Skip to content
This repository has been archived by the owner on Jan 26, 2022. It is now read-only.

Commit

Permalink
Merge pull request #39 from niiknow/master
Browse files Browse the repository at this point in the history
Merge for mysql.
  • Loading branch information
noogen authored Mar 19, 2018
2 parents 3247817 + 9fe6fbd commit 4982b37
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 54 deletions.
57 changes: 10 additions & 47 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,22 +1,19 @@
FROM niiknow/docker-hostingbase:1.0.3
FROM niiknow/docker-hostingbase:1.0.8

MAINTAINER [email protected]

ENV DEBIAN_FRONTEND=noninteractive \
VESTA=/usr/local/vesta \
GOLANG_VERSION=1.9.3 \
GOLANG_VERSION=1.10 \
NGINX_BUILD_DIR=/usr/src/nginx \
NGINX_DEVEL_KIT_VERSION=0.3.0 NGINX_SET_MISC_MODULE_VERSION=0.31 \
NGINX_VERSION=1.13.8 \
NGINX_PAGESPEED_VERSION=1.12.34.3 \
NGINX_PSOL_VERSION=1.12.34.2 \
NGINX_VERSION=1.13.9 \
NGINX_PAGESPEED_VERSION=1.13.35.2 \
NGINX_PSOL_VERSION=1.13.35.2 \
IMAGE_FILTER_URL=https://raw.githubusercontent.com/niiknow/docker-nginx-image-proxy/master/build/src/ngx_http_image_filter_module.c

# start
RUN \
cd /tmp \

# add our user and group first to make sure their IDs get assigned consistently
&& echo "nginx mysql bind clamav ssl-cert dovecot dovenull Debian-exim postgres debian-spamd epmd couchdb memcache mongodb redis" | xargs -n1 groupadd -K GID_MIN=100 -K GID_MAX=999 ${g} \
&& echo "nginx nginx mysql mysql bind bind clamav clamav dovecot dovecot dovenull dovenull Debian-exim Debian-exim postgres postgres debian-spamd debian-spamd epmd epmd couchdb couchdb memcache memcache mongodb mongodb redis redis" | xargs -n2 useradd -d /nonexistent -s /bin/false -K UID_MIN=100 -K UID_MAX=999 -g ${g} \
&& usermod -d /var/lib/mysql mysql \
Expand All @@ -30,92 +27,58 @@ RUN \
&& usermod -d /var/lib/couchdb -s /bin/bash couchdb \
&& usermod -d /var/lib/mongodb -a -G nogroup mongodb \
&& usermod -d /var/lib/redis redis \

# build nginx set misc
&& curl -sL "https://github.com/simpl/ngx_devel_kit/archive/v$NGINX_DEVEL_KIT_VERSION.tar.gz" -o dev-kit.tar.gz \
&& mkdir -p /usr/src/nginx/ngx_devel_kit \
&& tar -xof dev-kit.tar.gz -C /usr/src/nginx/ngx_devel_kit --strip-components=1 \
&& rm dev-kit.tar.gz \

&& curl -sL "https://github.com/openresty/set-misc-nginx-module/archive/v$NGINX_SET_MISC_MODULE_VERSION.tar.gz" -o ngx-misc.tar.gz \
&& mkdir -p /usr/src/nginx/set-misc-nginx-module \
&& tar -xof ngx-misc.tar.gz -C /usr/src/nginx/set-misc-nginx-module --strip-components=1 \
&& rm ngx-misc.tar.gz \

&& add-apt-repository -r 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial main' \

# add nginx repo
&& curl -s https://nginx.org/keys/nginx_signing.key | apt-key add - \
&& cp /etc/apt/sources.list /etc/apt/sources.list.bak \
&& echo "deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx" | tee -a /etc/apt/sources.list \
&& echo "deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx" | tee -a /etc/apt/sources.list \

# update
&& apt-get update && apt-get -y --no-install-recommends upgrade \
&& apt-get install -y --no-install-recommends libpcre3-dev libssl-dev dpkg-dev libgd-dev iproute \

# install nginx with pagespeed first so vesta config can override
&& apt-get install -y --no-install-recommends libpcre3-dev libssl-dev dpkg-dev libgd-dev iproute uuid-dev \
&& mkdir -p ${NGINX_BUILD_DIR} \

&& cd ${NGINX_BUILD_DIR} \

# get the source
&& apt-get source nginx=${NGINX_VERSION} -y \
&& mv ${NGINX_BUILD_DIR}/nginx-${NGINX_VERSION}/src/http/modules/ngx_http_image_filter_module.c ${NGINX_BUILD_DIR}/nginx-${NGINX_VERSION}/src/http/modules/ngx_http_image_filter_module.bak \


