From 9cbccd93dcbe5048ee428d22965d2d4c9d68cb84 Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Fri, 16 Sep 2016 17:08:06 +0200 Subject: [PATCH] delete all root process --- boinc/Dockerfile | 24 ++++++++++++++++-------- boinc/run.sh | 3 +++ boring-nginx/Dockerfile | 2 +- boring-nginx/run.sh | 2 +- cowrie/Dockerfile | 4 +++- cowrie/run.sh | 2 +- ghost/Dockerfile | 6 +++--- ghost/run.sh | 2 +- isso/Dockerfile | 5 ++++- isso/run.sh | 2 +- lychee/Dockerfile | 14 ++++++++------ lychee/README.md | 2 +- lychee/nginx.conf | 13 ++++++------- lychee/php-fpm.conf | 6 +----- lychee/run.sh | 5 ++--- lychee/s6.d/nginx/run | 2 ++ lychee/s6.d/php/run | 2 ++ lychee/supervisord.conf | 8 -------- nextcloud/10.0/Dockerfile | 13 ++++++------- nextcloud/10.0/cron | 2 +- nextcloud/10.0/nginx.conf | 7 +++---- nextcloud/10.0/occ | 2 +- nextcloud/10.0/php-fpm.conf | 6 +----- nextcloud/10.0/run.sh | 7 ++----- nextcloud/10.0/s6.d/cron/run | 2 ++ nextcloud/10.0/s6.d/nginx/run | 2 ++ nextcloud/10.0/s6.d/php/run | 2 ++ nextcloud/10.0/supervisord.conf | 11 ----------- nextcloud/9.0/Dockerfile | 13 ++++++------- nextcloud/9.0/cron | 2 +- nextcloud/9.0/nginx.conf | 7 +++---- nextcloud/9.0/php-fpm.conf | 6 +----- nextcloud/9.0/run.sh | 7 ++----- nextcloud/9.0/s6.d/cron/run | 2 ++ nextcloud/9.0/s6.d/nginx/run | 2 ++ nextcloud/9.0/s6.d/php/run | 2 ++ nextcloud/9.0/supervisord.conf | 11 ----------- nextcloud/README.md | 2 +- nextcloud/daily/Dockerfile | 13 ++++++------- nextcloud/daily/cron | 2 +- nextcloud/daily/nginx.conf | 7 +++---- nextcloud/daily/php-fpm.conf | 7 ++----- nextcloud/daily/run.sh | 7 ++----- nextcloud/daily/s6.d/cron/run | 2 ++ nextcloud/daily/s6.d/nginx/run | 2 ++ nextcloud/daily/s6.d/php/run | 2 ++ nextcloud/daily/supervisord.conf | 11 ----------- nginx/Dockerfile | 2 +- nginx/run.sh | 3 +-- privatebin/Dockerfile | 11 ++++++----- privatebin/README.md | 2 +- privatebin/nginx.conf | 7 +++---- privatebin/php-fpm.conf | 6 +----- privatebin/run.sh | 6 ++---- privatebin/s6.d/nginx/run | 2 ++ privatebin/s6.d/php/run | 2 ++ privatebin/supervisord.conf | 8 -------- rainloop/Dockerfile | 15 +++++++++------ rainloop/README.md | 6 ++++-- rainloop/nginx.conf | 11 +++++------ rainloop/php-fpm.conf | 6 +----- rainloop/run.sh | 5 ++--- rainloop/s6.d/nginx/run | 2 ++ rainloop/s6.d/php/run | 2 ++ rainloop/supervisord.conf | 8 -------- searx/Dockerfile | 10 ++++------ searx/run.sh | 2 +- tor/Dockerfile | 23 +++++++++++++++-------- tor/run.sh | 3 +++ 69 files changed, 183 insertions(+), 224 deletions(-) create mode 100644 boinc/run.sh create mode 100644 lychee/s6.d/nginx/run create mode 100644 lychee/s6.d/php/run delete mode 100644 lychee/supervisord.conf create mode 100644 nextcloud/10.0/s6.d/cron/run create mode 100644 nextcloud/10.0/s6.d/nginx/run create mode 100644 nextcloud/10.0/s6.d/php/run delete mode 100644 nextcloud/10.0/supervisord.conf create mode 100644 nextcloud/9.0/s6.d/cron/run create mode 100644 nextcloud/9.0/s6.d/nginx/run create mode 100644 nextcloud/9.0/s6.d/php/run delete mode 100644 nextcloud/9.0/supervisord.conf create mode 100644 nextcloud/daily/s6.d/cron/run create mode 100644 nextcloud/daily/s6.d/nginx/run create mode 100644 nextcloud/daily/s6.d/php/run delete mode 100644 nextcloud/daily/supervisord.conf create mode 100644 privatebin/s6.d/nginx/run create mode 100644 privatebin/s6.d/php/run delete mode 100644 privatebin/supervisord.conf create mode 100644 rainloop/s6.d/nginx/run create mode 100644 rainloop/s6.d/php/run delete mode 100644 rainloop/supervisord.conf create mode 100644 tor/run.sh diff --git a/boinc/Dockerfile b/boinc/Dockerfile index 8ea3142..e5928d9 100644 --- a/boinc/Dockerfile +++ b/boinc/Dockerfile @@ -1,9 +1,13 @@ FROM alpine:3.4 MAINTAINER Wonderfall -ARG BOINC_USER_ID=35854 +ARG BUILD_CORES -RUN BUILD_DEPS=" \ +ENV UID=991 GID=991 + +RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/apk/repositories \ + && NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \ + && BUILD_DEPS=" \ build-base \ git \ m4 \ @@ -14,6 +18,8 @@ RUN BUILD_DEPS=" \ libnotify-dev" \ && apk -U add \ ${BUILD_DEPS} \ + su-exec \ + tini@community \ libnotify \ libstdc++ \ curl \ @@ -22,13 +28,15 @@ RUN BUILD_DEPS=" \ && cd boinc \ && ./_autosetup \ && ./configure --disable-server --enable-client CXXFLAGS="-O3 " \ - && make \ + && make -j ${NB_CORES} \ && make install \ - && adduser -h /home/boinc -D -s /sbin/nologin -u ${BOINC_USER_ID} boinc \ && apk del ${BUILD_DEPS} \ && rm -rf /var/cache/apk/* /tmp/* -USER boinc -WORKDIR /home/boinc -VOLUME /home/boinc -ENTRYPOINT [ "boinc" ] +COPY run.sh /usr/local/bin/run.sh + +RUN chmod +x /usr/local/bin/run.sh + +VOLUME /boinc + +CMD ["run.sh"] diff --git a/boinc/run.sh b/boinc/run.sh new file mode 100644 index 0000000..e971e83 --- /dev/null +++ b/boinc/run.