Compare commits

...

13 Commits

Author SHA1 Message Date
Deon George
3b4247e5c5 Updated .gitlab-ci for last commit 2017-06-07 23:39:51 +10:00
Deon George
d3e6e2260e Updated for docker image defaults 2017-06-07 23:39:35 +10:00
Deon George
7e0e3fea0b Re-enabled CI, added php-opcache 2017-05-27 23:12:37 +10:00
Deon George
ebdf923805 Enabled container to run with single persistent volume 2017-05-27 23:07:27 +10:00
Deon George
73b93c5879 Enabled first start functionality 2017-05-27 23:07:21 +10:00
Deon George
6538e0f130 Added cron labels, fixed SSHD 2017-05-27 23:07:06 +10:00
Deon George
2722951f1e Add lamp to apache group; Add VOLUME for ssh 2017-01-25 22:34:13 +11:00
Deon George
c31d5a8f1e Included cyrus-sasl-plain and launching saslauthd 2016-08-24 23:54:34 +10:00
Deon George
c1cc7151d2 Disabled gitlib runner built for improved container caching 2016-08-23 11:43:10 +10:00
Deon George
e1da6bacd6 Updated permissions on COPY files 2016-08-23 09:59:53 +10:00
Deon George
5cbb1f7cc7 Updated gitlab runner php is 7.0 2016-08-11 12:32:23 +10:00
Deon George
4eaffd240c Enabled runner to run on php55, php56 and php70 2016-08-11 12:22:24 +10:00
Deon George
6630041461 Updated Dockerfile for php 7.0 from remi 2016-08-11 12:18:46 +10:00
6 changed files with 213 additions and 41 deletions

View File

@ -5,7 +5,7 @@ stages:
- build - build
variables: variables:
VERSION: php53 VERSION: php70
DOCKER_IMAGE: leenooks/lamps DOCKER_IMAGE: leenooks/lamps
DOCKER_REGISTRY: registry.leenooks.net DOCKER_REGISTRY: registry.leenooks.net
DOCKER_HOST: tcp://${DOCKER_REGISTRY}-leenooks-ci-docker:2375 DOCKER_HOST: tcp://${DOCKER_REGISTRY}-leenooks-ci-docker:2375
@ -31,10 +31,15 @@ test:
build: build:
stage: build stage: build
script: script:
- chmod 600 .my.cnf sshd_config
- chmod 500 init
- chmod 644 sshd
- docker build -t ${DOCKER_IMAGE}:${VERSION} . - docker build -t ${DOCKER_IMAGE}:${VERSION} .
- docker tag ${DOCKER_IMAGE}:${VERSION} ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION} - docker tag ${DOCKER_IMAGE}:${VERSION} ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION}
- docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION} - docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION}
tags: tags:
- docker - docker
only: only:
- master - php55
- php56
- php70

View File

@ -1,5 +0,0 @@
<Directory /var/www/sites>
AllowOverride AuthConfig FileInfo Indexes Limit Options
Options FollowSymLinks
Require all denied
</Directory>

