diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..1374f4f --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,9 @@ +before_script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD + +build: + stage: build + script: + - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA -f Dockerfile.armhf . + - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME + - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 1905436..0000000 --- a/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ -sudo: required - -dist: xenial - -language: bash - -branches: - only: - - master - - armhf-testing - -services: - - docker - -addons: - apt: - packages: - - docker-ce - -env: - global: - - BUILDKIT_HOST=tcp://0.0.0.0:1234 - - DOCKER_CLI_EXPERIMENTAL=enabled - -before_install: - - chmod +x ./.travis/setup.sh - - chmod +x ./.travis/build.sh - - ./.travis/setup.sh - -jobs: - include: - - script: > - ./.travis/build.sh diff --git a/.travis/build.sh b/.travis/build.sh deleted file mode 100755 index 0fc8769..0000000 --- a/.travis/build.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -e - -build_images() { - - PLATFORM=arm # equivalent to armhf - DOCKERFILE_LOCATION="./Dockerfile.armhf" - DOCKER_USER="nico640" - DOCKER_IMAGE="docker-unms" - DOCKER_TAG="armhf" - - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - - buildctl build --frontend dockerfile.v0 \ - --frontend-opt platform=linux/${PLATFORM} \ - --frontend-opt filename=./${DOCKERFILE_LOCATION} \ - --exporter image \ - --exporter-opt name=docker.io/${DOCKER_USER}/${DOCKER_IMAGE}:${DOCKER_TAG} \ - --exporter-opt push=true \ - --local dockerfile=. \ - --local context=. -} - -build_images \ No newline at end of file diff --git a/.travis/setup.sh b/.travis/setup.sh deleted file mode 100644 index 23dd0d1..0000000 --- a/.travis/setup.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set -e - -setup() { - declare -r platforms=linux/armhf - - # Enabling server experimental features - echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json - sudo service docker restart - - # Registering file format recognizers - sudo docker run --privileged linuxkit/binfmt:v0.6 - - local worker_platforms - for platform in "${platforms[@]}"; do - worker_platforms="${worker_platforms} --oci-worker-platform ${platform}" - done - - if [[ "${BUILDKIT_HOST}" =~ ^tcp://.*:([0-9]*) ]]; then - local port="${BASH_REMATCH[1]}" - else - printf "Port is not specified in \n" "${BUILDKIT_HOST}" - exit 1 - fi - - # Starting BuildKit in a container - sudo docker run -d --privileged \ - -p "${port}":"${port}" \ - --name buildkit moby/buildkit:latest \ - --addr "${BUILDKIT_HOST}" \ - ${worker_platforms} - - # Extracting buildctl into /usr/bin/ - sudo docker cp buildkit:/usr/bin/buildctl /usr/bin/ -} - -setup \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 8f0beee..7091dd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,11 @@ # Multi-stage build - See https://docs.docker.com/engine/userguide/eng-image/multistage-build -FROM ubnt/unms:0.14.4 as unms -FROM ubnt/unms-netflow:0.14.4 as unms-netflow -FROM oznu/s6-node:10.15.1-debian-amd64 +FROM ubnt/unms:1.0.3 as unms +FROM ubnt/unms-nginx:1.0.3 as unms-nginx +FROM ubnt/unms-netflow:1.0.3 as unms-netflow +FROM ubnt/unms-crm:3.0.3 