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown -R $UID:$GID /boinc && cd /boinc +exec su-exec $UID:$GID /sbin/tini -- boinc diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile index 9cf403b..d330baa 100644 --- a/boring-nginx/Dockerfile +++ b/boring-nginx/Dockerfile @@ -115,4 +115,4 @@ LABEL description="Secure nginx built from source." \ openssl="BoringSSL (date of the container)." \ nginx="nginx ${NGINX_VERSION}." -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/boring-nginx/run.sh b/boring-nginx/run.sh index 2051125..2049b56 100644 --- a/boring-nginx/run.sh +++ b/boring-nginx/run.sh @@ -1,4 +1,4 @@ #!/bin/sh chown -R $UID:$GID /etc/nginx /var/log/nginx /var/run/nginx.pid /sites-enabled /conf.d /certs /www /tmp chmod -R 700 /certs -su-exec $UID:$GID nginx +exec su-exec $UID:$GID /sbin/tini -- nginx diff --git a/cowrie/Dockerfile b/cowrie/Dockerfile index bb8dde8..d2aba8b 100644 --- a/cowrie/Dockerfile +++ b/cowrie/Dockerfile @@ -80,5 +80,7 @@ COPY run.sh /usr/local/bin/run.sh RUN chmod +x /usr/local/bin/run.sh VOLUME /cowrie/log /cowrie/dl /cowrie/custom + EXPOSE 2222 -CMD ["/sbin/tini","--","run.sh"] + +CMD ["run.sh"] diff --git a/cowrie/run.sh b/cowrie/run.sh index 5f3b077..08e0a30 100644 --- a/cowrie/run.sh +++ b/cowrie/run.sh @@ -15,4 +15,4 @@ mkdir -p /cowrie/log/tty cp -R /cowrie/custom/* /cowrie chown -R $UID:$GID /cowrie -su-exec $UID:$GID twistd -n -l /cowrie/log/cowrie.log cowrie +exec su-exec $UID:$GID /sbin/tini -- twistd -n -l /cowrie/log/cowrie.log cowrie diff --git a/ghost/Dockerfile b/ghost/Dockerfile index b7a285d..a150103 100644 --- a/ghost/Dockerfile +++ b/ghost/Dockerfile @@ -1,5 +1,5 @@ -FROM wonderfall/node:stable -MAINTAINER Wonderfall +FROM xataz/node:6 +MAINTAINER Wonderfall ARG VERSION=0.10.1 @@ -63,4 +63,4 @@ EXPOSE 2368 LABEL description="Ghost CMS ready for production" \ ghost="Ghost v$VERSION" -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/ghost/run.sh b/ghost/run.sh index ed807b9..8c5be98 100644 --- a/ghost/run.sh +++ b/ghost/run.sh @@ -55,4 +55,4 @@ if [ "$SYNTAX_HIGHLIGHTING" == "True" ] && [ ! -f /ghost/content/themes/casper/a fi chown -R $UID:$GID /ghost && cd /ghost -su-exec $UID:$GID npm start --production +exec su-exec $UID:$GID tini -- npm start --production diff --git a/isso/Dockerfile b/isso/Dockerfile index 4d82ecd..2c77cd3 100644 --- a/isso/Dockerfile +++ b/isso/Dockerfile @@ -28,8 +28,11 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && rm -rf /var/cache/apk/* /tmp/* COPY run.sh /usr/local/bin/run.sh + RUN chmod +x /usr/local/bin/run.sh EXPOSE 8080 + VOLUME /db /config -CMD ["/sbin/tini","--","run.sh"] + +CMD ["run.sh"] diff --git a/isso/run.sh b/isso/run.sh index 2431731..7b6416a 100644 --- a/isso/run.sh +++ b/isso/run.sh @@ -1,3 +1,3 @@ #!/bin/sh chown -R $UID:$GID /db /config -su-exec $UID:$GID isso -c /config/isso.conf run +exec su-exec $UID:$GID /sbin/tini -- isso -c /config/isso.conf run diff --git a/lychee/Dockerfile b/lychee/Dockerfile index 52247ec..7314e1c 100644 --- a/lychee/Dockerfile +++ b/lychee/Dockerfile @@ -18,7 +18,6 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && apk -U add \ ${BUILD_DEPS} \ nginx \ - libwebp \ php7-mbstring@commuedge \ php7-fpm@commuedge \ php7-exif@commuedge \ @@ -29,7 +28,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a php7-session@commuedge \ php7-pear@commuedge \ php7-dev@commuedge \ - supervisor \ + s6 \ + su-exec \ imagemagick \ tini@commuedge \ && sed -i -e "s/max_execution_time = 30/max_execution_time = 200/g" \ @@ -48,11 +48,13 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY supervisord.conf /usr/local/etc/supervisord.conf +COPY s6.d /etc/s6.d COPY run.sh /usr/local/bin/run.sh -RUN chmod +x /usr/local/bin/run.sh +RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* VOLUME /lychee/uploads /lychee/data -EXPOSE 80 -CMD ["/sbin/tini","--","run.sh"] + +EXPOSE 8888 + +CMD ["run.sh"] diff --git a/lychee/README.md b/lychee/README.md index 0128575..ccb22c2 100644 --- a/lychee/README.md +++ b/lychee/README.md @@ -23,4 +23,4 @@ Lychee is a free photo-management tool, which runs on your server or web-space. - **/lychee/data** : data files. #### Ports -- **80** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration) +- **8888** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration) diff --git a/lychee/nginx.conf b/lychee/nginx.conf index d0ed8fc..cdfa8ee 100644 --- a/lychee/nginx.conf +++ b/lychee/nginx.conf @@ -1,6 +1,5 @@ -user lychee; worker_processes auto; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; daemon off; events { @@ -47,10 +46,10 @@ http { image/svg+xml; server { - listen 80; - root /lychee; - index index.php index.html; - client_max_body_size 100M; + listen 8888; + root /lychee; + index index.php index.html; + client_max_body_size 100M; location / { try_files $uri $uri/ /index.html; @@ -65,7 +64,7 @@ http { location ~ \.php$ { fastcgi_split_path_info ^(.*\.php)(/.*)?$; - fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; diff --git a/lychee/php-fpm.conf b/lychee/php-fpm.conf index 1bad8b9..f636044 100644 --- a/lychee/php-fpm.conf +++ b/lychee/php-fpm.conf @@ -2,11 +2,7 @@ daemonize = no [www] -user = lychee -group = lychee -listen = /var/run/php-fpm.sock -listen.owner = lychee -listen.group = lychee +listen = /tmp/php-fpm.sock pm = dynamic pm.max_children = 5 pm.start_servers = 2 diff --git a/lychee/run.sh b/lychee/run.sh index 6417909..bc7b61f 100644 --- a/lychee/run.sh +++ b/lychee/run.sh @@ -1,5 +1,4 @@ #!/bin/sh -addgroup -g ${GID} lychee && adduser -h /lychee -s /bin/sh -D -G lychee -u ${UID} lychee mkdir /lychee/uploads/big /lychee/uploads/import /lychee/uploads/medium /lychee/uploads/thumb -chown -R lychee:lychee /lychee /var/run/php-fpm.sock /var/lib/nginx /tmp -exec supervisord -c /usr/local/etc/supervisord.conf +chown -R $UID:$GID /lychee /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d +exec su-exec $UID:$GID /sbin/tini -- /bin/s6-svscan /etc/s6.d diff --git a/lychee/s6.d/nginx/run b/lychee/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/lychee/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/lychee/s6.d/php/run b/lychee/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/lychee/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/lychee/supervisord.conf b/lychee/supervisord.conf deleted file mode 100644 index f2cd4b1..0000000 --- a/lychee/supervisord.conf +++ /dev/null @@ -1,8 +0,0 @@ -[supervisord] -nodaemon=true - -[program:php-fpm] -command=php-fpm7 - -[program:nginx] -command=nginx diff --git a/nextcloud/10.0/Dockerfile b/nextcloud/10.0/Dockerfile index 647d6c0..9d5a747 100644 --- a/nextcloud/10.0/Dockerfile +++ b/nextcloud/10.0/Dockerfile @@ -4,7 +4,7 @@ MAINTAINER Wonderfall ARG NEXTCLOUD_VERSION=10.0.0 ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" -ENV GID=991 UID=991 +ENV UID=991 GID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ @@ -12,13 +12,12 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && apk -U add \ ${BUILD_DEPS} \ nginx \ - supervisor \ + s6 \ openssl \ ca-certificates \ libsmbclient \ samba-client \ su-exec \ - tini@commuedge \ php7@commuedge \ php7-fpm@commuedge \ php7-intl@commuedge \ @@ -70,18 +69,18 @@ COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf COPY opcache.ini /etc/php7/conf.d/00_opcache.ini COPY apcu.ini /etc/php7/conf.d/apcu.ini -COPY supervisord.conf /etc/supervisor/supervisord.conf COPY run.sh /usr/local/bin/run.sh COPY occ /usr/local/bin/occ COPY cron /etc/periodic/15min/nextcloud +COPY s6.d /etc/s6.d -RUN chmod +x /usr/local/bin/* /etc/periodic/15min/nextcloud +RUN chmod +x /usr/local/bin/* /etc/periodic/15min/nextcloud /etc/s6.d/*/* VOLUME /data /config /apps2 -EXPOSE 80 +EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/nextcloud/10.0/cron b/nextcloud/10.0/cron index 8d5ad0a..b6b0427 100644 --- a/nextcloud/10.0/cron +++ b/nextcloud/10.0/cron @@ -1,2 +1,2 @@ #!/bin/sh -su - nextcloud -c "php7 -f /nextcloud/cron.php" > /dev/null 2>&1 +php7 -f /nextcloud/cron.php" > /dev/null 2>&1 diff --git a/nextcloud/10.0/nginx.conf b/nextcloud/10.0/nginx.conf index 0415d4d..5d3ed14 100644 --- a/nextcloud/10.0/nginx.conf +++ b/nextcloud/10.0/nginx.conf @@ -1,6 +1,5 @@ -user nextcloud; worker_processes auto; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; daemon off; events { @@ -50,7 +49,7 @@ http { image/svg+xml; server { - listen 80; + listen 8888; index index.php; root /nextcloud; client_max_body_size 10G; @@ -94,7 +93,7 @@ http { fastcgi_param modHeadersAvailable true; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; - fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; } location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { diff --git a/nextcloud/10.0/occ b/nextcloud/10.0/occ index f4c8b16..a766ef6 100644 --- a/nextcloud/10.0/occ +++ b/nextcloud/10.0/occ @@ -1,2 +1,2 @@ #!