add compatibility with rootless docker
notably /tmp is not automatically writable inside a read-only container, contrarily to podman
This commit is contained in:
parent
4cc1f2bebd
commit
50a52ca68f
14 changed files with 30 additions and 13 deletions
9
.gitignore
vendored
9
.gitignore
vendored
|
@ -13,7 +13,7 @@
|
|||
/data/reg/test.servnest.test.zone
|
||||
/data/tor-config/*
|
||||
/data/tor-keys/*
|
||||
/logs/sftpgo/sftpgo.log
|
||||
/logs/sftpgo/*.log
|
||||
/logs/php/error.log
|
||||
/logs/cronie/*.log
|
||||
/logs/nginx/servnest-access.log
|
||||
|
@ -21,6 +21,11 @@
|
|||
/logs/apache/error.log
|
||||
/data/certbot/accounts/acme-staging-v02.api.letsencrypt.org/directory/*/*.json
|
||||
/sock/knot/knot.pid
|
||||
/data/knot/confdb/*.mdb
|
||||
/data/knot/*/*.mdb
|
||||
/data/knot/keys/keys/*.pem
|
||||
/data/knot/servnest.test.invalid.zone
|
||||
/tmp/tor/*
|
||||
/tmp/cronie/cron.reboot
|
||||
/tmp/php/exec.txt
|
||||
/tmp/php/index.html
|
||||
/tmp/*/*.pid
|
||||
|
|
14
README.md
14
README.md
|
@ -1,6 +1,6 @@
|
|||
# podman-compose setup
|
||||
# ServNest setup with Compose
|
||||
|
||||
## Use
|
||||
## Use with Podman
|
||||
|
||||
### Preparation
|
||||
|
||||
|
@ -15,7 +15,7 @@ knotc --confdb data/knot/confdb conf-import conf/knot.conf
|
|||
cp data/reg/servnest.test.zone.default data/reg/servnest.test.zone
|
||||
cp data/reg/test.servnest.test.zone.default data/reg/test.servnest.test.zone
|
||||
chmod u=rwX,g=rX,o=rX -R conf core
|
||||
chmod u=rwX,g=rwX,o=rwX logs/sftpgo logs/php sock/php logs/apache logs/nginx sock/tor-client sock/nginx-onion sock/knot data/knot data/knot/confdb data/knot/confdb/*.mdb tmp/nginx tmp/certbot tmp/acme data/reg data/reg/*.zone core/db core/db/servnest.db
|
||||
chmod u=rwX,g=rwX,o=rwX logs/sftpgo logs/php sock/php logs/apache logs/nginx sock/tor-client sock/nginx-onion sock/knot data/knot data/knot/confdb data/knot/confdb/*.mdb tmp/nginx tmp/certbot tmp/acme tmp/apache tmp/nginx-run tmp/php data/reg data/reg/*.zone core/db core/db/servnest.db
|
||||
chmod u=rwX,g=rX,o= sock/tor-control
|
||||
wget https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-minirootfs-3.20.2-x86_64.tar.gz
|
||||
wget https://github.com/drakkan/sftpgo/archive/refs/tags/v2.6.2.tar.gz -O sftpgo-v2.6.2.tar.gz
|
||||
|
@ -50,6 +50,14 @@ podman image rm --all
|
|||
podman rm $(podman container list --external -q)
|
||||
```
|
||||
|
||||
## Use with rootless Docker
|
||||
|
||||
```shell
|
||||
export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
|
||||
```
|
||||
|
||||
Then use the instructions for Podman but replace `podman` with `docker` in command names.
