Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix permissions issues for autoconf and fix volume for ghost example

Browse Source
This commit is contained in:
bunkerity 2021-04-27 16:49:45 +02:00
parent 6521d7a27a
commit f84fd7c9a2
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
7 changed files with 55 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
autoconf/Dockerfile
View File

@ -12,6 +12,9 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
mkdir /opt/scripts && \ mkdir /opt/scripts && \
addgroup -g 101 nginx && \ addgroup -g 101 nginx && \
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
mkdir /etc/letsencrypt && \
chown root:nginx /etc/letsencrypt && \
chmod 770 /etc/letsencrypt && \
mkdir /var/log/letsencrypt && \ mkdir /var/log/letsencrypt && \
chown root:nginx /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \
chmod 770 /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \
@ -25,7 +28,11 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/log/jobs.log && \ chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \
chown -R root:nginx /opt/confs/nginx && \ chown -R root:nginx /opt/confs/nginx && \
chmod -R 770 /opt/confs/nginx chmod -R 770 /opt/confs/nginx && \
mkdir /acme-challenge && \
chown root:nginx /acme-challenge && \
chmod 770 /acme-challenge
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
COPY scripts/* /opt/scripts/ COPY scripts/* /opt/scripts/

11
autoconf/Dockerfile-amd64
View File

@ -7,10 +7,14 @@ COPY --from=builder /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
pip3 install docker requests && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global && \ mkdir -p /opt/confs/global && \
mkdir /opt/scripts && \
addgroup -g 101 nginx && \ addgroup -g 101 nginx && \
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
mkdir /etc/letsencrypt && \
chown root:nginx /etc/letsencrypt && \
chmod 770 /etc/letsencrypt && \
mkdir /var/log/letsencrypt && \ mkdir /var/log/letsencrypt && \
chown root:nginx /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \
chmod 770 /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \
@ -24,7 +28,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/log/jobs.log && \ chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \
chown -R root:nginx /opt/confs/nginx && \ chown -R root:nginx /opt/confs/nginx && \
chmod -R 770 /opt/confs/nginx chmod -R 770 /opt/confs/nginx && \
mkdir /acme-challenge && \
chown root:nginx /acme-challenge && \
chmod 770 /acme-challenge
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
COPY scripts/* /opt/scripts/ COPY scripts/* /opt/scripts/

9
autoconf/Dockerfile-arm32v7
View File

@ -15,8 +15,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global && \ mkdir -p /opt/confs/global && \
mkdir /opt/scripts && \
addgroup -g 101 nginx && \ addgroup -g 101 nginx && \
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
mkdir /etc/letsencrypt && \
chown root:nginx /etc/letsencrypt && \
chmod 770 /etc/letsencrypt && \
mkdir /var/log/letsencrypt && \ mkdir /var/log/letsencrypt && \
chown root:nginx /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \
chmod 770 /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \
@ -30,7 +34,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/log/jobs.log && \ chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \
chown -R root:nginx /opt/confs/nginx && \ chown -R root:nginx /opt/confs/nginx && \
chmod -R 770 /opt/confs/nginx chmod -R 770 /opt/confs/nginx && \
mkdir /acme-challenge && \
chown root:nginx /acme-challenge && \
chmod 770 /acme-challenge
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
COPY scripts/* /opt/scripts/ COPY scripts/* /opt/scripts/

9
autoconf/Dockerfile-arm64v8
View File

@ -15,8 +15,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global && \ mkdir -p /opt/confs/global && \
mkdir /opt/scripts && \
addgroup -g 101 nginx && \ addgroup -g 101 nginx && \
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
mkdir /etc/letsencrypt && \
chown root:nginx /etc/letsencrypt && \
chmod 770 /etc/letsencrypt && \
mkdir /var/log/letsencrypt && \ mkdir /var/log/letsencrypt && \
chown root:nginx /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \
chmod 770 /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \
@ -30,7 +34,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/log/jobs.log && \ chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \
chown -R root:nginx /opt/confs/nginx && \ chown -R root:nginx /opt/confs/nginx && \
chmod -R 770 /opt/confs/nginx chmod -R 770 /opt/confs/nginx && \
mkdir /acme-challenge && \
chown root:nginx /acme-challenge && \
chmod 770 /acme-challenge
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
COPY scripts/* /opt/scripts/ COPY scripts/* /opt/scripts/

9
autoconf/Dockerfile-i386
View File

@ -9,8 +9,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global && \ mkdir -p /opt/confs/global && \
mkdir /opt/scripts && \
addgroup -g 101 nginx && \ addgroup -g 101 nginx && \
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
mkdir /etc/letsencrypt && \
chown root:nginx /etc/letsencrypt && \
chmod 770 /etc/letsencrypt && \
mkdir /var/log/letsencrypt && \ mkdir /var/log/letsencrypt && \
chown root:nginx /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \
chmod 770 /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \
@ -24,7 +28,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
chown root:nginx /var/log/jobs.log && \ chown root:nginx /var/log/jobs.log && \
chmod 770 /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \
chown -R root:nginx /opt/confs/nginx && \ chown -R root:nginx /opt/confs/nginx && \
chmod -R 770 /opt/confs/nginx chmod -R 770 /opt/confs/nginx && \
mkdir /acme-challenge && \
chown root:nginx /acme-challenge && \
chmod 770 /acme-challenge
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
COPY scripts/* /opt/scripts/ COPY scripts/* /opt/scripts/

22
entrypoint/permissions.sh
View File

@ -6,20 +6,24 @@ if [ ! -w "/etc/letsencrypt" ] || [ ! -r "/etc/letsencrypt" ] || [ ! -x "/etc/le
exit 1 exit 1
fi fi
# /www if [ -f "/usr/sbin/nginx" ] ; then
if [ ! -r "/www" ] || [ ! -x "/www" ] ; then # /www
echo "[!] ERROR - wrong permissions on /www" if [ ! -r "/www" ] || [ ! -x "/www" ] ; then
exit 2 echo "[!] ERROR - wrong permissions on /www"
fi exit 2
fi
# /etc/nginx
if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
echo "[!] ERROR - wrong permissions on /etc/nginx"
exit 3
fi fi
# /acme-challenge # /acme-challenge
if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
echo "[!] ERROR - wrong permissions on /acme-challenge" echo "[!] ERROR - wrong permissions on /acme-challenge"
exit 3
fi
# /etc/nginx
if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
echo "[!] ERROR - wrong permissions on /etc/nginx"
exit 4 exit 4
fi fi

2
examples/ghost/docker-compose.yml
View File

@ -25,6 +25,6 @@ services:
myghost: myghost:
image: ghost:alpine image: ghost:alpine
volumes: volumes:
- ./data-ghost:/ - ./data-ghost:/var/lib/ghost/content
environment: environment:
- url=https://www.website.com # replace with your domain - url=https://www.website.com # replace with your domain