From d3ed55ffb65326ee046f0d934cf421c32ee5f46b Mon Sep 17 00:00:00 2001 From: Torben Nehmer Date: Wed, 24 Oct 2018 22:45:58 +0200 Subject: [PATCH] Initial version of the new Docker Build scripts Successfully builds the container, places the files, scripts and links we need so fart into the right places using a rootfs tar file so that we don't pollute the container unneccessarily and keep the Dockerfile simple. Any in-container scripting is missing so far, so the whole thing does not yet start up successfully or popluate the config share in any way. That is for another day. --- .gitignore | 6 ++ Dockerfile | 66 ++++++++++++++++ build-container.sh | 5 ++ build-rootfs.sh | 148 ++++++++++++++++++++++++++++++++++++ src/db.inc.php | 15 ++++ src/docker-entrypoint.sh | 101 ++++++++++++++++++++++++ src/php.ini | 10 +++ src/scripts/write-config.sh | 27 +++++++ 8 files changed, 378 insertions(+) create mode 100644 Dockerfile create mode 100755 build-container.sh create mode 100755 build-rootfs.sh create mode 100644 src/db.inc.php create mode 100755 src/docker-entrypoint.sh create mode 100644 src/php.ini create mode 100755 src/scripts/write-config.sh diff --git a/.gitignore b/.gitignore index 3e99f69..892155b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,9 @@ +# Docker Build Process +/build/** +/tmp/** +/old/** +test-image.sh + # ---> Linux *~ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a97a56f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,66 @@ +FROM php:7.1-apache +LABEL maintainer="Torben Nehmer " + +RUN set -ex; \ + apt-get update; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get install -y --no-install-recommends \ + libfreetype6-dev \ + libicu-dev \ + libjpeg62-turbo-dev \ + libldap2-dev \ + libpng-dev \ + libpq-dev \ + libsqlite3-dev \ + zlib1g-dev \ + # ISPConfig requirement + libxml2-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-png-dir=/usr --with-jpeg-dir=/usr; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install \ + exif \ + gd \ + intl \ + ldap \ + pdo_mysql \ + pdo_pgsql \ + pdo_sqlite \ + zip \ + # ISPConfig requirement + soap \ + ; \ + \ + # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* ;\ + \ + # enable mod_rewrite + a2enmod rewrite + +# expose these volumes +VOLUME /var/roundcube/config +VOLUME /tmp/roundcube-temp + +# Define Roundcubemail version +ENV ROUNDCUBEMAIL_VERSION 1.3.7 + +# Publish the rootfs file into the container +ADD rootfs.tar.gz / + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["apache2-foreground"] diff --git a/build-container.sh b/build-container.sh new file mode 100755 index 0000000..3d50c71 --- /dev/null +++ b/build-container.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +set -ex + +docker build --force-rm -t nathan/roundcube -f Dockerfile build diff --git a/build-rootfs.sh b/build-rootfs.sh new file mode 100755 index 0000000..4036819 --- /dev/null +++ b/build-rootfs.sh @@ -0,0 +1,148 @@ +#!