|
||||
|
||||
## License
|
||||
|
||||
This project is published under the Cooperative Nonviolent Public License No Attributions, version 7 or any later version (<abbr>CNPL-NAv7+</abbr>), as found in [`LICENSE.md`](LICENSE.md) or at <https://git.pixie.town/thufie/npl-builder>.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM servnest_alpine
|
||||
FROM servnest-alpine
|
||||
RUN apk add apache2 apache2-brotli
|
||||
RUN chown apache: /run/apache2/
|
||||
USER apache
|
||||
|
|
|
@ -57,6 +57,7 @@ services:
|
|||
- ./conf/http-messages/:/srv/servnest/ht/http-messages/:ro
|
||||
- ./data/ht/:/srv/servnest/ht/:ro
|
||||
- ./logs/apache/:/var/log/apache2/:rw
|
||||
- ./tmp/apache/:/run/apache2/:rw
|
||||
php:
|
||||
extends:
|
||||
file: base.yaml
|
||||
|
@ -93,6 +94,7 @@ services:
|
|||
- ./logs/certbot/:/var/log/letsencrypt/:rw
|
||||
- ./tmp/acme/:/srv/servnest/acme/:rw
|
||||
- ./tmp/certbot/:/var/lib/letsencrypt/:rw
|
||||
- ./tmp/php/:/tmp/:rw
|
||||
mem_limit: 256mb
|
||||
# For sudo
|
||||
security_opt:
|
||||
|
@ -109,6 +111,7 @@ services:
|
|||
volumes:
|
||||
- ./conf/cronie:/etc/cron.d/servnest:ro
|
||||
- ./logs/cronie/:/var/log/cronie/:rw
|
||||
- ./tmp/cronie/:/var/run/:rw
|
||||
nginx:
|
||||
extends:
|
||||
file: base.yaml
|
||||
|
@ -129,4 +132,5 @@ services:
|
|||
- ./sock/nginx-onion/:/run/nginx-onion/:rw
|
||||
- ./logs/nginx/:/var/lib/nginx/logs/:rw
|
||||
- ./tmp/nginx/:/var/lib/nginx/tmp/:rw
|
||||
- ./tmp/nginx-run/:/run/nginx/:rw
|
||||
- ./tmp/acme/:/srv/servnest/acme/:ro
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM servnest_php
|
||||
FROM servnest-php
|
||||
USER root
|
||||
RUN apk add cronie moreutils
|
||||
CMD ["crond", "-n", "-s"]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM servnest_alpine
|
||||
FROM servnest-alpine
|
||||
RUN apk add knot
|
||||
USER knot
|
||||
CMD ["knotd", "--confdb", "/var/lib/knot/confdb/"]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM servnest_alpine
|
||||
FROM servnest-alpine
|
||||
RUN apk add nginx nginx-mod-http-headers-more openssl
|
||||
RUN openssl req -quiet -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt \
|
||||
&& openssl req -quiet -subj '/CN=servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.test.key -out /etc/ssl/certs/servnest.test.crt \
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM servnest_alpine
|
||||
FROM servnest-alpine
|
||||
RUN apk add \
|
||||
php83 \
|
||||
php83-fpm \
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM servnest_alpine AS builder
|
||||
FROM servnest-alpine AS builder
|
||||
RUN apk add go
|
||||
ARG SFTPGO
|
||||
ADD $SFTPGO /
|
||||
|
@ -8,7 +8,7 @@ RUN cp -r openapi ./internal/bundle/openapi && \
|
|||
cp -r static ./internal/bundle/static
|
||||
RUN go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,nosqlite,noportable,nometrics,bundle -o /usr/local/bin/sftpgo && strip /usr/local/bin/sftpgo
|
||||
|
||||
FROM servnest_alpine
|
||||
FROM servnest-alpine
|
||||
RUN apk add openssh-keygen bash
|
||||
RUN mkdir /etc/sftpgo/ && ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""
|
||||
RUN touch /etc/sftpgo/banner.txt
|
||||
|
|
0
tmp/apache/.gitkeep
Normal file
0
tmp/apache/.gitkeep
Normal file
0
tmp/cronie/.gitkeep
Normal file
0
tmp/cronie/.gitkeep
Normal file
0
tmp/nginx-run/.gitkeep
Normal file
0
tmp/nginx-run/.gitkeep
Normal file
0
tmp/php/.gitkeep
Normal file
0
tmp/php/.gitkeep
Normal file
|
@ -1,3 +1,3 @@
|
|||
FROM servnest_alpine
|
||||
FROM servnest-alpine
|
||||
RUN apk add tor
|
||||
CMD ["tor", "--hush"]
|
||||
|
|
Loading…
Add table
Reference in a new issue