Mercurial > sat_docs
view docker/libervia/Dockerfile @ 85:bcba1966e6db
docker: certificate generation + various improvments:
- certificate is now auto-generated on first prosody launch is there is not already one
- certificate generated on build is removed to avoid image-wide certificate
- generated certificates are stored in sat_data
- data image is now based on prosody which is itslef based on sat_pubsub
- prosody configuration is moved to /etc/prosody/prosody_sat_cfg, and stored in sat_data
- building order changed to adapt to new images hierarchy
- libervia default configuration set to both without redirection (and with a security warning)
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 18 Feb 2016 17:31:09 +0100 |
| parents | 686a8c982c3f |
| children | b69056368901 |
line wrap: on
line source
#################################################################### # # # Salut à Toi/Libervia # # This Dockerfile build Libervia, the web frontend for Salut à Toi # # Salut à Toi is a multi-frontends multi-purposes XMPP client # # # #################################################################### FROM salutatoi/media:latest MAINTAINER Goffi <goffi@goffi.org> ############## # txJSON-RPC # ############## RUN pip install txJSON-RPC ########### # PYJAMAS # ########### WORKDIR /usr/share # as the situation with pyjamas is complicated, we get the archive from our own ftp RUN python -c 'import urllib2,tarfile,cStringIO;tar=tarfile.open(fileobj=cStringIO.StringIO(urllib2.urlopen("https://ftp.goffi.org/pyjamas/pyjamas.tar.bz2").read()));tar.extractall()' WORKDIR pyjamas RUN python bootstrap.py RUN ln -s /usr/share/pyjamas/bin/pyjsbuild /usr/local/bin/pyjsbuild ############ # LIBERVIA # ############ WORKDIR /tmp RUN apt-get install -y --no-install-recommends python-jinja2 RUN hg clone https://repos.goffi.org/libervia WORKDIR libervia RUN python setup.py install WORKDIR /tmp RUN rm -rf libervia ################# # CONFIGURATION # ################# # we want to use certificates in /usr/share/sat/certificates RUN echo "\n[libervia]\n\ tls_private_key = /usr/share/sat/certificates/libervia.key\n\ tls_certificate = /usr/share/sat/certificates/libervia.crt\n\ connection_type = both\n\ redirect_to_https = 0" >> /etc/sat.conf ##################### # FIRST LAUNCH TEST # ##################### # this script check if libervia and admin accounts exist, and create them if necessary # then it launch libervia RUN echo '#!/usr/bin/env python2\n\ import os, sys, subprocess, string, random\n\ from sat.plugins import plugin_misc_account as account\n\ from sat.tools import config\n\ from sat_frontends.bridge import DBus\n\ def generate_pwd():\n\ chars = string.letters + string.digits\n\ length = 12\n\ return "".join(random.choice(chars) for _ in range(length))\n\ sat=DBus.DBusBridgeFrontend()\n\ sat.getReady()\n\ admin_email = sat.getConfig(account.CONFIG_SECTION, "admin_email") or account.default_conf["admin_email"]\n\ for profile in ["libervia", "admin"]:\n\ try:\n\ sat.getProfileName(profile)\n\ except Exception as e:\n\ print "{} profile doesn'\''t exists, creating it".format(profile)\n\ print "registering {}@{}".format(profile, sat.getNewAccountDomain())\n\ pwd = generate_pwd()\n\ if profile == "libervia":\n\ config.fixConfigOption("libervia", "passphrase", pwd)\n\ elif profile == "admin":\n\ with open("/home/sat/ADMIN_PWD", "w") as f:\n\ f.write("%s\\n" % pwd)\n\ sat.registerSatAccount(admin_email, pwd, profile)\n\ os.execvp("libervia", ["libervia"] + sys.argv[1:])\n\ ' > /usr/bin/libervia_cont_launch && chmod 555 /usr/bin/libervia_cont_launch ######### # D-Bus # ######### RUN cp /usr/local/bin/dbus_wrap /usr/local/bin/libervia_cont_launch && chmod 555 /usr/local/bin/libervia_cont_launch ######### # Ports # ######### # HTTP EXPOSE 8080 # HTTPS EXPOSE 8443 ########## # LAUNCH # ########## USER sat ENTRYPOINT ["libervia_cont_launch", "fg"]