/bin/sh -su-exec nextcloud:nextcloud php7 /nextcloud/occ $@ +su-exec $UID:$GID php7 /nextcloud/occ $@ diff --git a/nextcloud/10.0/php-fpm.conf b/nextcloud/10.0/php-fpm.conf index fc4cfa7..0797af3 100644 --- a/nextcloud/10.0/php-fpm.conf +++ b/nextcloud/10.0/php-fpm.conf @@ -2,11 +2,7 @@ daemonize = no [www] -user = nextcloud -group = nextcloud -listen = /var/run/php-fpm.sock -listen.owner = nextcloud -listen.group = nextcloud +listen = /tmp/php-fpm.sock pm = dynamic pm.max_children = 10 pm.start_servers = 2 diff --git a/nextcloud/10.0/run.sh b/nextcloud/10.0/run.sh index 3c61faa..040c339 100644 --- a/nextcloud/10.0/run.sh +++ b/nextcloud/10.0/run.sh @@ -1,15 +1,12 @@ #!/bin/sh -addgroup -g ${GID} nextcloud && adduser -h /nextcloud -s /bin/sh -D -G nextcloud -u ${UID} nextcloud -# Set default data directory if [ ! -f /config/config.php ]; then echo -e " '/data',\n);" > /config/config.php fi -touch /var/run/php-fpm.sock mkdir /tmp/fastcgi /tmp/client_body -chown -R nextcloud:nextcloud /nextcloud /data /config /apps2 /var/run/php-fpm.sock /var/lib/nginx /tmp +chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log/nginx /var/log/php7 /var/lib/nginx /tmp /etc/s6.d ln -s /config/config.php /nextcloud/config/config.php ln -s /apps2 /nextcloud -exec supervisord -c /etc/supervisor/supervisord.conf +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/nextcloud/10.0/s6.d/cron/run b/nextcloud/10.0/s6.d/cron/run new file mode 100644 index 0000000..29647de --- /dev/null +++ b/nextcloud/10.0/s6.d/cron/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec crond -f diff --git a/nextcloud/10.0/s6.d/nginx/run b/nextcloud/10.0/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/nextcloud/10.0/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/nextcloud/10.0/s6.d/php/run b/nextcloud/10.0/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/nextcloud/10.0/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/nextcloud/10.0/supervisord.conf b/nextcloud/10.0/supervisord.conf deleted file mode 100644 index bbabd57..0000000 --- a/nextcloud/10.0/supervisord.conf +++ /dev/null @@ -1,11 +0,0 @@ -[supervisord] -nodaemon=true - -[program:cron] -command=crond -f - -[program:php-fpm] -command=php-fpm7 - -[program:nginx] -command=nginx diff --git a/nextcloud/9.0/Dockerfile b/nextcloud/9.0/Dockerfile index d1d2d37..578b4af 100644 --- a/nextcloud/9.0/Dockerfile +++ b/nextcloud/9.0/Dockerfile @@ -4,7 +4,7 @@ MAINTAINER Wonderfall ARG NEXTCLOUD_VERSION=9.0.53 ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" -ENV GID=991 UID=991 +ENV UID=991 GID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ @@ -12,13 +12,12 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && apk -U add \ ${BUILD_DEPS} \ nginx \ - supervisor \ + s6 \ openssl \ ca-certificates \ libsmbclient \ samba-client \ su-exec \ - tini@commuedge \ php7@commuedge \ php7-fpm@commuedge \ php7-intl@commuedge \ @@ -70,18 +69,18 @@ COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf COPY opcache.ini /etc/php7/conf.d/00_opcache.ini COPY apcu.ini /etc/php7/conf.d/apcu.ini -COPY supervisord.conf /etc/supervisor/supervisord.conf COPY run.sh /usr/local/bin/run.sh COPY occ /usr/local/bin/occ COPY cron /etc/periodic/15min/nextcloud +COPY s6.d /etc/s6.d -RUN chmod +x /usr/local/bin/* /etc/periodic/15min/nextcloud +RUN chmod +x /usr/local/bin/* /etc/periodic/15min/nextcloud /etc/s6.d/*/* VOLUME /data /config /apps2 -EXPOSE 80 +EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/nextcloud/9.0/cron b/nextcloud/9.0/cron index 8d5ad0a..b6b0427 100644 --- a/nextcloud/9.0/cron +++ b/nextcloud/9.0/cron @@ -1,2 +1,2 @@ #!