Mercurial > sat_docs

comparison docker/prosody/Dockerfile @ 85:bcba1966e6db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
docker: certificate generation + various improvments: - certificate is now auto-generated on first prosody launch is there is not already one - certificate generated on build is removed to avoid image-wide certificate - generated certificates are stored in sat_data - data image is now based on prosody which is itslef based on sat_pubsub - prosody configuration is moved to /etc/prosody/prosody_sat_cfg, and stored in sat_data - building order changed to adapt to new images hierarchy - libervia default configuration set to both without redirection (and with a security warning)
author Goffi <goffi@goffi.org>
date Thu, 18 Feb 2016 17:31:09 +0100
parents 686a8c982c3f
children 30f3f83d6959
comparison
equal deleted inserted replaced
84:8dc445c967e2 85:bcba1966e6db
4 # This Dockerfile build a Prosody version prepared for SàT # 4 # This Dockerfile build a Prosody version prepared for SàT #
5 # Salut à Toi is a multi-frontends multi-purposes XMPP client # 5 # Salut à Toi is a multi-frontends multi-purposes XMPP client #
6 # # 6 # #
7 ############################################################### 7 ###############################################################
8 8
9 FROM salutatoi/base:latest 9 FROM salutatoi/sat_pubsub:latest
10 10
11 MAINTAINER Goffi <goffi@goffi.org> 11 MAINTAINER Goffi <goffi@goffi.org>
12 12
13 ######## 13 ########
14 # BASE # 14 # BASE #
20 RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())' 20 RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())'
21 RUN apt-get update 21 RUN apt-get update
22 # and install prosody and apg (to generate passwords) 22 # and install prosody and apg (to generate passwords)
23 RUN apt-get install -y apg prosody-0.10 23 RUN apt-get install -y apg prosody-0.10
24 RUN apt-get clean 24 RUN apt-get clean
25 # prosody use need to access (and write) certificates
26 RUN adduser prosody tls-cert
25 27
26 ################### 28 ###################
27 # PROSODY MODULES # 29 # PROSODY MODULES #
28 ################### 30 ###################
29 31
37 ################# 39 #################
38 # CONFIGURATION # 40 # CONFIGURATION #
39 ################# 41 #################
40 42
41 WORKDIR /etc/prosody 43 WORKDIR /etc/prosody
44 RUN mkdir prosody_sat_cfg
42 # we keep up-to-date configuration for this image on the repository 45 # we keep up-to-date configuration for this image on the repository
43 RUN python -c 'import urllib2;f=open("prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())' 46 RUN python -c 'import urllib2;f=open("prosody_sat_cfg/prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())'
47 RUN ln -fs prosody_sat_cfg/prosody.cfg.lua prosody.cfg.lua
44 48
45 ############### 49 ###############
46 # CERTIFICATE # 50 # CERTIFICATE #
47 ############### 51 ###############
48 52
49 # We want to use the certificat in /usr/share/sat 53 # We want to use the certificates in /usr/share/sat/certificates
50 # but we do a link to be sure that there is a certificate 54 # and we don't want any certificate in the image,
51 RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.crt /usr/share/sat/libervia.crt 55 # they'll be generated at launch or mounted in container
56 RUN rm -rf /etc/localhost.key /etc/prosody/certs/*
52 57
53 ############################ 58 ############################
54 # AUTOMATIC CONFIGURATION # 59 # AUTOMATIC CONFIGURATION #
55 ############################ 60 ############################
56 61
68 server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\ 73 server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\
69 server.register_function(prosodyctl, "prosodyctl")\n\ 74 server.register_function(prosodyctl, "prosodyctl")\n\
70 server.register_function(getenv, "getenv")\n\ 75 server.register_function(getenv, "getenv")\n\
71 server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server 76 server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server
72 77
73 # the following script is used to automatically generate passwords for components 78 # the following script is used to automatically generate passwords for components and certificate
74 RUN echo '#!/bin/sh\n\ 79 RUN echo '#!/bin/sh\n\
75 export SAT_PUBSUB_SECRET=$(apg -n 1)\n\ 80 export SAT_PUBSUB_SECRET=$(apg -n 1)\n\
76 export SAT_SALUT_SECRET=$(apg -n 1)\n\ 81 export SAT_SALUT_SECRET=$(apg -n 1)\n\
77 if [ -z $DOMAIN ]; then\n\ 82 if [ -z $DOMAIN ]; then\n\
78 export DOMAIN="libervia.int"\n\ 83 export DOMAIN="libervia.int"\n\
79 fi\n\ 84 fi\n\
80 container_server&\n\ 85 container_server&\n\
81 echo "domain used: $DOMAIN\n"\n\ 86 echo "domain used: $DOMAIN\n"\n\
87 if [ ! -f "/usr/share/sat/certificates/libervia.key" -o ! -f "/usr/share/sat/certificates/libervia.crt" ]; then\n\
88 echo "No certificate found, we generate one"\n\
89 openssl req -new -x509 -days 1825 -nodes -out "/usr/share/sat/certificates/libervia.crt"\
90 -newkey rsa:4096 -keyout "/usr/share/sat/certificates/libervia.key" -subj "/C=AU/CN=$DOMAIN"\n\
91 fi\n\
82 /usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody 92 /usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody
83 93
84 ######### 94 #########
85 # PORTS # 95 # PORTS #
86 ######### 96 #########