sat_docs: docker/prosody/Dockerfile comparison

comparison docker/prosody/Dockerfile @ 80:686a8c982c3f

docker: updated Dockerfiles: - use HTTPS URLs instead of HTTP - prosody image know use prosody Debian repository instead of Debian Jessie version, prosody 0.10 is used - prosody configuration is now in prosody directory next to Dockerfile, instead of using difficult to maintain sed calls - community modules are downloaded from mercurial, and only needed ones are kept - no more remote-roster hack \o/ - pubsub component is not at pubsub.[domain] (was sat-pubsub before) - SàT media are gotten from hg instead of ftp, so they are up-to-date with SàT version - libervia image now use pip for txJSON-RPC - fixed now needed jinja2 installation - fixed libervia/admin accounts auto-creation script - fixed uid/gid for prosody in data image - removed not needed anymore nox option in base image - added python-pip in base image - docker images now work with current dev version (0.6.0D)

author	Goffi <goffi@goffi.org>
date	Fri, 12 Feb 2016 20:24:24 +0100
parents	0e78c8a4626e
children	bcba1966e6db

comparison

equal deleted inserted replaced

-:694fd34ff0b3
+:686a8c982c3f
 ########
 # BASE #
 ########
-RUN apt-get install -y apg prosody
+RUN apt-get install -y --no-install-recommends lsb-release
+# we add prosody repository and key
+RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list
+RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())'
+RUN apt-get update
+# and install prosody and apg (to generate passwords)
+RUN apt-get install -y apg prosody-0.10
 RUN apt-get clean
-######################
+###################
-# REMOTE ROSTER HACK #
+# PROSODY MODULES #
-######################
+###################
-# This dirty hack is used temporarily in SàT to have nice features like fine permissions tuning
+WORKDIR /tmp
-# see http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub
+RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
-# A proper way is being working on, with new XEPs
+WORKDIR prosody-modules
+RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done
+WORKDIR /tmp
+RUN rm -rf prosody-modules
-WORKDIR /usr/lib/prosody/modules
+#################
-# wget/curl are not installed, so we use python
+# CONFIGURATION #
-RUN python -c 'import urllib2;f=open("mod_remote_roster.lua","w");f.write(urllib2.urlopen("http://paste.debian.net/download/121248").read())'
+#################
 WORKDIR /etc/prosody
-# the hacked module must be activated
+# we keep up-to-date configuration for this image on the repository
-RUN sed -i 's/modules_enabled = {/\0\n\t-- SàT specific\n\t\t"remote_roster";/' prosody.cfg.lua
+RUN python -c 'import urllib2;f=open("prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())'
-######################
-# MISC CONFIGURATION #
-######################
-# we want to run foreground
-RUN sed -i 's/daemonize = true;/daemonize = false;/' prosody.cfg.lua
-# we listen the world for components (but we do *NOT* expose the port ! It's just for linked containers)
-RUN sed -i 's/^----------- Virtual hosts -----------/component_interface="0.0.0.0"\n\n\0/' prosody.cfg.lua
-# we don't want to allow self registering, this is managed by a SàT plugin
-RUN sed -i 's/"register"/--\0/' prosody.cfg.lua
-# announce is usefull on a Libervia instance
-RUN sed -i 's/--"announce"/"announce"/' prosody.cfg.lua
-# we use environment variable to get the domain
-RUN sed -i 's/^admins =.*$/\nlocal domain = os.getenv("DOMAIN") or "libervia.int"\n\0/' prosody.cfg.lua
-# default admin is admin@DOMAIN
-RUN sed -i 's/admins = { }/admins = { "admin@"..(domain) }/' prosody.cfg.lua
-# we can now set our virtualhost
-RUN sed -i 's/^------ Components ------/VirtualHost (domain)\n\n\0/' prosody.cfg.lua
-# we want default, unsplitted logs
-RUN python -c 'import re;f=open("prosody.cfg.lua","r+");buf=re.sub(r"^log =.*^}","",f.read(),1,re.DOTALL | re.MULTILINE);f.seek(0);f.write(buf);f.truncate()'
 ###############
 # CERTIFICATE #
 ###############
 # We want to use the certificat in /usr/share/sat
-RUN sed -i 's%key = "/etc/prosody/certs/localhost.key";%key = "/usr/share/sat/libervia.key";%; s%certificate = "/etc/prosody/certs/localhost.crt";%certificate = "/usr/share/sat/libervia.crt";%' prosody.cfg.lua
 # but we do a link to be sure that there is a certificate
-RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.cert /usr/share/sat/libervia.crt
+RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.crt /usr/share/sat/libervia.crt
-##############
-# COMPONENTS #
-##############
-# we activate the MUC component on chat.DOMAIN
-RUN sed -i 's/--Component "conference.example.com" "muc"/Component ("chat."..domain) "muc"/' prosody.cfg.lua
-# and the SOCKS5 bytestream proxy on proxy.DOMAIN
-RUN sed -i 's/--Component "proxy.example.com" "proxy65"/Component ("proxy."..domain) "proxy65"/' prosody.cfg.lua
-# SàT PubSub
-RUN sed -i 's/^------ Additional/Component ("sat-pubsub."..domain)\n\tcomponent_secret = os.getenv("SAT_PUBSUB_SECRET")\n\n\0/' prosody.cfg.lua
-# Salut, SàT's directory component
-RUN sed -i 's/^------ Additional/Component ("salut."..domain)\n\tcomponent_secret = os.getenv("SAT_SALUT_SECRET")\n\n\0/' prosody.cfg.lua
 ############################
 # AUTOMATIC CONFIGURATION  #
 ############################

Mercurial > sat_docs

comparison docker/prosody/Dockerfile @ 80:686a8c982c3f