Fully working docker!
This commit is contained in:
parent
e8f81dc905
commit
b9eb01a462
11
Dockerfile
11
Dockerfile
|
@ -15,11 +15,12 @@
|
|||
# base image doesn't provide enough to run most Ubuntu services. See
|
||||
# http://phusion.github.io/baseimage-docker/ for an explanation.
|
||||
|
||||
FROM phusion/baseimage:0.9.15
|
||||
FROM phusion/baseimage:0.9.16
|
||||
|
||||
# Dockerfile metadata.
|
||||
MAINTAINER Joshua Tauberer (http://razor.occams.info)
|
||||
EXPOSE 22 25 53 80 443 587 993
|
||||
EXPOSE 25 53/udp 53/tcp 80 443 587 993
|
||||
VOLUME /data
|
||||
|
||||
# Docker has a beautiful way to cache images after each step. The next few
|
||||
# steps of installing system packages are very intensive, so we take care
|
||||
|
@ -35,13 +36,17 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
|
|||
ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
|
||||
RUN rm -f /tmp/mailinabox_apt_package_list.txt
|
||||
RUN useradd -m user-data
|
||||
RUN rm -rf /etc/service/syslog-ng
|
||||
|
||||
# Now add Mail-in-a-Box to the system.
|
||||
ADD . /usr/local/mailinabox
|
||||
|
||||
#RUN /usr/local/mailinabox/containers/docker/setup.sh
|
||||
|
||||
# We can't know things like the IP address where the container will eventually
|
||||
# be deployed until the container is started. We also don't want to create any
|
||||
# private keys during the creation of the image --- that should wait until the
|
||||
# container is started too. So our whole setup process is deferred until the
|
||||
# container is started.
|
||||
ENTRYPOINT ["/usr/local/mailinabox/containers/docker/container_start.sh"]
|
||||
ENTRYPOINT /usr/local/mailinabox/containers/docker/init.sh
|
||||
|
|
|
@ -72,6 +72,7 @@ python3-pip
|
|||
pyzor
|
||||
razor
|
||||
resolvconf
|
||||
rsyslog
|
||||
spampd
|
||||
sqlite3
|
||||
sudo
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This script is used within containers to turn it into a Mail-in-a-Box.
|
||||
# It is referenced by the Dockerfile. You should not run it directly.
|
||||
########################################################################
|
||||
|
||||
# Local configuration details were not known at the time the Docker
|
||||
# image was created, so all setup is defered until the container
|
||||
# is started. That's when this script runs.
|
||||
|
||||
# If we're not in an interactive shell, set defaults.
|
||||
if [ ! -t 0 ]; then
|
||||
export PUBLIC_IP=auto
|
||||
export PUBLIC_IPV6=auto
|
||||
export PRIMARY_HOSTNAME=auto
|
||||
export CSR_COUNTRY=US
|
||||
export NONINTERACTIVE=1
|
||||
fi
|
||||
|
||||
# Start configuration.
|
||||
cd /usr/local/mailinabox
|
||||
export IS_DOCKER=1
|
||||
export DISABLE_FIREWALL=1
|
||||
source setup/start.sh # using 'source' means an exit from inside also exits this script and terminates container
|
||||
|
||||
# Once the configuration is complete, start the Unix init process
|
||||
# provided by the base image. We're running as process 0, and
|
||||
# /sbin/my_init needs to run as process 0, so use 'exec' to replace
|
||||
# this shell process and not fork a new one. Nifty right?
|
||||
exec /sbin/my_init -- bash
|
|
@ -0,0 +1,67 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This script is used within containers to turn it into a Mail-in-a-Box.
