Mercurial > sat_docs

comparison docker/prosody/Dockerfile @ 21:0e78c8a4626e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added Dockerfiles to create Docker images for easy installation + scripts to manages them. see README for details.
author Goffi <goffi@goffi.org>
date Sun, 19 Oct 2014 15:14:40 +0200
parents
children 686a8c982c3f
comparison
equal deleted inserted replaced
20:703a394b9780 21:0e78c8a4626e
1 ###############################################################
2 # #
3 # Salut à Toi/Prosody #
4 # This Dockerfile build a Prosody version prepared for SàT #
5 # Salut à Toi is a multi-frontends multi-purposes XMPP client #
6 # #
7 ###############################################################
8
9 FROM salutatoi/base:latest
10
11 MAINTAINER Goffi <goffi@goffi.org>
12
13 ########
14 # BASE #
15 ########
16
17 RUN apt-get install -y apg prosody
18 RUN apt-get clean
19
20 ######################
21 # REMOTE ROSTER HACK #
22 ######################
23
24 # This dirty hack is used temporarily in SàT to have nice features like fine permissions tuning
25 # see http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub
26 # A proper way is being working on, with new XEPs
27
28 WORKDIR /usr/lib/prosody/modules
29 # wget/curl are not installed, so we use python
30 RUN python -c 'import urllib2;f=open("mod_remote_roster.lua","w");f.write(urllib2.urlopen("http://paste.debian.net/download/121248").read())'
31 WORKDIR /etc/prosody
32 # the hacked module must be activated
33 RUN sed -i 's/modules_enabled = {/\0\n\t-- SàT specific\n\t\t"remote_roster";/' prosody.cfg.lua
34
35 ######################
36 # MISC CONFIGURATION #
37 ######################
38
39 # we want to run foreground
40 RUN sed -i 's/daemonize = true;/daemonize = false;/' prosody.cfg.lua
41
42 # we listen the world for components (but we do *NOT* expose the port ! It's just for linked containers)
43 RUN sed -i 's/^----------- Virtual hosts -----------/component_interface="0.0.0.0"\n\n\0/' prosody.cfg.lua
44
45 # we don't want to allow self registering, this is managed by a SàT plugin
46 RUN sed -i 's/"register"/--\0/' prosody.cfg.lua
47
48 # announce is usefull on a Libervia instance
49 RUN sed -i 's/--"announce"/"announce"/' prosody.cfg.lua
50
51 # we use environment variable to get the domain
52 RUN sed -i 's/^admins =.*$/\nlocal domain = os.getenv("DOMAIN") or "libervia.int"\n\0/' prosody.cfg.lua
53
54 # default admin is admin@DOMAIN
55 RUN sed -i 's/admins = { }/admins = { "admin@"..(domain) }/' prosody.cfg.lua
56
57 # we can now set our virtualhost
58 RUN sed -i 's/^------ Components ------/VirtualHost (domain)\n\n\0/' prosody.cfg.lua
59
60 # we want default, unsplitted logs
61 RUN python -c 'import re;f=open("prosody.cfg.lua","r+");buf=re.sub(r"^log =.*^}","",f.read(),1,re.DOTALL | re.MULTILINE);f.seek(0);f.write(buf);f.truncate()'
62
63 ###############
64 # CERTIFICATE #
65 ###############
66
67 # We want to use the certificat in /usr/share/sat
68 RUN sed -i 's%key = "/etc/prosody/certs/localhost.key";%key = "/usr/share/sat/libervia.key";%; s%certificate = "/etc/prosody/certs/localhost.crt";%certificate = "/usr/share/sat/libervia.crt";%' prosody.cfg.lua
69
70 # but we do a link to be sure that there is a certificate
71 RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.cert /usr/share/sat/libervia.crt
72
73 ##############
74 # COMPONENTS #
75 ##############
76
77 # we activate the MUC component on chat.DOMAIN
78 RUN sed -i 's/--Component "conference.example.com" "muc"/Component ("chat."..domain) "muc"/' prosody.cfg.lua
79
80 # and the SOCKS5 bytestream proxy on proxy.DOMAIN
81 RUN sed -i 's/--Component "proxy.example.com" "proxy65"/Component ("proxy."..domain) "proxy65"/' prosody.cfg.lua
82
83 # SàT PubSub
84 RUN sed -i 's/^------ Additional/Component ("sat-pubsub."..domain)\n\tcomponent_secret = os.getenv("SAT_PUBSUB_SECRET")\n\n\0/' prosody.cfg.lua
85
86 # Salut, SàT's directory component
87 RUN sed -i 's/^------ Additional/Component ("salut."..domain)\n\tcomponent_secret = os.getenv("SAT_SALUT_SECRET")\n\n\0/' prosody.cfg.lua
88
89 ############################
90 # AUTOMATIC CONFIGURATION #
91 ############################
92
93 # this script allow to call prosodyctl and get configuration variables from linked containers
94 RUN echo '#!/usr/bin/env python2\n\
95 import subprocess, SimpleXMLRPCServer, os\n\
96 def prosodyctl(command, profile, pwd):\n\
97 process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)\n\
98 if pwd:\n\
99 process.communicate("%s\\n%s"%(pwd,pwd))\n\
100 return process.wait()\n\
101 def getenv(variable):\n\
102 assert variable in ("SAT_PUBSUB_SECRET","SAT_SALUT_SECRET","DOMAIN")\n\
103 return os.getenv(variable)\n\
104 server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\
105 server.register_function(prosodyctl, "prosodyctl")\n\
106 server.register_function(getenv, "getenv")\n\
107 server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server
108
109 # the following script is used to automatically generate passwords for components
110 RUN echo '#!/bin/sh\n\
111 export SAT_PUBSUB_SECRET=$(apg -n 1)\n\
112 export SAT_SALUT_SECRET=$(apg -n 1)\n\
113 if [ -z $DOMAIN ]; then\n\
114 export DOMAIN="libervia.int"\n\
115 fi\n\
116 container_server&\n\
117 echo "domain used: $DOMAIN\n"\n\
118 /usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody
119
120 #########
121 # PORTS #
122 #########
123
124 # client to server (C2S)
125 EXPOSE 5222
126
127 # server to server (S2S)
128 EXPOSE 5269
129
130 ##########
131 # LAUNCH #
132 ##########
133
134 # prosody need to access /var/run to write it's pid
135 RUN mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody
136
137 USER prosody
138
139 ENTRYPOINT ["prosody"]