View File

@ -1,31 +1,12 @@
# NAME leenooks/lamps # NAME leenooks/lamps
# VERSION php54 # VERSION php70
# BUILD docker build -t="leenooks/lamps" .
# START docker run -dp 80:80 [-p 443:443 ] -p 2022:22 \
# -e NO_MAIL=TRUE \
# -e NO_DB=TRUE \
# -v /srv/lamps/sites.d:/etc/httpd/sites.d \
# -v /srv/lamps/sites.html:/var/www/sites \
# -v /srv/lamps/mariadb/server.cnf:/etc/my.cnf.d/server.cnf
# -v /srv/lamps/mariadb/data:/var/lib/mysql
# -v /srv/lamps/user:/home/lamp \
# -v /srv/lamps/mail/opendkim:/etc/opendkim \
# -v /srv/lamps/mail/sendmail.mc:/etc/mail/sendmail.mc \
# -v /srv/lamps/tsm/TSM.PWD:/etc/adsm/TSM.PWD \
# -v /srv/lamps/tsm/dsm.sys:/etc/adsm/TSM.PWD \
# -v /dev/log:/dev/log \
# -v /srv/lamps/dsm.sys:/opt/tivoli/tsm/client/api/bin64/dsm.sys \
# -v /srv/lamps/dsm.opt:/opt/tivoli/tsm/client/api/bin64/dsm.opt \
# --hostname=www.example.com \
# --restart=always --name=lamp leenooks/hosting $@
# CRON: docker exec -it lamp /usr/sbin/awstats.sh
FROM registry.leenooks.net/leenooks/base:7 FROM registry.leenooks.net/leenooks/base:7.TE
RUN yum -y install epel-release && yum clean all RUN yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm && yum clean all && rm -rf /var/tmp/*
# EPEL & Leenooks packages # EPEL & Leenooks packages
RUN yum -y install \ RUN yum -y install --enabler remi-php70 \
httpd \ httpd \
mariadb-server \ mariadb-server \
php \ php \
@ -36,10 +17,12 @@ RUN yum -y install \
php-pdo \ php-pdo \
php-xml \ php-xml \
php-composer-installers.noarch \ php-composer-installers.noarch \
php-opcache \
m4 \ m4 \
opendkim \ opendkim \
sendmail \ sendmail \
sendmail-cf \ sendmail-cf \
cyrus-sasl-plain \
awstats \ awstats \
ln-http \ ln-http \
ln-awstats \ ln-awstats \
@ -49,18 +32,22 @@ RUN yum -y install \
&& yum clean all && yum clean all
COPY .my.cnf /root/ COPY .my.cnf /root/
COPY 10-default.conf /etc/httpd/conf.d/ COPY sshd /etc/sysconfig/sshd
COPY sshd_config /etc/ssh/
RUN ln -f /etc/.ln/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf && ln -f /etc/.ln/opendkim.conf /etc/opendkim.conf RUN ln -f /etc/.ln/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf && ln -f /etc/.ln/opendkim.conf /etc/opendkim.conf
RUN useradd -c "Hosting Admin User" -m lamp RUN useradd -c "Hosting Admin User" -G apache -d /etc/leenooks/user -M lamp
RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git"
EXPOSE 80 443 EXPOSE 22 80
COPY init /sbin/
# Starting # Starting
COPY init /sbin/
ENTRYPOINT [ "/sbin/init" ] ENTRYPOINT [ "/sbin/init" ]
CMD [ "start" ]
RUN yum -y install tsmpipe && yum clean all LABEL cron.hourly root:/usr/sbin/awstats.sh
LABEL cron.daily root:/usr/bin/tdp.mysql.sh -s information_schema:performance_schema
RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git" #VOLUME [ "/etc/leenooks","/var/lib/mysql","/var/www/html" ]
VOLUME [ "/etc/leenooks" ]
RUN rmdir /var/lib/mysql; ln -sf /etc/leenooks/database /var/lib/mysql; mv /var/www/html /var/www/html.old; ln -sf /etc/leenooks/html /var/www/html; ln -sf /etc/leenooks/tsm/dsm.sys /opt/tivoli/tsm/client/api/bin64/dsm.sys; ln -sf /etc/leenooks/tsm/dsm.opt /opt/tivoli/tsm/client/api/bin64/dsm.opt;

