From cd1f9c04d85e121d05375ff746e16870f6cf65be Mon Sep 17 00:00:00 2001 From: Jakob Schrettenbrunner Date: Sat, 16 Jan 2021 18:05:33 +0100 Subject: [PATCH] improve docker images and less root --- .dockerignore | 2 ++ .github/workflows/images.yml | 33 +++++++++++++++++++++++ Vagrantfile | 8 +++--- build/{Dockerfile-ssh => Dockerfile-base} | 28 +++++++++---------- build/Dockerfile-panel | 20 +++++++------- scripts/deploy_app.sh | 10 +++---- scripts/deploy_docs.sh | 30 ++++++++++----------- 7 files changed, 81 insertions(+), 50 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/workflows/images.yml rename build/{Dockerfile-ssh => Dockerfile-base} (52%) diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..da3d0c0 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +.data/ +.vagrant/ \ No newline at end of file diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml new file mode 100644 index 0000000..a73883c --- /dev/null +++ b/.github/workflows/images.yml @@ -0,0 +1,33 @@ +name: Build and publish docker images +on: + push: + branches: + - 'master' + +jobs: + images: + name: Build and push base image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-buildx-action@v1 + - uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.REGISTRY_TOKEN }} + + - name: Base image + uses: docker/build-push-action@v2 + with: + file: build/Dockerfile-base + push: true + tags: ghcr.io/pterodactyl/development/base:latest + + - name: Panel image + uses: docker/build-push-action@v2 + with: + file: build/Dockerfile-panel + push: true + tags: ghcr.io/pterodactyl/development/panel:latest \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile index 6659695..b0347e6 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -123,21 +123,21 @@ Vagrant.configure("2") do |config| docs.vm.network "forwarded_port", guest: 9091, host: 9091 docs.ssh.insert_key = true - docs.ssh.username = "root" + docs.ssh.username = "vagrant" docs.ssh.password = "vagrant" docs.vm.provider "docker" do |d| - d.image = "quay.io/pterodactyl/vagrant-core" + d.image = "ghcr.io/pterodactyl/development/base" d.create_args = ["-it", "--add-host=host.pterodactyl.test:172.17.0.1"] d.ports = ["9090:80", "9091:9091"] - d.volumes = ["#{vagrant_root}/code/documentation:/srv/documentation:cached"] + d.volumes = ["#{vagrant_root}/code/documentation:/home/vagrant/docs:cached"] d.remains_running = true d.has_ssh = true d.privileged = true end docs.vm.provision "deploy_files", type: "file", source: "#{vagrant_root}/build/configs", destination: "/tmp/.deploy" - docs.vm.provision "setup_documentation", type: "shell", path: "#{vagrant_root}/scripts/deploy_docs.sh" + docs.vm.provision "setup_documentation", type: "shell", privileged: false, path: "#{vagrant_root}/scripts/deploy_docs.sh" end diff --git a/build/Dockerfile-ssh b/build/Dockerfile-base similarity index 52% rename from build/Dockerfile-ssh rename to build/Dockerfile-base index 5981a74..6bc0eff 100644 --- a/build/Dockerfile-ssh +++ b/build/Dockerfile-base @@ -1,27 +1,27 @@ -FROM ubuntu:16.04 +FROM ubuntu:20.04 LABEL maintainer="dane@daneeveritt.com" \ - description="Base image used by Pterodactyl's development environments to provide SSH support for vagrant." + description="Base image used by Pterodactyl's development environments to provide SSH support for vagrant." \ + org.opencontainers.image.source=https://github.com/pterodactyl/development ENV DEBIAN_FRONTEND=noninteractive \ - NOTVISIBLE="in users profile" - -RUN apt -y update \ - && apt -y upgrade \ - && apt -y --no-install-recommends install software-properties-common sudo openssh-server locales curl iproute2 \ - && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ - && locale-gen - -ENV LANG=en_US.UTF-8 \ + NOTVISIBLE="in users profile" \ + LANG=en_US.UTF-8 \ LANGUAGE=en_US:en \ LC_ALL=en_US.UTF-8 -RUN echo 'root:vagrant' | chpasswd \ - && sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \ +RUN apt -y update \ + && apt -y upgrade \ + && apt -y --no-install-recommends install software-properties-common gpg-agent sudo openssh-server locales curl iproute2 lsb-release \ + && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ + && locale-gen \ + && useradd -m -s /bin/bash -p $(echo "vagrant" | openssl passwd -1 -stdin) vagrant \ + && echo 'ALL ALL = (ALL) NOPASSWD: ALL' > /etc/sudoers \ && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \ && echo "export VISIBLE=now" >> /etc/profile \ && rm -rf /var/lib/apt/lists/* EXPOSE 22 +USER vagrant -ENTRYPOINT