/bin/sh -su - nextcloud -c "php7 -f /nextcloud/cron.php" > /dev/null 2>&1 +php7 -f /nextcloud/cron.php" > /dev/null 2>&1 diff --git a/nextcloud/9.0/nginx.conf b/nextcloud/9.0/nginx.conf index 0415d4d..5d3ed14 100644 --- a/nextcloud/9.0/nginx.conf +++ b/nextcloud/9.0/nginx.conf @@ -1,6 +1,5 @@ -user nextcloud; worker_processes auto; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; daemon off; events { @@ -50,7 +49,7 @@ http { image/svg+xml; server { - listen 80; + listen 8888; index index.php; root /nextcloud; client_max_body_size 10G; @@ -94,7 +93,7 @@ http { fastcgi_param modHeadersAvailable true; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; - fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; } location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { diff --git a/nextcloud/9.0/php-fpm.conf b/nextcloud/9.0/php-fpm.conf index fc4cfa7..0797af3 100644 --- a/nextcloud/9.0/php-fpm.conf +++ b/nextcloud/9.0/php-fpm.conf @@ -2,11 +2,7 @@ daemonize = no [www] -user = nextcloud -group = nextcloud -listen = /var/run/php-fpm.sock -listen.owner = nextcloud -listen.group = nextcloud +listen = /tmp/php-fpm.sock pm = dynamic pm.max_children = 10 pm.start_servers = 2 diff --git a/nextcloud/9.0/run.sh b/nextcloud/9.0/run.sh index 3c61faa..040c339 100644 --- a/nextcloud/9.0/run.sh +++ b/nextcloud/9.0/run.sh @@ -1,15 +1,12 @@ #!/bin/sh -addgroup -g ${GID} nextcloud && adduser -h /nextcloud -s /bin/sh -D -G nextcloud -u ${UID} nextcloud -# Set default data directory if [ ! -f /config/config.php ]; then echo -e " '/data',\n);" > /config/config.php fi -touch /var/run/php-fpm.sock mkdir /tmp/fastcgi /tmp/client_body -chown -R nextcloud:nextcloud /nextcloud /data /config /apps2 /var/run/php-fpm.sock /var/lib/nginx /tmp +chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log/nginx /var/log/php7 /var/lib/nginx /tmp /etc/s6.d ln -s /config/config.php /nextcloud/config/config.php ln -s /apps2 /nextcloud -exec supervisord -c /etc/supervisor/supervisord.conf +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/nextcloud/9.0/s6.d/cron/run b/nextcloud/9.0/s6.d/cron/run new file mode 100644 index 0000000..29647de --- /dev/null +++ b/nextcloud/9.0/s6.d/cron/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec crond -f diff --git a/nextcloud/9.0/s6.d/nginx/run b/nextcloud/9.0/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/nextcloud/9.0/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/nextcloud/9.0/s6.d/php/run b/nextcloud/9.0/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/nextcloud/9.0/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/nextcloud/9.0/supervisord.conf b/nextcloud/9.0/supervisord.conf deleted file mode 100644 index bbabd57..0000000 --- a/nextcloud/9.0/supervisord.conf +++ /dev/null @@ -1,11 +0,0 @@ -[supervisord] -nodaemon=true - -[program:cron] -command=crond -f - -[program:php-fpm] -command=php-fpm7 - -[program:nginx] -command=nginx diff --git a/nextcloud/README.md b/nextcloud/README.md index 000a204..d0a6df8 100644 --- a/nextcloud/README.md +++ b/nextcloud/README.md @@ -30,7 +30,7 @@ - **GID** : nextcloud group id *(default : 991)* #### Port -- **80**. +- **8888** (recently changed, nginx now runs without root) #### Volumes - **/data** : Nextcloud data. diff --git a/nextcloud/daily/Dockerfile b/nextcloud/daily/Dockerfile index ddf1711..9a5401e 100644 --- a/nextcloud/daily/Dockerfile +++ b/nextcloud/daily/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:3.4 MAINTAINER Wonderfall -ENV GID=991 UID=991 +ENV UID=991 GID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ @@ -9,13 +9,12 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && apk -U add \ ${BUILD_DEPS} \ nginx \ - supervisor \ + s6 \ openssl \ ca-certificates \ libsmbclient \ samba-client \ su-exec \ - tini@commuedge \ php7@commuedge \ php7-fpm@commuedge \ php7-intl@commuedge \ @@ -54,18 +53,18 @@ COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf COPY opcache.ini /etc/php7/conf.d/00_opcache.ini COPY apcu.ini /etc/php7/conf.d/apcu.ini -COPY supervisord.conf /etc/supervisor/supervisord.conf COPY run.sh /usr/local/bin/run.sh COPY occ /usr/local/bin/occ COPY cron /etc/periodic/15min/nextcloud +COPY s6.d /etc/s6.d -RUN chmod +x /usr/local/bin/* /etc/periodic/15min/nextcloud +RUN chmod +x /usr/local/bin/* /etc/periodic/15min/nextcloud /etc/s6.d/*/* VOLUME /data /config /apps2 -EXPOSE 80 +EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ nextcloud="Nextcloud daily build" -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/nextcloud/daily/cron b/nextcloud/daily/cron index 8d5ad0a..b6b0427 100644 --- a/nextcloud/daily/cron +++ b/nextcloud/daily/cron @@ -1,2 +1,2 @@ #!