/bin/bash + +set -ex + +# Configuration options you usually edit go here +ROUNDCUBEMAIL_VERSION=1.3.7 +CHECK_GPG=false +CLEAN_INTERMEDIATES=false +CONTAINER_VOLUME_CONFIG=/var/roundcube/config +CONTAINER_WEBROOT=/var/www/html +CONTAINER_PHP_CONFD=/usr/local/etc/php/conf.d/ +CONTAINER_SCRIPTS=/usr/local/sbin + +# This is internal stuff used to build everything +# Be aware, that several of these paths are used with rm -rf! +SRCDIR=$(pwd)/src +TMPDIR=$(pwd)/tmp +BUILDDIR=$(pwd)/build +SCRIPTS_SRC=${SRCDIR}/scripts +ROUNDCUBE_DOWNLOAD=${TMPDIR}/roundcubemail.tar.gz +ROUNDCUBE_ASC_DOWNLOAD=${ROUDCUBE_DOWNLOAD}.asc +ROUNDCUBE_SRC=${TMPDIR}/roundcubemail +ISPCONFIG_DOWNLOAD=${TMPDIR}/ispconfig3_roundcube.zip +ISPCONFIG_SRC=${TMPDIR}/ispconfig3_roundcube +ROOTFSTREE=${TMPDIR}/tree +ROOTFSFILE=${BUILDDIR}/rootfs.tar.gz +CONFIG_DST=${ROOTFSTREE}${CONTAINER_VOLUME_CONFIG} +WEBROOT_DST=${ROOTFSTREE}${CONTAINER_WEBROOT} +PHP_CONFD_DST=${ROOTFSTREE}${CONTAINER_PHP_CONFD} +SCRIPTS_DST=${ROOTFSTREE}${CONTAINER_SCRIPTS} + +#### Sanitize Build Enviornment +if [ -d ${TMPDIR} ]; then + rm -rf ${TMPDIR} +fi +mkdir ${TMPDIR} + +if [ -d ${BUILDDIR} ]; then + rm -rf ${BUILDDIR} +fi +mkdir ${BUILDDIR} + +#### Prepare the roundcube source + +# Download Roundcube and verify GPG if configured to do so: +if [ -f ${ROUNDCUBE_DOWNLOAD} ]; then + rm -f ${ROUNDCUBE_DOWNLOAD} +fi + +curl -o ${ROUNDCUBE_DOWNLOAD} \ + -SL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz + +if [ "$CHECK_GPG" = true ]; then + export GNUPGHOME="$(mktemp -d)" + + if [ -f ${ROUNDCUBE_ASC_DOWNLOAD} ]; then + rm -f ${ROUNDCUBE_ASC_DOWNLOAD} + fi + curl -o ${ROUNDCUBE_ASC_DOWNLOAD} \ + -SL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc + + # ha.pool.sks-keyservers.net seems to be unreliable, use pgp.mit.edu as fallback + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5 \ + || gpg --keyserver pgp.mit.edu --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5 + + gpg --batch --verify ${ROUNDCUBE_ASC_DOWNLOAD} ${ROUNDCUBE_DOWNLOAD} + + # Clean up behind us + if [ "$CLEAN_INTERMEDIATES" = true ]; then + gpgconf --kill all + rm -rf "$GNUPGHOME" ${ROUNDCUBE_ASC_DOWNLOAD} + fi +fi + +# Extract the file into a temporary location and clean up behind us +tar -xzf ${ROUNDCUBE_DOWNLOAD} -C ${TMPDIR} + +# upstream tarballs include ./roundcubemail-${ROUNDCUBEMAIL_VERSION}/ so this gives us TMPDIR/roundcubemail-${ROUNDCUBEMAIL_VERSION} +mv ${TMPDIR}/roundcubemail-${ROUNDCUBEMAIL_VERSION} ${ROUNDCUBE_SRC} + +# Clean up the source tree for later use +rm -rf ${ROUNDCUBE_SRC}/installer + +# Clean up behind us +if [ "$CLEAN_INTERMEDIATES" = true ]; then + rm -f ${ROUNDCUBE_DOWNLOAD} +fi + + +#### Prepare the ISPConfig Stuff + +if [ -f ${ISPCONFIG_DOWNLOAD} ]; then + rm -f ${ISPCONFIG_DOWNLOAD} +fi +curl -o ${ISPCONFIG_DOWNLOAD} -SL https://github.com/w2c/ispconfig3_roundcube/archive/master.zip + +unzip -q ${ISPCONFIG_DOWNLOAD} -d ${TMPDIR} +# This gives us a dir ispconfig3_roundcube-master, which we normalize +mv ${TMPDIR}/ispconfig3_roundcube-master ${ISPCONFIG_SRC} + +# Clean up the source tree for later use +rm -f ${ISPCONFIG_SRC}/.gitignore ${ISPCONFIG_SRC}/README.md + +#### Create the ROOT FS TREE + +mkdir -p ${ROOTFSTREE} + +# Prepare the Webroot directory with the source