service ssh start && /bin/bash \ No newline at end of file +ENTRYPOINT sudo su -c "service ssh start && /bin/bash" \ No newline at end of file diff --git a/build/Dockerfile-panel b/build/Dockerfile-panel index 7474e91..c9ae7b7 100644 --- a/build/Dockerfile-panel +++ b/build/Dockerfile-panel @@ -1,15 +1,16 @@ -FROM quay.io/pterodactyl/vagrant-core +FROM ghcr.io/pterodactyl/development/base LABEL maintainer="dane@daneeveritt.com" \ - description="Docker image allowing Pterodactyl Panel to run using Vagrant." + description="Docker image allowing Pterodactyl Panel to run using Vagrant." \ + org.opencontainers.image.source=https://github.com/pterodactyl/development RUN curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - \ && curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - \ && echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list \ - && add-apt-repository -y ppa:ondrej/php \ - && apt -y update \ - && apt -y upgrade \ - && apt -y --no-install-recommends install software-properties-common \ + && sudo add-apt-repository -y ppa:ondrej/php \ + && sudo apt -y update \ + && sudo apt -y upgrade \ + && sudo apt -y --no-install-recommends install software-properties-common \ php7.4 \ php7.4-cli \ php7.4-gd \ @@ -32,11 +33,8 @@ RUN curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - \ nodejs \ yarn \ nano \ - && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && rm -rf /var/lib/apt/lists/* - -RUN useradd -m -s /bin/bash -p $(echo "vagrant" | openssl passwd -1 -stdin) vagrant \ - && echo 'ALL ALL = (ALL) NOPASSWD: ALL' > /etc/sudoers + && curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer \ + && sudo rm -rf /var/lib/apt/lists/* EXPOSE 80 USER vagrant diff --git a/scripts/deploy_app.sh b/scripts/deploy_app.sh index f1a4d90..acb8dd7 100644 --- a/scripts/deploy_app.sh +++ b/scripts/deploy_app.sh @@ -5,15 +5,15 @@ sudo cp /tmp/.deploy/supervisor/pterodactyl.conf /etc/supervisor/conf.d/pterodac sudo cp /tmp/.deploy/nginx/pterodactyl.test.conf /etc/nginx/sites-available/pterodactyl.test.conf # Needed for FPM to start correctly. -mkdir -p /run/php +sudo mkdir -p /run/php # Disable xdebug on the CLI for _MASSIVE_ performance improvement -phpdismod -s cli xdebug +sudo phpdismod -s cli xdebug cd /home/vagrant/app sudo chown -R vagrant:vagrant * -sudo chown -R www-data:www-data storage -chmod -R 755 storage/* bootstrap/cache +sudo chown -R www-data:vagrant storage +sudo chmod -R 775 storage/* bootstrap/cache # Start out in a "this isn't a new install" mode freshInstall=false @@ -26,7 +26,7 @@ fi sed -i "s/APP_ENV=.*/APP_ENV=local/" .env sed -i "s/APP_DEBUG=.*/APP_DEBUG=true/" .env -composer install --no-interaction --prefer-dist --no-suggest --no-scripts --no-progress +composer install --no-interaction --prefer-dist --no-scripts --no-progress php artisan config:clear # Configure the cronjob diff --git a/scripts/deploy_docs.sh b/scripts/deploy_docs.sh index bf3351e..f3d7be2 100644 --- a/scripts/deploy_docs.sh +++ b/scripts/deploy_docs.sh @@ -1,28 +1,26 @@ -apt -y update && apt -y install apt-transport-https - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - # Install dependencies and start supervisor -apt install -y --no-install-recommends nginx nodejs yarn supervisor -/usr/bin/supervisord +sudo apt install -y --no-install-recommends nginx nodejs yarn supervisor +sudo /usr/bin/supervisord # Copy over deployment specific files. -cp /tmp/.deploy/supervisor/pterodocs.conf /etc/supervisor/conf.d/pterodocs.conf -cp /tmp/.deploy/nginx/pterodocs.test.conf /etc/nginx/sites-available/pterodocs.test.conf +sudo cp /tmp/.deploy/supervisor/pterodocs.conf /etc/supervisor/conf.d/pterodocs.conf +sudo cp /tmp/.deploy/nginx/pterodocs.test.conf /etc/nginx/sites-available/pterodocs.test.conf -cd /srv/documentation -yarn add vuepress +cd ~/docs +yarn -rm -f ~/docs -ln -s /srv/documentation ~/docs +sudo rm -f /srv/documentation +sudo ln -s ~/docs /srv/documentation # Configure and restart nginx -rm -rfv /var/www -rm -rfv /etc/nginx/sites-enabled/* -ln -s /etc/nginx/sites-available/pterodocs.test.conf /etc/nginx/sites-enabled/pterodocs.test.conf +sudo rm -rfv /var/www +sudo rm -rfv /etc/nginx/sites-enabled/* +sudo ln -s /etc/nginx/sites-available/pterodocs.test.conf /etc/nginx/sites-enabled/pterodocs.test.conf -supervisorctl reread -supervisorctl update -supervisorctl restart nginx \ No newline at end of file +sudo supervisorctl reread +sudo supervisorctl update +sudo supervisorctl restart nginx \ No newline at end of file