From 3604b822ae1dbee42afc4aa4922769f277fef143 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Apr 2017 21:14:33 +0000 Subject: [PATCH] First commit, working docker. --- Dockerfile | 54 ++++++++++++++++++++++++++++++++++++ files/entrypoint.sh | 62 ++++++++++++++++++++++++++++++++++++++++++ files/lighttpd.conf | 22 +++++++++++++++ files/supervisord.conf | 33 ++++++++++++++++++++++ 4 files changed, 171 insertions(+) create mode 100644 Dockerfile create mode 100755 files/entrypoint.sh create mode 100644 files/lighttpd.conf create mode 100644 files/supervisord.conf diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..119102d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,54 @@ +FROM alpine:3.5 + +MAINTAINER Adrien Ferrand + +ENV BACKUPPC_VERSION 4.1.1 +ENV BACKUPPC_XS_VERSION 0.53 +ENV RSYNC_BPC_VERSION 3.0.9.6 +ENV PAR2_VERSION v0.7.0 + +RUN apk --no-cache add \ +# Install backuppc build dependencies +gcc g++ autoconf automake make git patch perl perl-dev perl-cgi expat expat-dev curl wget \ +# Install backuppc runtime dependencies +supervisor rsync samba-client iputils openssh openssl rrdtool postfix lighttpd lighttpd-mod_auth gzip apache2-utils \ +# Compile and install needed perl modules +&& cpan App::cpanminus \ +&& cpanm -n Archive::Zip XML::RSS File::Listing \ + +# Compile and install BackupPC:XS +&& git clone https://github.com/backuppc/backuppc-xs.git /root/backuppc-xs --branch $BACKUPPC_XS_VERSION \ +&& cd /root/backuppc-xs \ +# => temporary correction on version 0.53, already done on master: can be removed with version 0.54 +&& printf "\n#define ACCESSPERMS 0777" >> rsync.h \ +&& perl Makefile.PL && make && make test && make install \ + +# Compile and install Rsync (BPC version) +&& git clone https://github.com/backuppc/rsync-bpc.git /root/rsync-bpc --branch $RSYNC_BPC_VERSION \ +&& cd /root/rsync-bpc && ./configure && make reconfigure && make && make install \ + +# Compile and install PAR2 +&& git clone https://github.com/Parchive/par2cmdline.git /root/par2cmdline --branch $PAR2_VERSION \ +&& cd /root/par2cmdline && ./automake.sh && ./configure && make && make check && make install \ + +# Get BackupPC, it will be installed at runtime to allow dynamic upgrade of existing config/pool +&& curl -o /root/BackupPC-$BACKUPPC_VERSION.tar.gz -L https://github.com/backuppc/backuppc/releases/download/$BACKUPPC_VERSION/BackupPC-$BACKUPPC_VERSION.tar.gz \ +# Prepare backuppc home +&& mkdir -p /home/backuppc \ +# Mark the docker as not runned yet, to allow entrypoint to do its stuff +&& touch /firstrun \ +# Clean +&& rm -rf /root/backuppc-xs /root/rsync-bpc /root/par2cmdline \ +&& apk del gcc g++ autoconf automake make git patch perl-dev expat-dev curl wget + +COPY files/lighttpd.conf /etc/lighttpd/lighttpd.conf +COPY files/entrypoint.sh /entrypoint.sh +COPY files/supervisord.conf /etc/supervisord.conf + +EXPOSE 8080 + +VOLUME ["/etc/backuppc", "/home/backuppc", "/data/backuppc"] + +ENTRYPOINT ["/entrypoint.sh"] + +CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] diff --git a/files/entrypoint.sh b/files/entrypoint.sh new file mode 100755 index 0000000..0a72b57 --- /dev/null +++ b/files/entrypoint.sh @@ -0,0 +1,62 @@ +#!