Updated .gitlab-ci for last commit

.gitlab-ci.yml

@@ -5,7 +5,7 @@ stages:
 - build
 
 variables:
-  VERSION: php53
+  VERSION: php70
   DOCKER_IMAGE: leenooks/lamps
   DOCKER_REGISTRY: registry.leenooks.net
   DOCKER_HOST: tcp://${DOCKER_REGISTRY}-leenooks-ci-docker:2375
@@ -31,10 +31,15 @@ test:
 build:
   stage: build
   script:
+  - chmod 600 .my.cnf sshd_config
+  - chmod 500 init
+  - chmod 644 sshd
   - docker build -t ${DOCKER_IMAGE}:${VERSION} .
   - docker tag ${DOCKER_IMAGE}:${VERSION} ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION}
   - docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION}
   tags:
   - docker
   only:
-  - master
+  - php55
+  - php56
+  - php70

10-default.conf

@@ -1,5 +0,0 @@
-<Directory /var/www/sites>
-	AllowOverride AuthConfig FileInfo Indexes Limit Options
-	Options FollowSymLinks
-	Require all denied
-</Directory>

Dockerfile

@@ -1,31 +1,12 @@
 # NAME leenooks/lamps
-# VERSION php54
-# BUILD docker build -t="leenooks/lamps" .
-# START docker run -dp 80:80 [-p 443:443 ] -p 2022:22 \
-#	-e NO_MAIL=TRUE \
-#	-e NO_DB=TRUE \
-#	-v /srv/lamps/sites.d:/etc/httpd/sites.d \
-#	-v /srv/lamps/sites.html:/var/www/sites \
-#	-v /srv/lamps/mariadb/server.cnf:/etc/my.cnf.d/server.cnf
-#	-v /srv/lamps/mariadb/data:/var/lib/mysql
-#	-v /srv/lamps/user:/home/lamp \
-#	-v /srv/lamps/mail/opendkim:/etc/opendkim \
-#	-v /srv/lamps/mail/sendmail.mc:/etc/mail/sendmail.mc \
-#	-v /srv/lamps/tsm/TSM.PWD:/etc/adsm/TSM.PWD \
-#	-v /srv/lamps/tsm/dsm.sys:/etc/adsm/TSM.PWD \
-#	-v /dev/log:/dev/log \
-#	-v /srv/lamps/dsm.sys:/opt/tivoli/tsm/client/api/bin64/dsm.sys \
-#	-v /srv/lamps/dsm.opt:/opt/tivoli/tsm/client/api/bin64/dsm.opt \
-#	--hostname=www.example.com \
-#	--restart=always --name=lamp leenooks/hosting $@
-# CRON: docker exec -it lamp /usr/sbin/awstats.sh
+# VERSION php70
 
-FROM registry.leenooks.net/leenooks/base:7
+FROM registry.leenooks.net/leenooks/base:7.TE
 
-RUN yum -y install epel-release && yum clean all
+RUN yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm && yum clean all && rm -rf /var/tmp/*
 
 # EPEL & Leenooks packages
-RUN yum -y install \
+RUN yum -y install --enabler remi-php70 \
 	httpd \
 	mariadb-server \
 	php \
@@ -36,10 +17,12 @@ RUN yum -y install \
 	php-pdo \
 	php-xml \
 	php-composer-installers.noarch \
+	php-opcache \
 	m4 \
 	opendkim \
 	sendmail \
 	sendmail-cf \
+	cyrus-sasl-plain \
 	awstats \
 	ln-http \
 	ln-awstats \
@@ -49,18 +32,22 @@ RUN yum -y install \
 	&& yum clean all
 
 COPY .my.cnf /root/
-COPY 10-default.conf /etc/httpd/conf.d/
+COPY sshd /etc/sysconfig/sshd
+COPY sshd_config /etc/ssh/
 RUN ln -f /etc/.ln/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf && ln -f /etc/.ln/opendkim.conf /etc/opendkim.conf
 
-RUN useradd -c "Hosting Admin User" -m lamp
+RUN useradd -c "Hosting Admin User" -G apache -d /etc/leenooks/user -M lamp
+RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git" 
 
-EXPOSE 80 443
+EXPOSE 22 80
+COPY init /sbin/
 
 # Starting
-COPY init /sbin/
 ENTRYPOINT [ "/sbin/init" ]
-CMD [ "start" ]
 
-RUN yum -y install tsmpipe && yum clean all
+LABEL cron.hourly root:/usr/sbin/awstats.sh
+LABEL cron.daily root:/usr/bin/tdp.mysql.sh -s information_schema:performance_schema
 
-RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git" 
+#VOLUME [ "/etc/leenooks","/var/lib/mysql","/var/www/html" ]
+VOLUME [ "/etc/leenooks" ]
+RUN rmdir /var/lib/mysql; ln -sf /etc/leenooks/database /var/lib/mysql; mv /var/www/html /var/www/html.old; ln -sf /etc/leenooks/html /var/www/html; ln -sf /etc/leenooks/tsm/dsm.sys /opt/tivoli/tsm/client/api/bin64/dsm.sys; ln -sf /etc/leenooks/tsm/dsm.opt /opt/tivoli/tsm/client/api/bin64/dsm.opt;

init

@@ -16,9 +16,16 @@ function stop {
 	[ "$NO_HTTP" != "TRUE" ] && rm -f /var/run/httpd/authdigest_shm.$(cat /var/run/httpd/httpd.pid) && kill $(cat /var/run/httpd/httpd.pid)
 }
 
+function firststart {
+	if [ -x /usr/local/sbin/firststart.sh ]; then
+		/usr/local/sbin/firststart.sh
+		[ $? -eq 0 ] && rm /usr/local/sbin/firststart.sh
+	fi
+}
+
 trap 'stop' SIGTERM
 
-if [ "$1" == "start" ]; then
+if [ -z "$1" ]; then
 	if [ "$NO_MAIL" != "TRUE" ]; then
 		if [ -z `hostname --domain` ]; then
 			echo "You must start this container with --hostname= specifying a domain name"
@@ -29,6 +36,7 @@ if [ "$1" == "start" ]; then
 		[ ! -f /etc/opendkim/keys/default.private ] && /usr/sbin/opendkim-default-keygen
 		[ -x /usr/sbin/opendkim ] && /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim.pid -f &
 		echo "Starting Sendmail..."
+		[ -f /etc/mail/authinfo ] && /usr/sbin/saslauthd -m /run/saslauthd -a pam
 		cd /etc/mail && make && m4 sendmail.mc > sendmail.cf && /usr/sbin/sendmail -q1h -bD &
 	else
 		echo "! NOT starting MAIL"
@@ -36,9 +44,10 @@ if [ "$1" == "start" ]; then
 
 	if [ "$NO_SSH" != "TRUE" ]; then
 		echo "Starting SSHD..."
+		[ ! -d /etc/leenooks/ssh ] && mkdir /etc/leenooks/ssh && chmod 750 /etc/leenoks/ssh
 		getent passwd lamp || useradd -c "Hosting Admin User" -m lamp
 		[ -x /usr/sbin/sshd-keygen ] && /usr/sbin/sshd-keygen
-		[ -x /usr/sbin/sshd ] && /usr/sbin/sshd
+		[ -x /usr/sbin/sshd ] && /usr/sbin/sshd -D &
 	else
 		echo "! NOT starting SSH"
 	fi
@@ -54,17 +63,19 @@ if [ "$1" == "start" ]; then
 	if [ "$NO_HTTP" != "TRUE" ]; then
 		if [ -d /etc/awstats ]; then
 			find /etc/awstats/ -type l | xargs -n 5 rm -f
-			[ -e /var/www/sites/*/awstats/awstats*conf ] && find /var/www/sites/*/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
+			[ -e /etc/leenooks/awstats/awstats*conf ] && find /etc/leenooks/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
 		fi
 		echo "Starting HTTP..."
 		find /etc/httpd/conf.d/ -type l | xargs -n 5 rm -f
-		find /etc/httpd/sites.d -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
+		[ -d /etc/leenooks/httpd ] && find /etc/leenooks/httpd -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
 		[ -x /usr/sbin/httpd ] && /usr/sbin/httpd -DFOREGROUND &
 	else
 		echo "! NOT starting HTTP"
 	fi
 
+	firststart
 	wait
+
 else
 	exec $@
 fi

sshd

@@ -0,0 +1,21 @@
+# Configuration file for the sshd service.
+
+# The server keys are automatically generated if they are missing.
+# To change the automatic creation uncomment and change the appropriate
+# line. Accepted key types are: DSA RSA ECDSA ED25519.
+# The default is "RSA ECDSA ED25519"
+
+# AUTOCREATE_SERVER_KEYS=""
+# AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
+
+# Do not change this option unless you have hardware random
+# generator and you REALLY know what you are doing
+
+SSH_USE_STRONG_RNG=0
+# SSH_USE_STRONG_RNG=1
+
+# Override Defaults
+RSA_KEY=/etc/leenooks/ssh/ssh_host_rsa_key
+ECDSA_KEY=/etc/leenooks/ssh/ssh_host_ecdsa_key
+
+AUTOCREATE_SERVER_KEYS="RSA ECDSA"

sshd_config

@@ -0,0 +1,153 @@
+#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /etc/leenooks/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/leenooks/ssh/ssh_host_ecdsa_key
+#HostKey /etc/leenooks/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication yes
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials no
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
+# problems.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation sandbox		# Default for new installations.
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server