/bin/sh -su - nextcloud -c "php7 -f /nextcloud/cron.php" > /dev/null 2>&1 +php7 -f /nextcloud/cron.php" > /dev/null 2>&1 diff --git a/nextcloud/daily/nginx.conf b/nextcloud/daily/nginx.conf index 0415d4d..5d3ed14 100644 --- a/nextcloud/daily/nginx.conf +++ b/nextcloud/daily/nginx.conf @@ -1,6 +1,5 @@ -user nextcloud; worker_processes auto; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; daemon off; events { @@ -50,7 +49,7 @@ http { image/svg+xml; server { - listen 80; + listen 8888; index index.php; root /nextcloud; client_max_body_size 10G; @@ -94,7 +93,7 @@ http { fastcgi_param modHeadersAvailable true; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; - fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; } location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { diff --git a/nextcloud/daily/php-fpm.conf b/nextcloud/daily/php-fpm.conf index 8b70b7a..0797af3 100644 --- a/nextcloud/daily/php-fpm.conf +++ b/nextcloud/daily/php-fpm.conf @@ -2,11 +2,7 @@ daemonize = no [www] -user = nextcloud -group = nextcloud -listen = /var/run/php-fpm.sock -listen.owner = nextcloud -listen.group = nextcloud +listen = /tmp/php-fpm.sock pm = dynamic pm.max_children = 10 pm.start_servers = 2 @@ -19,3 +15,4 @@ php_admin_value[post_max_size] = 10G php_admin_value[upload_max_filesize] = 10G php_admin_value[max_execution_time] = 10800 php_admin_value[max_input_time] = 1200 + diff --git a/nextcloud/daily/run.sh b/nextcloud/daily/run.sh index 3c61faa..040c339 100644 --- a/nextcloud/daily/run.sh +++ b/nextcloud/daily/run.sh @@ -1,15 +1,12 @@ #!/bin/sh -addgroup -g ${GID} nextcloud && adduser -h /nextcloud -s /bin/sh -D -G nextcloud -u ${UID} nextcloud -# Set default data directory if [ ! -f /config/config.php ]; then echo -e " '/data',\n);" > /config/config.php fi -touch /var/run/php-fpm.sock mkdir /tmp/fastcgi /tmp/client_body -chown -R nextcloud:nextcloud /nextcloud /data /config /apps2 /var/run/php-fpm.sock /var/lib/nginx /tmp +chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log/nginx /var/log/php7 /var/lib/nginx /tmp /etc/s6.d ln -s /config/config.php /nextcloud/config/config.php ln -s /apps2 /nextcloud -exec supervisord -c /etc/supervisor/supervisord.conf +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/nextcloud/daily/s6.d/cron/run b/nextcloud/daily/s6.d/cron/run new file mode 100644 index 0000000..29647de --- /dev/null +++ b/nextcloud/daily/s6.d/cron/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec crond -f diff --git a/nextcloud/daily/s6.d/nginx/run b/nextcloud/daily/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/nextcloud/daily/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/nextcloud/daily/s6.d/php/run b/nextcloud/daily/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/nextcloud/daily/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/nextcloud/daily/supervisord.conf b/nextcloud/daily/supervisord.conf deleted file mode 100644 index bbabd57..0000000 --- a/nextcloud/daily/supervisord.conf +++ /dev/null @@ -1,11 +0,0 @@ -[supervisord] -nodaemon=true - -[program:cron] -command=crond -f - -[program:php-fpm] -command=php-fpm7 - -[program:nginx] -command=nginx diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 6aab7fc..73de404 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -121,4 +121,4 @@ LABEL description="nginx built from source." \ openssl="LibreSSL ${LIBRESSL_VERSION}." \ nginx="nginx ${NGINX_VERSION}." -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/nginx/run.sh b/nginx/run.sh index 0606f33..2049b56 100644 --- a/nginx/run.sh +++ b/nginx/run.sh @@ -1,5 +1,4 @@ #!/bin/sh -touch /var/run/nginx.pid chown -R $UID:$GID /etc/nginx /var/log/nginx /var/run/nginx.pid /sites-enabled /conf.d /certs /www /tmp chmod -R 700 /certs -su-exec $UID:$GID nginx +exec su-exec $UID:$GID /sbin/tini -- nginx diff --git a/privatebin/Dockerfile b/privatebin/Dockerfile index 1735125..e591268 100644 --- a/privatebin/Dockerfile +++ b/privatebin/Dockerfile @@ -8,7 +8,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && apk -U add \ $BUILD_DEPS \ nginx \ - supervisor \ + s6 \ + su-exec \ tini@commuedge \ php7-fpm@commuedge \ php7-gd@commuedge \ @@ -23,13 +24,13 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY supervisord.conf /usr/local/etc/supervisord.conf COPY run.sh /usr/local/bin/run.sh +COPY s6.d /etc/s6.d -RUN chmod +x /usr/local/bin/run.sh +RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* VOLUME /zerobin/data -EXPOSE 80 +EXPOSE 8888 -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/privatebin/README.md b/privatebin/README.md index f9ba903..4357d7e 100644 --- a/privatebin/README.md +++ b/privatebin/README.md @@ -15,4 +15,4 @@ Paste securely. - **/zerobin/data** #### Ports -- **80** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration) +- **8888** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration) diff --git a/privatebin/nginx.conf b/privatebin/nginx.conf index 