servnest/servnest-containers
1
0
Fork 0
Code Issues Pull requests Activity

add upstream.sh + move php to base.yaml

Browse source
This commit is contained in:
Miraty 2025-01-22 18:58:35 +01:00
parent 9ed1b18f89
commit b1aa8efea4
11 changed files with 91 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env
View file

@ -1,2 +0,0 @@
SYS=alpine-minirootfs-3.21.0-x86_64.tar.gz
SFTPGO=sftpgo-v2.6.4.tar.gz

1
.gitignore vendored
View file

@ -1,4 +1,5 @@
/*.tar.gz
/*.asc
/logs/certbot/letsencrypt.log*
/data/certbot/live/*/*.pem
/data/certbot/archive/*/*.pem

11
README.md
View file

@ -11,17 +11,14 @@ no_hosts=true
```
```shell
./reset.sh
wget https://dl-cdn.alpinelinux.org/alpine/v3.21/releases/x86_64/alpine-minirootfs-3.21.0-x86_64.tar.gz
wget https://github.com/drakkan/sftpgo/archive/refs/tags/v2.6.4.tar.gz -O sftpgo-v2.6.4.tar.gz
sha256sum -c sha256sums
./reset.sh # (re)initialize data
./upstream.sh # download and verify upstream software
```
### Build
```shell
podman-compose -f base.yaml build alpine # build base image
podman-compose build php # build image php first because it's then required by cronie
podman-compose -f compose.yaml -f base.yaml build alpine php # build base images
podman-compose build # build every other service images
```
@ -31,7 +28,7 @@ podman-compose build # build every other service images
podman-compose up knot knot-secondary # generate QUIC keys
./setup-xoq.sh # setup mutual XFR over QUIC
podman-compose up # start containers
podman-compose exec php php /srv/servnest/core/jobs/check.php # test main features
podman-compose exec core php /srv/servnest/core/jobs/check.php # test main features
```
When running `up`, the only expected error messages are:

1
alpine-minirootfs-3.21.2-x86_64.tar.gz.sha256 Normal file
View file

@ -0,0 +1 @@
4aa3bd4a7ef994402f1da0f728abc003737c33411ff31d5da2ab2c3399ccbc5f alpine-minirootfs-3.21.2-x86_64.tar.gz

46
base.yaml
View file

@ -20,3 +20,49 @@ services:
service: alpine
build:
args: {}
php: # used by core and cronie
image: a.invalid/servnest/php
extends:
service: base
build:
dockerfile: php.Containerfile
group_add:
- knot
- root # For tor control socket
links:
- nginx:servnest.test
- nginx:ht.servnest.test
- sftpgo:sftp.servnest.test
volumes:
- ./core/:/srv/servnest/core/:ro
- ./core/db/:/srv/servnest/core/db/:rw
- ./conf/php.ini:/etc/php83/conf.d/servnest.ini:ro
- ./conf/php-fpm.conf:/etc/php83/php-fpm.d/servnest.conf:ro
- ./conf/sudoers:/etc/sudoers.d/servnest:ro
- ./conf/certbot.ini:/etc/letsencrypt/servnest.ini:ro
- ./conf/certbot-deploy-hook.sh:/root/certbot-deploy-hook.sh:ro
- ./data/reg/:/srv/servnest/reg/:rw
- ./data/ns/:/srv/servnest/ns/:rw
- ./data/ht/fs/:/srv/servnest/ht/fs/:rw
- ./data/ht/uri/:/srv/servnest/ht/uri/:rw
- ./data/tor-config/:/srv/servnest/tor-config/:rw
- ./data/tor-keys/:/srv/servnest/tor-keys/:rw
- ./data/certbot/:/etc/letsencrypt/:rw
- ./sock/php/:/run/php-fpm/:rw
- ./sock/tor-client/:/run/tor-client/:rw
- ./sock/tor-control/:/run/tor-control/:rw
- ./sock/knot/:/run/knot/:rw
- ./sock/knot-secondary/:/run/knot-secondary/:rw
- ./logs/php/:/var/log/php83/:rw
- ./logs/certbot/:/var/log/letsencrypt/:rw
- ./tmp/acme/:/srv/servnest/acme/:rw
- ./tmp/certbot/:/var/lib/letsencrypt/:rw
- ./tmp/php/:/tmp/:rw
mem_limit: 256mb
# For sudo
security_opt:
- no-new-privileges:false
cap_add:
- SETUID
- SETGID
- CHOWN