# apply patch
&& curl -SL $IMAGE_FILTER_URL --output ${NGINX_BUILD_DIR}/nginx-${NGINX_VERSION}/src/http/modules/ngx_http_image_filter_module.c \
&& sed -i "s/--with-http_ssl_module/--with-http_ssl_module --with-http_image_filter_module --add-module=\/usr\/src\/nginx\/ngx_devel_kit --add-module=\/usr\/src\/nginx\/set-misc-nginx-module --add-module=\/usr\/src\/nginx\/ngx_pagespeed-latest-stable/g" ${NGINX_BUILD_DIR}/nginx-${NGINX_VERSION}/debian/rules \

# Load Pagespeed module, PSOL and nginx
&& curl -SL https://github.com/pagespeed/ngx_pagespeed/archive/v${NGINX_PAGESPEED_VERSION}-stable.zip -o ${NGINX_BUILD_DIR}/latest-stable.zip \
&& curl -SL https://github.com/apache/incubator-pagespeed-ngx/archive/v${NGINX_PAGESPEED_VERSION}-stable.zip -o latest-stable.zip \
&& unzip latest-stable.zip \
&& mv incubator-pagespeed-ngx-${NGINX_PAGESPEED_VERSION}-stable ngx_pagespeed-latest-stable \
&& cd ngx_pagespeed-latest-stable \
&& curl -SL https://dl.google.com/dl/page-speed/psol/${NGINX_PSOL_VERSION}-x64.tar.gz -o ${NGINX_PSOL_VERSION}.tar.gz \
&& tar -xzf ${NGINX_PSOL_VERSION}.tar.gz \

# get build dependencies
&& apt-get build-dep nginx -y \
&& cd ${NGINX_BUILD_DIR}/nginx-${NGINX_VERSION}; dpkg-buildpackage -uc -us -b \

&& cd ${NGINX_BUILD_DIR} \

# install new nginx package
&& dpkg -i nginx_${NGINX_VERSION}-1~xenial_amd64.deb \

# install php
&& apt-get install -yq php5.6-mbstring php5.6-cgi php5.6-cli php5.6-dev php5.6-geoip php5.6-common php5.6-xmlrpc php5.6-sybase \
php5.6-curl php5.6-enchant php5.6-imap php5.6-xsl php5.6-mysql php5.6-mysqlnd php5.6-pspell php5.6-gd php5.6-zip \
php5.6-tidy php5.6-opcache php5.6-json php5.6-bz2 php5.6-pgsql php5.6-mcrypt php5.6-readline php5.6-imagick \
php5.6-intl php5.6-sqlite3 php5.6-ldap php5.6-xml php5.6-redis php5.6-dev php5.6-fpm php5.6-soap \

&& apt-get install -yq php7.0-mbstring php7.0-cgi php7.0-cli php7.0-dev php7.0-geoip php7.0-common php7.0-xmlrpc php7.0-sybase \
php7.0-curl php7.0-enchant php7.0-imap php7.0-xsl php7.0-mysql php7.0-mysqlnd php7.0-pspell php7.0-gd php7.0-zip \
php7.0-tidy php7.0-opcache php7.0-json php7.0-bz2 php7.0-pgsql php7.0-mcrypt php7.0-readline php7.0-imagick \
php7.0-intl php7.0-sqlite3 php7.0-ldap php7.0-xml php7.0-redis php7.0-dev php7.0-fpm php7.0-sodium php7.0-soap \

&& apt-get install -yq php7.1-mbstring php7.1-cgi php7.1-cli php7.1-dev php7.1-geoip php7.1-common php7.1-xmlrpc php7.1-sybase \
php7.1-curl php7.1-enchant php7.1-imap php7.1-xsl php7.1-mysql php7.1-mysqlnd php7.1-pspell php7.1-gd php7.1-zip \
php7.1-tidy php7.1-opcache php7.1-json php7.1-bz2 php7.1-pgsql php7.1-mcrypt php7.1-readline php7.1-imagick \
php7.1-intl php7.1-sqlite3 php7.1-ldap php7.1-xml php7.1-redis php7.1-dev php7.1-fpm php7.1-sodium php7.1-soap \

&& apt-get install -yq php7.2-mbstring php7.2-cgi php7.2-cli php7.2-dev php7.2-geoip php7.2-common php7.2-xmlrpc php7.2-sybase \
php7.2-curl php7.2-enchant php7.2-imap php7.2-xsl php7.2-mysql php7.2-mysqlnd php7.2-pspell php7.2-gd php7.2-zip \
php7.2-tidy php7.2-opcache php7.2-json php7.2-bz2 php7.2-pgsql php7.2-readline php7.2-imagick \
php7.2-intl php7.2-sqlite3 php7.2-ldap php7.2-xml php7.2-redis php7.2-dev php7.2-fpm php7.2-soap \

# put back old source list for vesta
&& rm -f /etc/apt/sources.list && mv /etc/apt/sources.list.bak /etc/apt/sources.list \