2a56015..6b58e56 100644 --- a/privatebin/nginx.conf +++ b/privatebin/nginx.conf @@ -1,6 +1,5 @@ -user zerobin; worker_processes auto; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; daemon off; events { @@ -47,7 +46,7 @@ http { image/svg+xml; server { - listen 80; + listen 8888; root /zerobin; index index.php index.html; @@ -74,7 +73,7 @@ http { location ~ \.php$ { fastcgi_index index.php; - fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } diff --git a/privatebin/php-fpm.conf b/privatebin/php-fpm.conf index b96a7ee..1e349b5 100644 --- a/privatebin/php-fpm.conf +++ b/privatebin/php-fpm.conf @@ -1,9 +1,5 @@ [www] -user = zerobin -group = zerobin -listen = /var/run/php-fpm.sock -listen.owner = zerobin -listen.group = zerobin +listen = /tmp/php-fpm.sock pm = dynamic pm.max_children = 5 pm.start_servers = 2 diff --git a/privatebin/run.sh b/privatebin/run.sh index 43a41bd..cacc88c 100644 --- a/privatebin/run.sh +++ b/privatebin/run.sh @@ -1,5 +1,3 @@ #!/bin/sh -addgroup -g ${GID} zerobin && adduser -h /zerobin -s /bin/sh -D -G zerobin -u ${UID} zerobin -touch /var/run/php-fpm.sock -chown -R zerobin:zerobin /zerobin /var/run/php-fpm.sock /var/lib/nginx /tmp -exec supervisord -c /usr/local/etc/supervisord.conf +chown -R $UID:$GID /zerobin /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d +exec su-exec $UID:$GID /sbin/tini -- /bin/s6-svscan /etc/s6.d diff --git a/privatebin/s6.d/nginx/run b/privatebin/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/privatebin/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/privatebin/s6.d/php/run b/privatebin/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/privatebin/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/privatebin/supervisord.conf b/privatebin/supervisord.conf deleted file mode 100644 index 0bdc45e..0000000 --- a/privatebin/supervisord.conf +++ /dev/null @@ -1,8 +0,0 @@ -[supervisord] -nodaemon=true - -[program:php-fpm] -command=php-fpm7 --nodaemonize - -[program:nginx] -command=nginx diff --git a/rainloop/Dockerfile b/rainloop/Dockerfile index 66bbd28..87ef24d 100644 --- a/rainloop/Dockerfile +++ b/rainloop/Dockerfile @@ -3,13 +3,14 @@ MAINTAINER Wonderfall ARG GPG_rainloop="3B79 7ECE 694F 3B7B 70F3 11A4 ED7C 49D9 87DA 4591" -ENV GID=991 UID=991 +ENV UID=991 GID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && apk -U add \ gnupg \ nginx \ - supervisor \ + s6 \ + su-exec \ tini@commuedge \ php7-fpm@commuedge \ php7-curl@commuedge \ @@ -41,11 +42,13 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY supervisord.conf /usr/local/etc/supervisord.conf +COPY s6.d /etc/s6.d COPY run.sh /usr/local/bin/run.sh -RUN chmod +x /usr/local/bin/run.sh +RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* VOLUME /rainloop/data -EXPOSE 80 -CMD ["/sbin/tini","--","run.sh"] + +EXPOSE 8888 + +CMD ["run.sh"] diff --git a/rainloop/README.md b/rainloop/README.md index 0c99aef..d16ef4e 100644 --- a/rainloop/README.md +++ b/rainloop/README.md @@ -11,7 +11,6 @@ Rainloop is a simple, modern & fast web-based client. More info on the [official - Contacts (DB) : sqlite, or mysql (server not built-in) - nginx + PHP7 - #### Build-time variables - **GPG_rainloop** : fingerprint of signing key @@ -22,6 +21,9 @@ Rainloop is a simple, modern & fast web-based client. More info on the [official #### Volumes - **/rainloop/data** : data files. +#### Ports +- **8888*** + #### Reverse proxy https://github.com/Wonderfall/dockerfiles/tree/master/reverse -https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration \ No newline at end of file +https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration diff --git a/rainloop/nginx.conf b/rainloop/nginx.conf index 226bab9..4bece77 100644 --- a/rainloop/nginx.conf +++ b/rainloop/nginx.conf @@ -1,6 +1,5 @@ -user rainloop; worker_processes auto; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; daemon off; events { @@ -47,9 +46,9 @@ http { image/svg+xml; server { - listen 80; - root /rainloop; - index index.php index.html; + listen 8888; + root /rainloop; + index index.php index.html; location ^~ /data { deny all; @@ -61,7 +60,7 @@ http { location ~ \.php$ { fastcgi_index index.php; - fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } diff --git a/rainloop/php-fpm.conf b/rainloop/php-fpm.conf index bd3f372..f636044 100644 --- a/rainloop/php-fpm.conf +++ b/rainloop/php-fpm.conf @@ -2,11 +2,7 @@ daemonize = no [www] -user = rainloop -group = rainloop -listen = /var/run/php-fpm.sock -listen.owner = rainloop -listen.group = rainloop +listen = /tmp/php-fpm.sock pm = dynamic pm.max_children = 5 pm.start_servers = 2 diff --git a/rainloop/run.sh b/rainloop/run.sh index 1a1c0db..c3929d9 100644 --- a/rainloop/run.sh +++ b/rainloop/run.sh @@ -1,4 +1,3 @@ #!