tree, then create some links, which we'll +# need during runtime, they will be created by our entry point script. +mkdir -p ${WEBROOT_DST} +tar -c --one-file-system -C ${ROUNDCUBE_SRC} . | tar -x -C ${WEBROOT_DST} +ln -s ${CONTAINER_VOLUME_CONFIG}/config.inc.php ${WEBROOT_DST}/config/config.inc.php +cp ${SRCDIR}/db.inc.php ${WEBROOT_DST}/config/db.inc.php + +# Setup PHP +mkdir -p ${PHP_CONFD_DST} +cp ${SRCDIR}/php.ini ${PHP_CONFD_DST}/php.ini + +# Move the ISPConfig Plugins into place, again create some links which we'll need during +# runtime. These too will be created by our entry point script +tar -c --one-file-system -C ${ISPCONFIG_SRC} . | tar -x -C ${WEBROOT_DST}/plugins +ln -s ${CONTAINER_VOLUME_CONFIG}/ispconfig3_account.inc.php ${WEBROOT_DST}/plugins/ispconfig3_account/config/config.inc.php + +# Add Entry Point +cp -a ${SRCDIR}/docker-entrypoint.sh ${ROOTFSTREE} + +# Add all helper scripts +mkdir -p ${SCRIPTS_DST} + +curl -o ${SCRIPTS_DST}/wait-for-it.sh \ + -SL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh +chmod +x ${SCRIPTS_DST}/wait-for-it.sh + +cp -a ${SCRIPTS_SRC}/* ${SCRIPTS_DST} + +# Clean up behind us +if [ "$CLEAN_INTERMEDIATES" = true ]; then + rm -rf ${ROUNDCUBE_SRC} + rm -rf ${ISPCONFIG_SRC} +fi + +#### Now we tar everything together, so that the Dockerfile can put everything in place in one run +tar -czf ${ROOTFSFILE} -C ${ROOTFSTREE} . + +# Clean up behind us +if [ "$CLEAN_INTERMEDIATES" = true ]; then + rm -rf ${ROOTFSTREE} +fi diff --git a/src/db.inc.php b/src/db.inc.php new file mode 100644 index 0000000..dbf0e65 --- /dev/null +++ b/src/db.inc.php @@ -0,0 +1,15 @@ + + diff --git a/src/docker-entrypoint.sh b/src/docker-entrypoint.sh new file mode 100755 index 0000000..adc9d4d --- /dev/null +++ b/src/docker-entrypoint.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# set -ex + +# PWD=`pwd` + +if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then + if ! [ -e index.php -a -e bin/installto.sh ]; then + + #### TODO SUPERSEEDED BY container build + + echo >&2 "roundcubemail not found in $PWD - copying now..." + if [ "$(ls -A)" ]; then + echo >&2 "WARNING: $PWD is not empty - press Ctrl+C now if this is an error!" + ( set -x; ls -A; sleep 10 ) + fi + tar cf - --one-file-system -C /usr/src/roundcubemail . | tar xf - + echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD" + fi + + if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then + : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}" + : "${ROUNDCUBEMAIL_DB_HOST:=postgres}" + : "${ROUNDCUBEMAIL_DB_USER:=${POSTGRES_ENV_POSTGRES_USER}}" + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${POSTGRES_ENV_POSTGRES_PASSWORD}}" + : "${ROUNDCUBEMAIL_DB_NAME:=${POSTGRES_ENV_POSTGRES_DB:-roundcubemail}}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}/${ROUNDCUBEMAIL_DB_NAME}}" + + /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:5432 -t 30 + elif [ ! -z "${!MYSQL_ENV_MYSQL_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "mysql" ]; then + : "${ROUNDCUBEMAIL_DB_TYPE:=mysql}" + : "${ROUNDCUBEMAIL_DB_HOST:=mysql}" + : "${ROUNDCUBEMAIL_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}" + if [ "$ROUNDCUBEMAIL_DB_USER" = 'root' ]; then + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD}}" + else + : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD}}" + fi + : "${ROUNDCUBEMAIL_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-roundcubemail}}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}/${ROUNDCUBEMAIL_DB_NAME}}" + + /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:3306 -t 30 + else + # use local SQLite DB in /var/www/html/db + : "${ROUNDCUBEMAIL_DB_TYPE:=sqlite}" + : "${ROUNDCUBEMAIL_DB_DIR:=$PWD/db}" + : "${ROUNDCUBEMAIL_DB_NAME:=sqlite}" + : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}:///$ROUNDCUBEMAIL_DB_DIR/${ROUNDCUBEMAIL_DB_NAME}.db?mode=0646}" + + mkdir -p $ROUNDCUBEMAIL_DB_DIR + chown www-data:www-data $ROUNDCUBEMAIL_DB_DIR + fi + + : "${ROUNDCUBEMAIL_DEFAULT_HOST:=localhost}" + : "${ROUNDCUBEMAIL_DEFAULT_PORT:=143}" + : "${ROUNDCUBEMAIL_SMTP_SERVER:=localhost}" + : "${ROUNDCUBEMAIL_SMTP_PORT:=587}" + : "${ROUNDCUBEMAIL_PLUGINS:=archive,zipdownload}" + : "${ROUNDCUBEMAIL_TEMP_DIR:=/tmp/roundcube-temp}" + + if [ ! -e config/config.inc.php ]; then + + #### TODO SUPERSEEDED BY write-config.sh + + ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` + mkdir -p ${ROUNDCUBEMAIL_TEMP_DIR} && chown www-data ${ROUNDCUBEMAIL_TEMP_DIR} + touch config/config.inc.php + + echo "Write config to $PWD/config/config.inc.php" + echo " config/config.inc.php + + for fn in `ls /var/roundcube/config/*.php 2>/dev/null || true`; do + echo "include('$fn');" >> config/config.inc.php + done + + # initialize DB if not SQLite + echo "${ROUNDCUBEMAIL_DSNW}" | grep -q 'sqlite:' || bin/initdb.sh --dir=$PWD/SQL || bin/updatedb.sh --dir=$PWD/SQL --package=roundcube || echo "Failed to initialize databse. Please run $PWD/bin/initdb.sh manually." + else + echo "WARNING: $PWD/config/config.inc.php already exists." + echo "ROUNDCUBEMAIL_* environment variables have been ignored." + fi + + if [ ! -z "${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" ]; then + echo "upload_max_filesize=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini + echo "post_max_size=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini + fi +fi + +exec "$@" diff --git a/src/php.ini b/src/php.ini new file mode 100644 index 0000000..7b2147d --- /dev/null +++ b/src/php.ini @@ -0,0 +1,10 @@ +memory_limit=64M +display_errors=Off +log_errors=On +upload_max_filesize=5M +post_max_size=6M +zlib.output_compression=Off +session.auto_start=Off +session.gc_maxlifetime=21600 +session.gc_divisor=500 +session.gc_probability=1 diff --git a/src/scripts/write-config.sh b/src/scripts/write-config.sh new file mode 100755 index 0000000..f3a91ef --- /dev/null +++ b/src/scripts/write-config.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# set -ex + +CONFIG=/var/roundcube/config/config.inc.php + +ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` +mkdir -p ${ROUNDCUBEMAIL_TEMP_DIR} && chown www-data ${ROUNDCUBEMAIL_TEMP_DIR} +touch $CONFIG + +echo "Write config to $PWD/config/config.inc.php" +echo " $CONFIG + + +