General Dockerfile improvements & automatic configuration

- add a docker-compose file for easy rebuilds and test deployments
- switch to slim version of base image
- instruct apt to run noninteractive
- maintainer is deprecated in Dockerfile
- reformat packages being installed and add ca-certificates
- reduce layers and size while cleaning up in the indivdual layers
- add proper startup script
- make apache put logs on the console
- add healthcheck
- set lam password at startup
- make more settings configurable through env variables
- add ldap to the example compose file
- predefine DEBUG var
- Upgrade to Debian Buster

Signed-off-by: Felix Bartels <felix@host-consultants.de>
This commit is contained in:
Felix Bartels 2019-11-03 10:31:42 +01:00
parent 65412574a0
commit 75cfafebc9
4 changed files with 133 additions and 15 deletions

10
lam-packaging/docker/.env Normal file
View File

@ -0,0 +1,10 @@
LDAP_ORGANISATION="LDAP Account Manager Demo"
LDAP_DOMAIN=mydomain.com
LDAP_BASE_DN=dc=mydomain,dc=com
LDAP_SERVER=ldap://ldap:389
LDAP_ADMIN_PASSWORD=adminpw
LDAP_READONLY_USER_PASSWORD=readonlypw
LDAP_BIND_DN=cn=readonly,dc=mydomain,dc=com
LDAP_SEARCH_BASE=dc=mydomain,dc=com
LAM_PASSWORD=lam

View File

@ -25,32 +25,59 @@
# You can change the port 8080 if needed. # You can change the port 8080 if needed.
# #
FROM debian:stretch FROM debian:buster-slim
MAINTAINER Roland Gruber <post@rolandgruber.de> LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
ARG LAM_RELEASE=6.9 ARG LAM_RELEASE=6.9
# update OS ENV \
RUN apt-get update \ DEBIAN_FRONTEND=noninteractive \
&& apt-get upgrade -y DEBUG=''
# install requirements RUN apt-get update && \
RUN apt-get install -y wget apache2 libapache2-mod-php php php-ldap php-zip php-xml php-curl php-gd php-imagick php-mcrypt php-tcpdf php-phpseclib fonts-dejavu php-monolog apt-get install --no-install-recommends -y \
apache2 \
ca-certificates \
dumb-init \
fonts-dejavu \
libapache2-mod-php \
php \
php-curl \
php-gd \
php-imagick \
php-ldap \
php-monolog \
php-phpseclib \
php-xml \
php-zip \
wget \
&& \
rm /etc/apache2/sites-enabled/*default* && \
rm -rf /var/cache/apt /var/lib/apt/lists/*
# install LAM # install LAM
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \ RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
&& dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
# cleanup # redirect Apache logging
RUN apt-get autoremove -y && apt-get clean all \ RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
&& rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \ # because there is no logging set in the lam vhost logging goes to other_vhost_access.log
&& rm /etc/apache2/sites-enabled/*default* RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
# add redirect for / # add redirect for /
RUN a2enmod rewrite RUN a2enmod rewrite
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \ RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf && echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
# start Apache when container starts COPY start.sh /usr/local/bin/start.sh
ENTRYPOINT service apache2 start && sleep infinity
WORKDIR /var/lib/ldap-account-manager/config
# start Apache when container starts
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD [ "/usr/local/bin/start.sh" ]
HEALTHCHECK --interval=1m --timeout=10s \
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'

View File

@ -0,0 +1,45 @@
version: '3.5'
services:
ldap-account-manager:
build:
context: .
args:
- LAM_RELEASE=6.9
image: ldapaccountmanager/lam:latest
restart: unless-stopped
ports:
- "8080:80"
volumes:
- lametc/:/etc/ldap-account-manager
- lamconfig/:/var/lib/ldap-account-manager/config
- lamsession/:/var/lib/ldap-account-manager/sess
environment:
- LAM_PASSWORD=${LAM_PASSWORD}
- LAM_LANG=en_US
- LAM_TIMEZONE=Europe/Berlin
- LDAP_SERVER=${LDAP_SERVER}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
- DEBUG=true
ldap:
image: osixia/openldap:latest
restart: unless-stopped
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
command: "--loglevel info --copy-service"
volumes:
- ldap:/var/lib/ldap
- slapd:/etc/ldap/slapd.d
volumes:
lametc:
lamconfig:
lamsession:
ldap:
slapd:

36
lam-packaging/docker/start.sh Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LAM_TIMEZONE="${LAM_TIMEZONE:-Europe/Berlin}"
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-mydomain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
echo "Setting LAM password to: $LAM_PASSWORD"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
s|^Admins:.*|Admins: ${ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^types: suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
s|^types: suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u
# shellcheck disable=SC1091
source /etc/apache2/envvars
exec /usr/sbin/apache2 -DFOREGROUND