox.version - chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version + chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox.version fi @@ -183,3 +183,4 @@ openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \ echo echo Then you can confirm the security exception and continue. echo + diff --git a/setup/webmail.sh b/setup/webmail.sh index a012bf4f..9bf915a6 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -89,7 +89,7 @@ EOF # Create writable directories. mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube -chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube +chown -R www-data:www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube # Password changing plugin settings # The config comes empty by default, so we need the settings @@ -110,9 +110,9 @@ usermod -a -G dovecot www-data # set permissions so that PHP can use users.sqlite # could use dovecot instead of www-data, but not sure it matters -chown root.www-data $STORAGE_ROOT/mail +chown root:www-data $STORAGE_ROOT/mail chmod 775 $STORAGE_ROOT/mail -chown root.www-data $STORAGE_ROOT/mail/users.sqlite +chown root:www-data $STORAGE_ROOT/mail/users.sqlite chmod 664 $STORAGE_ROOT/mail/users.sqlite # Enable PHP modules.