51
compose.yaml
View file

@ -27,7 +27,7 @@ services:
build:
dockerfile: sftpgo.Containerfile
args:
SFTPGO: $SFTPGO
SFTPGO_VERSION: $SFTPGO_VERSION
ports:
- "[::1]:42022:42022/tcp"
links:
@ -96,59 +96,18 @@ services:
networks:
snet:
ipv4_address: 10.5.0.57
php:
image: a.invalid/servnest/php
core:
image: a.invalid/servnest/core
extends:
file: base.yaml
service: base
build:
dockerfile: php.Containerfile
group_add:
- knot
- root # For tor control socket
links:
- nginx:servnest.test
- nginx:ht.servnest.test
- sftpgo:sftp.servnest.test
volumes:
- ./core/:/srv/servnest/core/:ro
- ./core/db/:/srv/servnest/core/db/:rw
- ./conf/php.ini:/etc/php83/conf.d/servnest.ini:ro
- ./conf/php-fpm.conf:/etc/php83/php-fpm.d/servnest.conf:ro
- ./conf/sudoers:/etc/sudoers.d/servnest:ro
- ./conf/certbot.ini:/etc/letsencrypt/servnest.ini:ro
- ./conf/certbot-deploy-hook.sh:/root/certbot-deploy-hook.sh:ro
- ./data/reg/:/srv/servnest/reg/:rw
- ./data/ns/:/srv/servnest/ns/:rw
- ./data/ht/fs/:/srv/servnest/ht/fs/:rw
- ./data/ht/uri/:/srv/servnest/ht/uri/:rw
- ./data/tor-config/:/srv/servnest/tor-config/:rw
- ./data/tor-keys/:/srv/servnest/tor-keys/:rw
- ./data/certbot/:/etc/letsencrypt/:rw
- ./sock/php/:/run/php-fpm/:rw
- ./sock/tor-client/:/run/tor-client/:rw
- ./sock/tor-control/:/run/tor-control/:rw
- ./sock/knot/:/run/knot/:rw
- ./sock/knot-secondary/:/run/knot-secondary/:rw
- ./logs/php/:/var/log/php83/:rw
- ./logs/certbot/:/var/log/letsencrypt/:rw
- ./tmp/acme/:/srv/servnest/acme/:rw
- ./tmp/certbot/:/var/lib/letsencrypt/:rw
- ./tmp/php/:/tmp/:rw
mem_limit: 256mb
# For sudo
security_opt:
- no-new-privileges:false
cap_add:
- SETUID
- SETGID
- CHOWN
service: php
networks:
snet:
ipv4_address: 10.5.0.54
cronie:
image: a.invalid/servnest/cronie
extends:
file: base.yaml
service: php
build:
dockerfile: cronie.Containerfile

2
conf/nginx/inc/apache-proxy.conf
View file

@ -1,4 +1,4 @@
proxy_pass http://apache:42999;
proxy_pass http://10.5.0.57:42999;
proxy_ignore_client_abort on;
proxy_http_version 1.1;
proxy_set_header Host $host;

1
sftpgo-v2.6.4.tar.gz.sha256 Normal file
View file

@ -0,0 +1 @@
ce102615a0534c84a480276d641812b1a5f9a52bf0c1755ca914614f14905dcb sftpgo-v2.6.4.tar.gz

15
sftpgo.Containerfile
View file

@ -1,12 +1,19 @@
FROM a.invalid/servnest/alpine AS builder
RUN apk add go
ARG SFTPGO
ADD $SFTPGO /
WORKDIR /sftpgo-2.6.4/
ARG SFTPGO_VERSION
ADD sftpgo-v$SFTPGO_VERSION.tar.gz /
WORKDIR /sftpgo-$SFTPGO_VERSION/
RUN cp -r openapi ./internal/bundle/openapi && \
cp -r templates ./internal/bundle/templates && \
cp -r static ./internal/bundle/static
RUN go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,nosqlite,noportable,nometrics,bundle -o /usr/local/bin/sftpgo && strip /usr/local/bin/sftpgo
RUN GOFLAGS="-mod=readonly" go mod vendor
RUN CGO_ENABLED=0 go build \
-mod=vendor \
-buildmode=pie \
-tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,nosqlite,noportable,nometrics,bundle \
-trimpath \
-ldflags "-s" \
-o /usr/local/bin/sftpgo
FROM a.invalid/servnest/alpine
RUN apk add openssh-keygen bash

2
sha256sums
View file

@ -1,2 +0,0 @@
55ea3e5a7c2c35e6268c5dcbb8e45a9cd5b0e372e7b4e798499a526834f7ed90 alpine-minirootfs-3.21.0-x86_64.tar.gz
ce102615a0534c84a480276d641812b1a5f9a52bf0c1755ca914614f14905dcb sftpgo-v2.6.4.tar.gz

21
upstream.sh Executable file
View file

@ -0,0 +1,21 @@
#!/usr/bin/env sh
SFTPGO_VERSION=2.6.4
ALPINE_MAJOR=3.21
ALPINE_MINOR=2
ALPINE_ARCH=x86_64
ALPINE_RELEASE=$ALPINE_MAJOR.$ALPINE_MINOR-$ALPINE_ARCH
wget --quiet --no-clobber https://dl-cdn.alpinelinux.org/alpine/v$ALPINE_MAJOR/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_RELEASE.tar.gz
wget --quiet --no-clobber https://dl-cdn.alpinelinux.org/alpine/v$ALPINE_MAJOR/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_RELEASE.tar.gz.asc
wget --quiet --no-clobber https://alpinelinux.org/keys/ncopa.asc
sq cert import ncopa.asc
sq verify --signature-file=alpine-minirootfs-$ALPINE_RELEASE.tar.gz.asc --signer 0482D84022F52DF1C4E7CD43293ACD0907D9495A alpine-minirootfs-$ALPINE_RELEASE.tar.gz
wget --quiet --no-clobber https://github.com/drakkan/sftpgo/archive/refs/tags/v$SFTPGO_VERSION.tar.gz -O sftpgo-v$SFTPGO_VERSION.tar.gz
sha256sum -c *.sha256
cat << EOF > .env
SYS=alpine-minirootfs-$ALPINE_RELEASE.tar.gz
SFTPGO_VERSION=$SFTPGO_VERSION
EOF
# to generate checksums
#wget --quiet --no-clobber https://dl-cdn.alpinelinux.org/alpine/v$ALPINE_MAJOR/releases/$ALPINE_ARCH/alpine-minirootfs$ALPINE_RELEASE.tar.gz.sha256
#sha256sum sftpgo-v$SFTPGO_VERSION.tar.gz > sftpgo-v$SFTPGO_VERSION.tar.gz.sha256