/bin/sh +set -e + +if [ -f /firstrun ]; then + echo 'First run of the container. BackupPC will be installed.' + echo 'If exist, configuration and data will be reused and upgraded as needed.' + + # Create backuppc user + addgroup -S -g ${BACKUPPC_GUID:-1000} backuppc + adduser -D -S -h /home/backuppc -G backuppc -u ${BACKUPPC_UUID:-1000} backuppc + chown backuppc:backuppc /home/backuppc + + # Generate cryptographic key + if [ ! -f /home/backuppc/.ssh/id_rsa ]; then + su backuppc -s /bin/sh -c "ssh-keygen -t rsa -N '' -f /home/backuppc/.ssh/id_rsa" + fi + + # Extract BackupPC + cd /root + tar xf BackupPC-$BACKUPPC_VERSION.tar.gz + cd /root/BackupPC-$BACKUPPC_VERSION + + # Install BackupPC (existing configuration will be reused and upgraded) + ./configure.pl \ + --batch \ + --config-dir /etc/backuppc \ + --cgi-dir /var/www/cgi-bin/BackupPC \ + --data-dir /data/backuppc \ + --hostname localhost \ + --html-dir /var/www/html/BackupPC \ + --html-dir-url /BackupPC \ + --install-dir /usr/local/BackupPC \ + --config-override CgiAdminUsers="'${BACKUPPC_WEB_USER:-backuppc}'" + + # Configure WEB UI access + htpasswd -b -c /etc/backuppc/htpasswd ${BACKUPPC_WEB_USER:-backuppc} ${BACKUPPC_WEB_PASSWD:-password} + + # Prepare lighttpd + if [ "$USE_SSL" = true ]; then + # Generate certificate file as needed + cd /etc/lighttpd + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 + openssl rsa -passin pass:x -in server.pass.key -out server.key + openssl req -new -key server.key -out server.csr \ + -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + cat server.key server.crt > server.pem + chown backuppc:backuppc server.pem + chmod 0600 server.pem + rm -f server.pass.key server.key server.csr server.crt + # Reconfigure lighttpd to use ssl + echo "ssl.engine = \"enable\"" >> /etc/lighttpd/lighttpd.conf + echo "ssl.pemfile = \"/etc/lighttpd/server.pem\"" >> /etc/lighttpd/lighttpd.conf + fi + touch /var/log/lighttpd/error.log && chown -R backuppc:backuppc /var/log/lighttpd + + # Clean + rm -rf /root/BackupPC-$BACKUPPC_VERSION.tar.gz /root/BackupPC-$BACKUPPC_VERSION /firstrun +fi + +# Exec given CMD in Dockerfile +exec "$@" diff --git a/files/lighttpd.conf b/files/lighttpd.conf new file mode 100644 index 0000000..935bfad --- /dev/null +++ b/files/lighttpd.conf @@ -0,0 +1,22 @@ +server.port = 8080 +server.username = "backuppc" +server.groupname = "backuppc" +server.document-root = "/srv/http" +server.errorlog = "/var/log/lighttpd/error.log" +dir-listing.activate = "enable" +index-file.names = ( "index.html", "index.php", "index.cgi" ) +mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", "" => "application/octet-stream" ) + +server.modules = ( "mod_alias", "mod_cgi", "mod_auth", "mod_access", "mod_rewrite", "mod_redirect" ) + +alias.url = ( "/BackupPC_Admin" => "/var/www/cgi-bin/BackupPC/BackupPC_Admin" ) +alias.url += ( "/BackupPC" => "/var/www/html/BackupPC" ) + +cgi.assign += ( ".cgi" => "/usr/bin/perl" ) +cgi.assign += ( "BackupPC_Admin" => "/usr/bin/perl" ) + +auth.backend = "htpasswd" +auth.backend.htpasswd.userfile = "/etc/backuppc/htpasswd" +auth.require = ( "/BackupPC_Admin" => ( "method" => "basic", "realm" => "BackupPC", "require" => "valid-user" ) ) + +url.redirect = ("^/$" => "/BackupPC_Admin") diff --git a/files/supervisord.conf b/files/supervisord.conf new file mode 100644 index 0000000..e3deabb --- /dev/null +++ b/files/supervisord.conf @@ -0,0 +1,33 @@ +[unix_http_server] +file = /tmp/supervisor.sock +username = dummy +password = dummy + +[supervisord] +logfile = /var/log/supervisord.log +logfile_maxbytes = 50MB +logfile_backups = 10 +loglevel = info +pidfile = /tmp/supervisord.pid +nodaemon = true +minfds = 1024 +minprocs = 200 + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl = unix:///tmp/supervisor.sock +username = dummy +password = dummy + +[program:lighttpd] +command = /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf -D +redirect_stderr = true +stopasgroup = true +killasgroup = true + +[program:backuppc] +command = /usr/local/BackupPC/bin/BackupPC +redirect_stderr = true +user = backuppc