/bin/sh -addgroup -g ${GID} rainloop && adduser -h /rainloop -s /bin/sh -D -G rainloop -u ${UID} rainloop -chown -R rainloop:rainloop /rainloop /var/run/php-fpm.sock /var/lib/nginx /tmp -exec supervisord -c /usr/local/etc/supervisord.conf +chown -R $UID:$GID /rainloop /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d +exec su-exec $UID:$GID /sbin/tini -- /bin/s6-svscan /etc/s6.d diff --git a/rainloop/s6.d/nginx/run b/rainloop/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/rainloop/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/rainloop/s6.d/php/run b/rainloop/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/rainloop/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/rainloop/supervisord.conf b/rainloop/supervisord.conf deleted file mode 100644 index f2cd4b1..0000000 --- a/rainloop/supervisord.conf +++ /dev/null @@ -1,8 +0,0 @@ -[supervisord] -nodaemon=true - -[program:php-fpm] -command=php-fpm7 - -[program:nginx] -command=nginx diff --git a/searx/Dockerfile b/searx/Dockerfile index 290d467..887bd8b 100644 --- a/searx/Dockerfile +++ b/searx/Dockerfile @@ -1,7 +1,8 @@ FROM alpine:3.4 MAINTAINER Wonderfall -ENV BASE_URL=False IMAGE_PROXY=False +ENV BASE_URL=False IMAGE_PROXY=False \ + UID=991 GID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && BUILD_DEPS=" \ @@ -16,6 +17,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a ca-certificates" \ && apk -U add \ ${BUILD_DEPS} \ + su-exec \ python \ libxml2 \ libxslt \ @@ -25,8 +27,6 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && mkdir /usr/local/searx && cd /usr/local/searx \ && wget -qO- https://github.com/asciimoo/searx/archive/master.tar.gz | tar xz --strip 1 \ && sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml \ - && adduser -D -h /usr/local/searx -s /bin/sh searx searx \ - && chown -R searx:searx /usr/local/searx \ && apk del ${BUILD_DEPS} \ && rm -f /var/cache/apk/* @@ -34,8 +34,6 @@ COPY run.sh /usr/local/bin/run.sh RUN chmod +x /usr/local/bin/run.sh -USER searx - EXPOSE 8888 -CMD ["/sbin/tini","--","run.sh"] +CMD ["run.sh"] diff --git a/searx/run.sh b/searx/run.sh index 0c7d4c5..bb275ff 100644 --- a/searx/run.sh +++ b/searx/run.sh @@ -4,4 +4,4 @@ sed -i -e "s|base_url : False|base_url : ${BASE_URL}|g" \ -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" \ /usr/local/searx/searx/settings.yml -exec python /usr/local/searx/searx/webapp.py +exec su-exec $UID:$GID /sbin/tini -- python /usr/local/searx/searx/webapp.py diff --git a/tor/Dockerfile b/tor/Dockerfile index 7ff1486..0a3f391 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,15 +1,17 @@ FROM alpine:3.4 +MAINTAINER Wonderfall ARG TOR_VERSION=0.2.8.7 -ARG TOR_USER_ID=45553 ARG ARM_VERSION=1.4.5.0 ARG GPG_Mathewson="B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA" ARG GPG_Johnson="6827 8CC5 DD2D 1E85 C4E4 5AD9 0445 B7AB 9ABB EEC6" -ENV TERM=xterm +ENV TERM=xterm \ + UID=991 GID=991 -RUN BUILD_DEPS=" \ +RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/apk/repositories \ + && BUILD_DEPS=" \ libevent-dev \ openssl-dev \ build-base \ @@ -17,6 +19,8 @@ RUN BUILD_DEPS=" \ ca-certificates" \ && apk -U add \ ${BUILD_DEPS} \ + su-exec \ + tini@community \ python \ libevent \ openssl \ @@ -33,7 +37,6 @@ RUN BUILD_DEPS=" \ && echo "All seems good, now unpacking ${TOR_TARBALL}..." \ && tar xzf ${TOR_TARBALL} && cd tor-${TOR_VERSION} \ && ./configure --disable-asciidoc && make && make install \ - && adduser -h /var/run/tor -D -s /sbin/nologin -u ${TOR_USER_ID} tor \ && cd /tmp \ && ARM_TARBALL="arm-${ARM_VERSION}.tar.bz2" \ && wget -q https://www.atagar.com/arm/resources/static/${ARM_TARBALL} \ @@ -49,8 +52,12 @@ RUN BUILD_DEPS=" \ && apk del ${BUILD_DEPS} \ && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg -VOLUME /usr/local/etc/tor /tordata -EXPOSE 9001 9030 -USER tor +COPY run.sh /usr/local/bin/run.sh -ENTRYPOINT [ "tor" ] +RUN chmod +x /usr/local/bin/run.sh + +VOLUME /tor/config /tor/data + +EXPOSE 9001 9030 + +ENTRYPOINT ["run.sh"] diff --git a/tor/run.sh b/tor/run.sh new file mode 100644 index 0000000..9858774 --- /dev/null +++ b/tor/run.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown -R $UID:$GID /tor +exec su-exec $UID:$GID tini -- tor $@