19
init
View File

@ -16,9 +16,16 @@ function stop {
[ "$NO_HTTP" != "TRUE" ] && rm -f /var/run/httpd/authdigest_shm.$(cat /var/run/httpd/httpd.pid) && kill $(cat /var/run/httpd/httpd.pid) [ "$NO_HTTP" != "TRUE" ] && rm -f /var/run/httpd/authdigest_shm.$(cat /var/run/httpd/httpd.pid) && kill $(cat /var/run/httpd/httpd.pid)
} }
function firststart {
if [ -x /usr/local/sbin/firststart.sh ]; then
/usr/local/sbin/firststart.sh
[ $? -eq 0 ] && rm /usr/local/sbin/firststart.sh
fi
}
trap 'stop' SIGTERM trap 'stop' SIGTERM
if [ "$1" == "start" ]; then if [ -z "$1" ]; then
if [ "$NO_MAIL" != "TRUE" ]; then if [ "$NO_MAIL" != "TRUE" ]; then
if [ -z `hostname --domain` ]; then if [ -z `hostname --domain` ]; then
echo "You must start this container with --hostname= specifying a domain name" echo "You must start this container with --hostname= specifying a domain name"
@ -29,6 +36,7 @@ if [ "$1" == "start" ]; then
[ ! -f /etc/opendkim/keys/default.private ] && /usr/sbin/opendkim-default-keygen [ ! -f /etc/opendkim/keys/default.private ] && /usr/sbin/opendkim-default-keygen
[ -x /usr/sbin/opendkim ] && /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim.pid -f & [ -x /usr/sbin/opendkim ] && /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim.pid -f &
echo "Starting Sendmail..." echo "Starting Sendmail..."
[ -f /etc/mail/authinfo ] && /usr/sbin/saslauthd -m /run/saslauthd -a pam
cd /etc/mail && make && m4 sendmail.mc > sendmail.cf && /usr/sbin/sendmail -q1h -bD & cd /etc/mail && make && m4 sendmail.mc > sendmail.cf && /usr/sbin/sendmail -q1h -bD &
else else
echo "! NOT starting MAIL" echo "! NOT starting MAIL"
@ -36,9 +44,10 @@ if [ "$1" == "start" ]; then
if [ "$NO_SSH" != "TRUE" ]; then if [ "$NO_SSH" != "TRUE" ]; then
echo "Starting SSHD..." echo "Starting SSHD..."
[ ! -d /etc/leenooks/ssh ] && mkdir /etc/leenooks/ssh && chmod 750 /etc/leenoks/ssh
getent passwd lamp || useradd -c "Hosting Admin User" -m lamp getent passwd lamp || useradd -c "Hosting Admin User" -m lamp
[ -x /usr/sbin/sshd-keygen ] && /usr/sbin/sshd-keygen [ -x /usr/sbin/sshd-keygen ] && /usr/sbin/sshd-keygen
[ -x /usr/sbin/sshd ] && /usr/sbin/sshd [ -x /usr/sbin/sshd ] && /usr/sbin/sshd -D &
else else
echo "! NOT starting SSH" echo "! NOT starting SSH"
fi fi
@ -54,17 +63,19 @@ if [ "$1" == "start" ]; then
if [ "$NO_HTTP" != "TRUE" ]; then if [ "$NO_HTTP" != "TRUE" ]; then
if [ -d /etc/awstats ]; then if [ -d /etc/awstats ]; then
find /etc/awstats/ -type l | xargs -n 5 rm -f find /etc/awstats/ -type l | xargs -n 5 rm -f
[ -e /var/www/sites/*/awstats/awstats*conf ] && find /var/www/sites/*/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \; [ -e /etc/leenooks/awstats/awstats*conf ] && find /etc/leenooks/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
fi fi
echo "Starting HTTP..." echo "Starting HTTP..."
find /etc/httpd/conf.d/ -type l | xargs -n 5 rm -f find /etc/httpd/conf.d/ -type l | xargs -n 5 rm -f
find /etc/httpd/sites.d -type f -exec ln -sf {} /etc/httpd/conf.d/ \; [ -d /etc/leenooks/httpd ] && find /etc/leenooks/httpd -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
[ -x /usr/sbin/httpd ] && /usr/sbin/httpd -DFOREGROUND & [ -x /usr/sbin/httpd ] && /usr/sbin/httpd -DFOREGROUND &
else else
echo "! NOT starting HTTP" echo "! NOT starting HTTP"
fi fi
firststart
wait wait
else else
exec $@ exec $@
fi fi

21
sshd Normal file
View File

@ -0,0 +1,21 @@
# Configuration file for the sshd service.
# The server keys are automatically generated if they are missing.
# To change the automatic creation uncomment and change the appropriate
# line. Accepted key types are: DSA RSA ECDSA ED25519.
# The default is "RSA ECDSA ED25519"
# AUTOCREATE_SERVER_KEYS=""
# AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
# Do not change this option unless you have hardware random
# generator and you REALLY know what you are doing
SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1
# Override Defaults
RSA_KEY=/etc/leenooks/ssh/ssh_host_rsa_key
ECDSA_KEY=/etc/leenooks/ssh/ssh_host_ecdsa_key
AUTOCREATE_SERVER_KEYS="RSA ECDSA"

153
sshd_config Normal file
View File

@ -0,0 +1,153 @@
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/leenooks/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/leenooks/ssh/ssh_host_ecdsa_key
#HostKey /etc/leenooks/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server