From bea6faac9fdbc0946309f59b62b66ce10d39cbdf Mon Sep 17 00:00:00 2001 From: Priit Tamboom Date: Mon, 22 Sep 2014 09:14:34 +0300 Subject: [PATCH] Docker: added keys and config files --- Dockerfile | 53 +++++++++++++++++---------- doc/docker/apache2/epp-tester.conf | 18 +++++++++ doc/docker/apache2/epp.conf | 21 +++++++++++ doc/docker/apache2/registry-test.conf | 39 ++++++++++++++++++++ doc/docker/apache2/registry.conf | 17 +++++++++ doc/docker/authorized_keys | 1 - doc/docker/ssh/authorized_keys | 3 ++ 7 files changed, 131 insertions(+), 21 deletions(-) create mode 100644 doc/docker/apache2/epp-tester.conf create mode 100644 doc/docker/apache2/epp.conf create mode 100644 doc/docker/apache2/registry-test.conf create mode 100644 doc/docker/apache2/registry.conf delete mode 100755 doc/docker/authorized_keys create mode 100755 doc/docker/ssh/authorized_keys diff --git a/Dockerfile b/Dockerfile index b80028347..90bb41594 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,45 @@ -FROM gitlab/registry +# FROM gitlab/registry +FROM slimmed MAINTAINER Gitlab -# Set correct environment variables. -ENV HOME /home/app +# Initial build +# SSH authorized keys setup +# ADD ./doc/docker/ssh/authorized_keys /root/.ssh/authorized_keys +# +# Apache2 setup +# ADD ./doc/docker/apache2/ /etc/apache2/sites-enabled # Use baseimage-docker's init process. CMD ["/sbin/my_init"] -# App +# Set correct environment variables. +ENV RAILS_ENV production +ENV HOME /home/app + +# Registry WORKDIR /home/app/registry ADD . /home/app/registry -RUN bundle install --deployment +RUN chown -R app:www-data .; chmod -R 750 .; chmod g+s .; umask 027 +RUN setuser app ls -la /home/app/registry/vendor/ +# RUN setuser app ls -la /home/app/registry/vendor/bundle +RUN rm /home/app/registry/vendor/bundle -rf +RUN setuser app bundle install --deployment +RUN setuser app rake assets:precompile -# Setup nginx -# RUN rm /etc/nginx/sites-enabled/default -# ADD nginx.conf /etc/nginx/sites-enabled/webapp.conf -# RUN rm -f /etc/services/nginx/down +# Registry test +WORKDIR /home/app/registry-test +ADD . /home/app/registry-test +RUN chown -R app:www-data .; chmod -R 750 .; chmod g+s .; umask 027 +RUN setuser app bundle install -# RUN rm /etc/nginx/sites-enabled/default -# ADD ./nginx.conf /etc/nginx/sites-enabled/webapp.conf -# RUN rm -f /etc/services/nginx/down +# Ports +# Registry admin: +EXPOSE 80 +# EPP: +EXPOSE 700 +# Test env what jenkins uses +# for debugging only: +# EXPOSE 81 -# Clean up APT when done. +# Clean up when done. RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -## Install an SSH public keys -ADD ./doc/docker/authorized_keys /tmp/authorized_keys -RUN cat /tmp/authorized_keys > /root/.ssh/authorized_keys && rm -f /tmp/authorized_keys - -EXPOSE 80 -EXPOSE 700 diff --git a/doc/docker/apache2/epp-tester.conf b/doc/docker/apache2/epp-tester.conf new file mode 100644 index 000000000..e3a428734 --- /dev/null +++ b/doc/docker/apache2/epp-tester.conf @@ -0,0 +1,18 @@ +Listen 8888 + + ServerName registry.gitlab.eu + ServerAdmin info@gitlab.eu + + PassengerEnabled on + RailsEnv production + DocumentRoot /home/app/epp-tester/public + + ErrorLog /var/log/apache2/epp-tester.error.log + LogLevel info ssl:warn + CustomLog /var/log/apache2/epp-tester.access.log combined + + + Require all granted + Options -MultiViews + + diff --git a/doc/docker/apache2/epp.conf b/doc/docker/apache2/epp.conf new file mode 100644 index 000000000..33ef057aa --- /dev/null +++ b/doc/docker/apache2/epp.conf @@ -0,0 +1,21 @@ + + Listen 700 + + SSLEngine on + SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + SSLCertificateFile /etc/apache2/ssl/apache.crt + SSLCertificateKeyFile /etc/apache2/ssl/apache.key + + SSLVerifyClient optional_no_ca + + EPPEngine On + EPPCommandRoot /proxy/command + EPPSessionRoot /proxy/session + EPPErrorRoot /proxy/error + + ProxyPass /proxy/ http://localhost:80/epp/ + + EPPAuthURI implicit + EPPReturncodeHeader X-EPP-Returncode + + diff --git a/doc/docker/apache2/registry-test.conf b/doc/docker/apache2/registry-test.conf new file mode 100644 index 000000000..dc4b0cc26 --- /dev/null +++ b/doc/docker/apache2/registry-test.conf @@ -0,0 +1,39 @@ +Listen 81 + + ServerAdmin info@gitlab.eu + + PassengerEnabled on + RailsEnv test + DocumentRoot /home/app/registry-test/public + + ErrorLog /var/log/apache2/registry-test.error.log + LogLevel info ssl:warn + CustomLog /var/log/apache2/registry-test.access.log combined + + + Require all granted + Options -MultiViews + + + + + Listen 701 + + SSLEngine on + SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + SSLCertificateFile /etc/apache2/ssl/apache.crt + SSLCertificateKeyFile /etc/apache2/ssl/apache.key + + SSLVerifyClient optional_no_ca + + EPPEngine On + EPPCommandRoot /proxy/command + EPPSessionRoot /proxy/session + EPPErrorRoot /proxy/error + + ProxyPass /proxy/ http://localhost:81/epp/ + + EPPAuthURI implicit + EPPReturncodeHeader X-EPP-Returncode + + diff --git a/doc/docker/apache2/registry.conf b/doc/docker/apache2/registry.conf new file mode 100644 index 000000000..938a23602 --- /dev/null +++ b/doc/docker/apache2/registry.conf @@ -0,0 +1,17 @@ + + ServerName registry.gitlab.eu + ServerAdmin info@gitlab.eu + + PassengerEnabled on + RailsEnv production + DocumentRoot /home/app/registry/public + + ErrorLog /var/log/apache2/registry.error.log + LogLevel info ssl:warn + CustomLog /var/log/apache2/registry.access.log combined + + + Require all granted + Options -MultiViews + + diff --git a/doc/docker/authorized_keys b/doc/docker/authorized_keys deleted file mode 100755 index 99b1e455a..000000000 --- a/doc/docker/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz+n4Sln0oxme+9hyrgPud9k0C00Nm0T2YufHcQUAdtJssCfeKp2qo/gy0LmOXTB8efyavFn4NW2GZs8gxJ0BV5GoHLmnERAWDOi/wg3KLl4r/ei+HQX6Po/V7WOMHWzKPSSGtqW7cZc1g0y2ci571ZUmgEBoGoGPfoQToGEn2yV4hQmHIjbwtfNNCHx/i12DCoJnD+3cIvhHf4FbZRBW9Wu0I24iqLcxLOAwGWVsnzi0OqN+rj3DenPQfjcPhSsmTu+8mn2AIwMxWeLZSslEYfyBeo9dLBntj3dnxWpw/MJEfMmWgWKGqMaVGB731ZWDOrRrzgl5+s24YBv9LyYWyQ== diff --git a/doc/docker/ssh/authorized_keys b/doc/docker/ssh/authorized_keys new file mode 100755 index 000000000..9266ca452 --- /dev/null +++ b/doc/docker/ssh/authorized_keys @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAz+n4Sln0oxme+9hyrgPud9k0C00Nm0T2YufHcQUAdtJssCfeKp2qo/gy0LmOXTB8efyavFn4NW2GZs8gxJ0BV5GoHLmnERAWDOi/wg3KLl4r/ei+HQX6Po/V7WOMHWzKPSSGtqW7cZc1g0y2ci571ZUmgEBoGoGPfoQToGEn2yV4hQmHIjbwtfNNCHx/i12DCoJnD+3cIvhHf4FbZRBW9Wu0I24iqLcxLOAwGWVsnzi0OqN+rj3DenPQfjcPhSsmTu+8mn2AIwMxWeLZSslEYfyBeo9dLBntj3dnxWpw/MJEfMmWgWKGqMaVGB731ZWDOrRrzgl5+s24YBv9LyYWyQ== +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXF8qkkQg8We6c2eCRQTuQUAffuDcYijlnVNAH0V7eUMxKC/9aPIhHaM9JVY4exXDVEQOK0+KsF6twTtewK8XBFfHXcOV3k+11KOJ1LsfphQIbwS9Qufw2maxCWJHxQwKGViGLqePuecQhfQ3UAVXZ1ZO7qGrLB9JBlRimbItJsG3F2o1T7pJAMucf+zCv5KmMeeddDyhAg2ufQHnuPKIMAgr4XH/TD4mg5tqORXCdk/2apuqUz35WqAyRNt/J66bTJOJ39QJv50cyT6/Bb74MNfJSejsM5EUnKF4Nq7edR8F8tlnXmL/wvvVs81oHywCnMqP8eEISLumy1nhNpgbn martin@gitlab.eu +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC13V94raEKiCzg4sACsIFxiHPcRSUryUHxXpcyHMi7OJvTtszOPR3hZnB36c0NxnznD0t3rH2n5vIX+tBmX+JND7bvM+YKgTGcGN+HvS08nSsvwHLie/UAHkWy/4xFvyKnq8MIZtYxkPdIGph6hFMr5LljJu05V08hZF09HutBsjXw5wmZRUJoD/Jl0FO/pf6WxH1VHjhz0kGuM8VREU2SC8uzV1AIZ86zsaxJld1m0doyt+arnJkPYgjXHHpu/IWzIHYjbVo5W8JmYagDCYxaPHN7EesHAEzFi1LDtq1aIrqWrczKaJGSryxSba6pnYiK69MTojF/SAXMsJ1u5q1P andres.kesk@gmail.com