|
||||
# It is referenced by the Dockerfile. You should not run it directly.
|
||||
########################################################################
|
||||
|
||||
# Local configuration details were not known at the time the Docker
|
||||
# image was created, so all setup is defered until the container
|
||||
# is started. That's when this script runs.
|
||||
|
||||
# If we're not in an interactive shell, set defaults.
|
||||
if [ ! -t 0 ]; then
|
||||
export PUBLIC_IP=auto
|
||||
export PUBLIC_IPV6=auto
|
||||
export PRIMARY_HOSTNAME=auto
|
||||
export CSR_COUNTRY=US
|
||||
export NONINTERACTIVE=1
|
||||
fi
|
||||
|
||||
# Start configuration.
|
||||
cd /usr/local/mailinabox
|
||||
export IS_DOCKER=1
|
||||
export STORAGE_ROOT=/data
|
||||
export STORAGE_USER=user-data
|
||||
export DISABLE_FIREWALL=1
|
||||
|
||||
mkdir /etc/service/rsyslogd
|
||||
mkdir /etc/service/bind9
|
||||
mkdir /etc/service/dovecot
|
||||
mkdir /etc/service/fail2ban
|
||||
mkdir /etc/service/mailinabox
|
||||
mkdir /etc/service/memcached
|
||||
mkdir /etc/service/nginx
|
||||
mkdir /etc/service/nsd
|
||||
mkdir /etc/service/opendkim
|
||||
mkdir /etc/service/php5-fpm
|
||||
mkdir /etc/service/postfix
|
||||
mkdir /etc/service/postgrey
|
||||
mkdir /etc/service/spampd
|
||||
cp services/rsyslogd.sh /etc/service/rsyslogd/run
|
||||
cp services/bind9.sh /etc/service/bind9/run
|
||||
cp services/dovecot.sh /etc/service/dovecot/run
|
||||
cp services/fail2ban.sh /etc/service/fail2ban/run
|
||||
cp services/mailinabox.sh /etc/service/mailinabox/run
|
||||
cp services/memcached.sh /etc/service/memcached/run
|
||||
cp services/nginx.sh /etc/service/nginx/run
|
||||
cp services/nsd.sh /etc/service/nsd/run
|
||||
cp services/opendkim.sh /etc/service/opendkim/run
|
||||
cp services/php5-fpm.sh /etc/service/php5-fpm/run
|
||||
cp services/postfix.sh /etc/service/postfix/run
|
||||
cp services/postgrey.sh /etc/service/postgrey/run
|
||||
cp services/spampd.sh /etc/service/spampd/run
|
||||
|
||||
rsyslogd
|
||||
source setup/start.sh
|
||||
/etc/init.d/mailinabox start
|
||||
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
|
||||
sleep 5
|
||||
curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/update
|
||||
curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update
|
||||
source setup/firstuser.sh
|
||||
/etc/init.d/mailinabox stop
|
||||
kill $(pidof dovecot)
|
||||
/etc/init.d/resolvconf start
|
||||
killall rsyslogd
|
||||
my_init
|
||||
|
|
@ -17,21 +17,18 @@
|
|||
# volume if the volume is new.
|
||||
|
||||
|
||||
DOCKER=docker.io
|
||||
DOCKER=docker
|
||||
|
||||
# Build or rebuild the image.
|
||||
# Rebuilds are very fast.
|
||||
$DOCKER build -q -t mailinabox .
|
||||
|
||||
# Start the user-data containerw which is merely to create
|
||||
# a container that maintains a reference to a volume so that
|
||||
# we can destroy the main container without losing user data.
|
||||
if ! $DOCKER ps -a | grep mailinabox-userdata > /dev/null; then
|
||||
echo Starting user-data volume container...
|
||||
$DOCKER run -d \
|
||||
--name mailinabox-userdata \
|
||||
-v /home/user-data \
|
||||
scratch bash
|
||||
scratch /bin/bash
|
||||
fi
|
||||
|
||||
# End a running container.
|
||||
|
@ -43,8 +40,9 @@ fi
|
|||
# Start container.
|
||||
echo Starting new container...
