Enabled container to run with single persistent volume

2017-05-08 13:32:18 +10:00 · 2017-05-08 13:32:18 +10:00 · 116632ab56
commit 116632ab56
parent 9218b58a71
6 changed files with 208 additions and 13 deletions
--- a/10-default.conf
+++ b/10-default.conf
@ -1,4 +1,4 @@
-<Directory /var/www/sites>
+<Directory /var/www/html>
 	AllowOverride AuthConfig FileInfo Indexes Limit Options
 	Options FollowSymLinks
 	Require all denied
--- a/11-default.conf
+++ b/11-default.conf
@ -0,0 +1,15 @@
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+
+<Directory /var/www/html/public>
+	AllowOverride FileInfo Indexes Options=Multiviews
+	Require all granted
+</Directory>
+
+<VirtualHost *:80>
+	DocumentRoot /var/www/html/public
+
+	ErrorLog /var/log/httpd/0.0.0.0-error_log
+	TransferLog /var/log/httpd/0.0.0.0-access_log
+	CustomLog logs/0.0.0.0-custom_log combined
+</VirtualHost>
--- a/20
+++ b/20
@ -34,19 +34,23 @@ RUN yum -y install --enabler remi-php56 \
 	&& yum clean all

 COPY .my.cnf /root/
-COPY 10-default.conf /etc/httpd/conf.d/
+COPY 1?-default.conf /etc/httpd/conf.d/
+COPY sshd /etc/sysconfig/sshd
+COPY sshd_config /etc/ssh/
 RUN ln -f /etc/.ln/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf && ln -f /etc/.ln/opendkim.conf /etc/opendkim.conf

-RUN useradd -c "Hosting Admin User" -m lamp -G apache
+RUN useradd -c "Hosting Admin User" -G apache -d /etc/leenooks/user -M lamp
 RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git" 

-VOLUME [ "/etc/ssh" ]
-EXPOSE 80 443
+EXPOSE 22 80
+COPY init /sbin/
+
+# Starting
+ENTRYPOINT [ "/sbin/init" ]

 LABEL cron.hourly root:/usr/sbin/awstats.sh
 LABEL cron.daily root:/usr/bin/tdp.mysql.sh -s information_schema:performance_schema

-# Starting
-COPY init /sbin/
-ENTRYPOINT [ "/sbin/init" ]
-CMD [ "start" ]
+#VOLUME [ "/etc/leenooks","/var/lib/mysql","/var/www/html" ]
+VOLUME [ "/etc/leenooks" ]
+RUN rmdir /var/lib/mysql; ln -sf /etc/leenooks/database /var/lib/mysql; mv /var/www/html /var/www/html.old; ln -sf /etc/leenooks/html /var/www/html; ln -sf /etc/leenooks/tsm/dsm.sys /opt/tivoli/tsm/client/api/bin64/dsm.sys; ln -sf /etc/leenooks/tsm/dsm.opt /opt/tivoli/tsm/client/api/bin64/dsm.opt;
--- a/9
+++ b/9
@ -25,7 +25,7 @@ function firststart {

 trap 'stop' SIGTERM

-if [ "$1" == "start" ]; then
+if [ -z "$1" ]; then
 	if [ "$NO_MAIL" != "TRUE" ]; then
 		if [ -z `hostname --domain` ]; then
 			echo "You must start this container with --hostname= specifying a domain name"
@ -43,6 +43,7 @@ if [ "$1" == "start" ]; then

 	if [ "$NO_SSH" != "TRUE" ]; then
 		echo "Starting SSHD..."
+		[ ! -d /etc/leenooks/ssh ] && mkdir /etc/leenooks/ssh && chmod 750 /etc/leenoks/ssh
 		getent passwd lamp || useradd -c "Hosting Admin User" -m lamp
 		[ -x /usr/sbin/sshd-keygen ] && /usr/sbin/sshd-keygen
 		[ -x /usr/sbin/sshd ] && /usr/sbin/sshd -D &
@ -61,11 +62,11 @@ if [ "$1" == "start" ]; then
 	if [ "$NO_HTTP" != "TRUE" ]; then
 		if [ -d /etc/awstats ]; then
 			find /etc/awstats/ -type l | xargs -n 5 rm -f
-			[ -e /var/www/sites/*/awstats/awstats*conf ] && find /var/www/sites/*/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
+			[ -e /etc/leenooks/awstats/awstats*conf ] && find /etc/leenooks/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
 		fi
 		echo "Starting HTTP..."
 		find /etc/httpd/conf.d/ -type l | xargs -n 5 rm -f
-		find /etc/httpd/sites.d -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
+		[ -d /etc/leenooks/httpd ] && find /etc/leenooks/httpd -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
 		[ -x /usr/sbin/httpd ] && /usr/sbin/httpd -DFOREGROUND &
 	else
 		echo "! NOT starting HTTP"
@ -73,7 +74,7 @@ if [ "$1" == "start" ]; then

 	firststart
 	wait
+
 else
-	firststart
 	exec $@
 fi
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+# Configuration file for the sshd service.
+
+# The server keys are automatically generated if they are missing.
+# To change the automatic creation uncomment and change the appropriate
+# line. Accepted key types are: DSA RSA ECDSA ED25519.
+# The default is "RSA ECDSA ED25519"
+
+# AUTOCREATE_SERVER_KEYS=""
+# AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
+
+# Do not change this option unless you have hardware random
+# generator and you REALLY know what you are doing
+
+SSH_USE_STRONG_RNG=0
+# SSH_USE_STRONG_RNG=1
+
+# Override Defaults
+RSA1_KEY=/etc/leenooks/ssh/ssh_host_key
+RSA_KEY=/etc/leenooks/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/leenooks/ssh/ssh_host_dsa_key
+ECDSA_KEY=/etc/leenooks/ssh/ssh_host_ecdsa_key
+ED25519_KEY=/etc/leenooks/ssh/ssh_host_ed25519_key
--- a/153
+++ b/153
@ -0,0 +1,153 @@
+#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /etc/leenooks/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/leenooks/ssh/ssh_host_ecdsa_key
+HostKey /etc/leenooks/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication yes
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials no
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
+# problems.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation sandbox		# Default for new installations.
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server