# finish cleaning up
&& rm -rf /usr/src/nginx \
&& rm -rf /tmp/* \
&& apt-get -yf autoremove \
&& apt-get clean

# begin VestaCP install
RUN \
cd /tmp \

Expand All @@ -127,7 +90,7 @@ RUN \
&& sed -i -e "s/\"nginx apache2/\"apache2/g" /tmp/vst-install-ubuntu.sh \

# fix mariadb instead of mysql
# && sed -i -e "s/mysql\-/mariadb\-/g" /tmp/vst-install-ubuntu.sh \
&& sed -i -e "s/mysql\-/mariadb\-/g" /tmp/vst-install-ubuntu.sh \

# begin install vesta
&& bash /tmp/vst-install-ubuntu.sh \
Expand Down Expand Up @@ -166,7 +129,7 @@ RUN \

# install nodejs, memcached, redis-server, openvpn, mongodb, dotnet-sdk, and couchdb
&& apt-get install -yf --no-install-recommends nodejs memcached php-memcached redis-server \
openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.1.4 \
openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.1.101 \

# setting upawscli, golang
# awscli
Expand All @@ -191,6 +154,7 @@ COPY rootfs/. /

RUN \
cd /tmp \

# tweaks
&& chmod +x /etc/init.d/dovecot \
&& chmod +x /etc/service/sshd/run \
Expand Down Expand Up @@ -474,7 +438,6 @@ RUN \
&& sed -i -e 's:^save:# save:g' \
-e 's:^bind:# bind:g' \
-e 's:^logfile:# logfile:' \
-e 's:daemonize yes:daemonize no:' \
-e 's:# maxmemory \(.*\)$:maxmemory 256mb:' \
-e 's:# maxmemory-policy \(.*\)$:maxmemory-policy allkeys-lru:' \
/etc/redis/redis.conf \
Expand Down
17 changes: 11 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ What's included?
* ubuntu 16.04 lts + Vesta 0.9.8-18
* nginx (proxy) -> apache2 -> php-fcgi - high performance and flexible implementation
* added ability to also run php-fpm
* ssh/sftp, letsencrypt, memcached, redis, MariaDB 10.1, postgresql 9.5, nodejs 8.x, golang 1.9, openvpn, mongodb, couchdb, .net core 2.0 runtime
* ssh/sftp, letsencrypt, memcached, redis, MariaDB 10.2, postgresql 9.5, nodejs 8.x, golang 1.10, openvpn, mongodb, couchdb, .net core 2.0 runtime
* folder redirection for data persistence and automatic daily backup provided by VestaCP
* DNS, named, dovecot/roundcube, spamassassin, clamav, etc... -- disabled by default
* vesta panel SSL (LE-issued) for mail and control panel - provide $VESTA_DOMAIN environment variable
Expand Down Expand Up @@ -41,7 +41,7 @@ FTP was not installed on purpose because it's not secure. Use SFTP instead on t
- [x] **Dovecot/roundcube email, phpmyadmin, phppgadmin, and DNS services** are disabled by default. Look at /home/admin/bin/my-startup.sh for instruction on how to re-enable these services.

### misc/tested/verified
- [x] ssh/sftp, nginx, apache2, php7.1 + v8js
- [x] ssh/sftp, nginx, apache2, php7.0+ & v8js
- [x] log viewing in Vesta
- [x] backup and restore
- [x] Vesta FileManager
Expand Down Expand Up @@ -75,12 +75,17 @@ If you use this Docker for hosting and allow your user to login, I also recommen
Enjoy!!!

## Release Notes
1.1.0 - starting from this version, we upgraded to MariaDB 10.2, please login as root and run the command:
1.1.9 - Update to be more secure and compliance. A bunch of security issues discovered during the holidays were patched by various vendors including cpu (meltdown & spectre) and .net core issues:

```
# mysql_upgrade --verbose -u root -p
# service mysql restart
- php 5.6 v8js no longer supported due to security issues resulting in older v8 deprecation.
- update nginx to 1.13.9 - rebuilt with latest ngx_pagespeed
- update golang 1.10
- update to dotnet-sdk-2.1.101
- update from 3.4 to 3.6 for mongodb
```
And finish by restarting the docker container.

1.1.0 - starting from this version, we upgraded to MariaDB 10.2.

1.0.8 - introducing vesta 0.9.8-18, update to this docker image then run */bin/vesta-update.sh* to update Vesta.

Expand Down
4 changes: 3 additions & 1 deletion rootfs/etc/my_init.d/startup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ if [ ! -f /home/admin/bin/my-startup.sh ]; then
echo "[i] running for the 1st time"
rsync --update -raz /vesta-start/* /vesta
rsync --update -raz /sysprepz/home/* /home

# work around for AUFS bug
# as per https://github.com/docker/docker/issues/783#issuecomment-56013588
mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
# save some bytes, you can do it later
# rm -rf /sysprepz
# rm -rf /vesta-start
Expand Down

0 comments on commit 4982b37

Please sign in to comment.