|
||||
$DOCKER run \
|
||||
-p 25 -p 53 -p 80 -p 443 -p 587 -p 993 \
|
||||
--volumes-from mailinabox-userdata \
|
||||
--privileged \
|
||||
-v /dev/urandom:/dev/random \
|
||||
-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \
|
||||
--name mailinabox-services \
|
||||
-t -i \
|
||||
mailinabox
|
||||
--volumes-from mailinabox-userdata \
|
||||
mailinabox
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
|
||||
EXEC=bind9
|
||||
PROCESS=named
|
||||
|
||||
/etc/init.d/$EXEC start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf &> /var/log/dovecot.log
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=fail2ban
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps aux | grep fail2ban | grep -v grep | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
EXEC=mailinabox
|
||||
PROCESS=mailinabox-daemon
|
||||
|
||||
if [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -eq 0 ]; then
|
||||
/etc/init.d/$EXEC start
|
||||
fi
|
||||
|
||||
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=memcached
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 60
|
||||
done
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=nginx
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=nsd
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=opendkim
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=php5-fpm
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=postfix
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=postgrey
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
rsyslogd -n
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
PROCESS=spampd
|
||||
|
||||
/etc/init.d/$PROCESS start
|
||||
|
||||
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
|
||||
sleep 30
|
||||
done
|
||||
|
|
@ -37,6 +37,7 @@ function apt_get_quiet {
|
|||
}
|
||||
|
||||
function apt_install {
|
||||
if [ ! "$IS_DOCKER" ];then
|
||||
# Report any packages already installed.
|
||||
PACKAGES=$@
|
||||
TO_INSTALL=""
|
||||
|
@ -163,20 +164,6 @@ function restart_service {
|
|||
if [ ! "$IS_DOCKER" ]; then
|
||||
# The normal way to restart a service.
|
||||
hide_output service $1 restart
|
||||
else
|
||||
# On docker, sysvinit is not present. Our base image provides
|
||||
# a weird way to manage running services. But we're not going
|
||||
# to use it. Just execute the init.d script directly.
|
||||
|
||||
if [ "$1" == "dovecot" ]; then
|
||||
# Dovecot does not provide an init.d script. It just provides
|
||||
# an upstart init configuration. But Docker doesn't provide
|
||||
# upstart. Start Dovecot specially.
|
||||
killall dovecot
|
||||
dovecot -c /etc/dovecot/dovecot.conf
|
||||
else
|
||||
hide_output /etc/init.d/$1 restart
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ fi
|
|||
# Create mailinabox.version file if not exists
|
||||
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
|
||||
echo $(setup/migrate.py --current) > $STORAGE_ROOT/mailinabox.version
|
||||
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
|
||||
chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox.version
|
||||
fi
|
||||
|
||||
|
||||
|
@ -187,3 +187,4 @@ openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
|
|||
echo
|
||||
echo Then you can confirm the security exception and continue.
|
||||
echo
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ EOF
|
|||
|
||||
# Create writable directories.
|
||||
mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
chown -R www-data:www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
|
||||
# Password changing plugin settings
|
||||
# The config comes empty by default, so we need the settings
|
||||
|
@ -139,9 +139,9 @@ usermod -a -G dovecot www-data
|
|||
|
||||
# set permissions so that PHP can use users.sqlite
|
||||
# could use dovecot instead of www-data, but not sure it matters
|
||||
chown root.www-data $STORAGE_ROOT/mail
|
||||
chown root:www-data $STORAGE_ROOT/mail
|
||||
chmod 775 $STORAGE_ROOT/mail
|
||||
chown root.www-data $STORAGE_ROOT/mail/users.sqlite
|
||||
chown root:www-data $STORAGE_ROOT/mail/users.sqlite
|
||||
chmod 664 $STORAGE_ROOT/mail/users.sqlite
|
||||
|
||||
# Enable PHP modules.
|
||||
|
|
Loading…
Reference in New Issue