fix(): delete all root processes

This commit is contained in:
Hardware 2016-09-24 12:46:58 +02:00
parent ba25ccaa80
commit 5a918dddf9
No known key found for this signature in database
GPG Key ID: EC6DF6F90263EDEA
10 changed files with 55 additions and 62 deletions

View File

@ -1,17 +1,17 @@
FROM alpine:3.4 FROM alpine:3.4
MAINTAINER Wonderfall <wonderfall@mondedie.fr> MAINTAINER Wonderfall <wonderfall@schrodinger.io>
MAINTAINER Hardware <contact@meshup.net> MAINTAINER Hardware <contact@meshup.net>
ARG GPG_rainloop="3B79 7ECE 694F 3B7B 70F3 11A4 ED7C 49D9 87DA 4591" ARG GPG_FINGERPRINT="3B79 7ECE 694F 3B7B 70F3 11A4 ED7C 49D9 87DA 4591"
ENV GID=991 UID=991 ENV UID=991 GID=991
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \ && apk -U add \
gnupg \ gnupg \
nginx \ nginx \
supervisor \ s6 \
tini@commuedge \ su-exec \
php7-fpm@commuedge \ php7-fpm@commuedge \
php7-curl@commuedge \ php7-curl@commuedge \
php7-iconv@commuedge \ php7-iconv@commuedge \
@ -32,7 +32,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
&& FINGERPRINT="$(LANG=C gpg --verify rainloop-community-latest.zip.asc rainloop-community-latest.zip 2>&1 \ && FINGERPRINT="$(LANG=C gpg --verify rainloop-community-latest.zip.asc rainloop-community-latest.zip 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_rainloop}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ && if [ "${FINGERPRINT}" != "${GPG_FINGERPRINT}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unzipping rainloop-community-latest.zip..." \ && echo "All seems good, now unzipping rainloop-community-latest.zip..." \
&& mkdir /rainloop && unzip -q /tmp/rainloop-community-latest.zip -d /rainloop \ && mkdir /rainloop && unzip -q /tmp/rainloop-community-latest.zip -d /rainloop \
&& find /rainloop -type d -exec chmod 755 {} \; \ && find /rainloop -type d -exec chmod 755 {} \; \
@ -42,11 +42,13 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY s6.d /etc/s6.d
COPY startup /usr/local/bin/startup COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/startup RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /rainloop/data VOLUME /rainloop/data
EXPOSE 80
CMD ["/sbin/tini","--","startup"] EXPOSE 8888
CMD ["run.sh"]

View File

@ -2,22 +2,32 @@
![](https://i.goopics.net/nI.png) ![](https://i.goopics.net/nI.png)
### What is this ?
Rainloop is a simple, modern & fast web-based client. More details on the [official website](http://www.rainloop.net/). Rainloop is a simple, modern & fast web-based client. More details on the [official website](http://www.rainloop.net/).
### Features ### Features
- Based on Alpine 3.3
- Lightweight & secure image (no root process)
- Based on Alpine 3.4
- Latest Rainloop **Community Edition** (stable) - Latest Rainloop **Community Edition** (stable)
- Contacts (DB) : sqlite, or mysql (server not built-in) - Contacts (DB) : sqlite, or mysql (server not built-in)
- With Nginx and PHP7
### How to use ### Build-time variables
``` - **GPG_FINGERPRINT** : fingerprint of signing key
docker run -d \
--name rainloop \ ### Ports
--link mariadb:mariadb \ # Optional
-v /mnt/docker/rainloop:/rainloop/data \ - **8888**
hardware/rainloop
``` ### Environment variables
| Variable | Description | Type | Default value |
| -------- | ----------- | ---- | ------------- |
| **GID** | rainloop user id | *optional* | 991
| **UID** | rainloop group id | *optional* | 991
### Reverse proxy example with nginx ### Reverse proxy example with nginx
@ -27,15 +37,6 @@ https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
https://github.com/hardware/mailserver/wiki/Rainloop-initial-configuration https://github.com/hardware/mailserver/wiki/Rainloop-initial-configuration
#### Build-time variables
- **GPG_rainloop** : fingerprint of signing key
### Environment variables
- **UID** : rainloop user id (*optional*, default: 991)
- **GID** : rainloop group id (*optional*, default: 991)
### Docker-compose ### Docker-compose
#### Docker-compose.yml #### Docker-compose.yml
@ -48,7 +49,7 @@ rainloop:
volumes: volumes:
- /mnt/docker/rainloop:/rainloop/data - /mnt/docker/rainloop:/rainloop/data
# if using mysql as contacts database : # if using mariadb as contacts database :
mariadb: mariadb:
image: mariadb:10.1 image: mariadb:10.1

View File

@ -1,6 +1,5 @@
user rainloop;
worker_processes auto; worker_processes auto;
pid /var/run/nginx.pid; pid /tmp/nginx.pid;
daemon off; daemon off;
events { events {
@ -13,7 +12,7 @@ http {
default_type application/octet-stream; default_type application/octet-stream;
access_log off; access_log off;
error_log /var/log/nginx/error.log error; error_log /tmp/ngx_error.log error;
sendfile on; sendfile on;
keepalive_timeout 15; keepalive_timeout 15;
@ -23,6 +22,12 @@ http {
tcp_nodelay on; tcp_nodelay on;
server_tokens off; server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip on; gzip on;
gzip_comp_level 5; gzip_comp_level 5;
gzip_min_length 512; gzip_min_length 512;
@ -47,7 +52,7 @@ http {
image/svg+xml; image/svg+xml;
server { server {
listen 80; listen 8888;
root /rainloop; root /rainloop;
index index.php; index index.php;
charset utf-8; charset utf-8;
@ -61,12 +66,12 @@ http {
} }
location ~* \.php$ { location ~* \.php$ {
try_files $uri =404;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
} }
} }

View File

@ -2,11 +2,7 @@
daemonize = no daemonize = no
[www] [www]
user = rainloop listen = /tmp/php-fpm.sock
group = rainloop
listen = /var/run/php-fpm.sock
listen.owner = rainloop
listen.group = rainloop
pm = dynamic pm = dynamic
pm.max_children = 5 pm.max_children = 5
pm.start_servers = 2 pm.start_servers = 2

3
run.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
chown -R $UID:$GID /rainloop /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

2
s6.d/.s6-svscan/finish Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exit 0

2
s6.d/nginx/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec nginx

2
s6.d/php/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec php-fpm7

10
startup
View File

@ -1,10 +0,0 @@
#!/bin/sh
# Create user and group
addgroup -g ${GID} rainloop && adduser -h /rainloop -s /bin/sh -D -G rainloop -u ${UID} rainloop
# Set permissions
chown -R rainloop:rainloop /rainloop /var/lib/nginx
# RUN !
supervisord -c /etc/supervisor/supervisord.conf

View File

@ -1,10 +0,0 @@
[supervisord]
logfile = /tmp/supervisord.log
pidfile = /tmp/supervisord.pid
nodaemon=true
[program:php-fpm]
command=php-fpm7
[program:nginx]
command=nginx