as unms-crm +FROM oznu/s6-node:10.15.3-debian-amd64 -ENV DEBIAN_FRONTEND=noninteractive +ENV DEBIAN_FRONTEND=noninteractive # base deps redis, rabbitmq, postgres 9.6 RUN set -x \ @@ -14,7 +16,10 @@ RUN set -x \ && apt-get install -y build-essential rabbitmq-server redis-server \ postgresql-9.6 postgresql-contrib-9.6 postgresql-client-9.6 libpq-dev \ gzip bash vim openssl libcap-dev dumb-init sudo gettext zlibc zlib1g zlib1g-dev \ - iproute2 netcat wget libpcre3 libpcre3-dev libssl-dev git \ + iproute2 netcat wget libpcre3 libpcre3-dev libssl-dev git pkg-config \ + libcurl4-openssl-dev libxml2-dev libedit-dev libsodium-dev libargon2-0-dev \ + jq autoconf libgmp-dev libpng-dev libbz2-dev libc-client-dev libkrb5-dev \ + libjpeg-dev libfreetype6-dev supervisor \ && apt-get install -y certbot -t stretch-backports # start ubnt/unms dockerfile # @@ -28,11 +33,7 @@ COPY --from=unms /home/app/unms /home/app/unms RUN rm -rf node_modules \ && JOBS=$(nproc) npm install sharp@latest \ && JOBS=$(nproc) npm install --production \ - && JOBS=$(nproc) npm install npm \ - && mkdir -p -m 777 "$HOME/unms/public/site-images" \ - && mkdir -p -m 777 "$HOME/unms/data/config-backups" \ - && mkdir -p -m 777 "$HOME/unms/data/unms-backups" \ - && mkdir -p -m 777 "$HOME/unms/data/import" + && JOBS=$(nproc) npm install npm COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh RUN chmod +x /usr/local/bin/docker-entrypoint.sh \ @@ -45,16 +46,59 @@ RUN mkdir -p /home/app/netflow COPY --from=unms-netflow /home/app /home/app/netflow RUN cd /home/app/netflow \ - && rm -rf node_modules \ - && JOBS=$(nproc) npm install --production - + && rm -rf node_modules \ + && JOBS=$(nproc) npm install --production # end unms-netflow dockerfile # +# start unms-crm dockerfile # +RUN mkdir -p /usr/src/ucrm \ + && mkdir -p /tmp/crontabs \ + && mkdir -p /usr/local/etc/php/conf.d \ + && mkdir -p /usr/local/etc/php-fpm.d \ + && mkdir -p /tmp/supervisor.d \ + && mkdir -p /tmp/supervisord + +COPY --from=unms-crm /usr/src/ucrm /usr/src/ucrm +COPY --from=unms-crm /usr/local/bin/crm* /usr/local/bin/ +COPY --from=unms-crm /usr/local/bin/docker* /usr/local/bin/ +COPY --from=unms-crm /tmp/crontabs/server /tmp/crontabs/server +COPY --from=unms-crm /tmp/supervisor.d /tmp/supervisor.d +COPY --from=unms-crm /tmp/supervisord /tmp/supervisord + +RUN grep -lR "nginx:nginx" /usr/src/ucrm/ | xargs sed -i 's/nginx:nginx/unms:unms/g' \ + && grep -lR "su-exec nginx" /usr/src/ucrm/ | xargs sed -i 's/su-exec nginx//g' \ + && grep -lR "su-exec nginx" /tmp/crontabs/ | xargs sed -i 's/su-exec nginx//g' \ + && grep -lR "su-exec nginx" /tmp/supervisor.d/ | xargs sed -i 's/su-exec nginx//g' \ + && sed -i 's#chmod -R 775 /data/log/var/log#chmod -R 777 /data/log/var/log#g' /usr/src/ucrm/scripts/dirs.sh \ + && sed -i 's#chown -R unms:unms /data/log/var/log#chown root:root /data/log/var/log#g' /usr/src/ucrm/scripts/dirs.sh \ + && sed -i 's#rm -rf /var/log#mv /var/log /data/log/var#g' /usr/src/ucrm/scripts/dirs.sh \ + && sed -i 's#LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 48 | head -n 1 || true#head /dev/urandom | tr -dc A-Za-z0-9 | head -c 48#g' \ + /usr/src/ucrm/scripts/parameters.sh \ + && sed -i 's#-regex \x27.*Version\[0-9]\\{14\\}#-regextype posix-extended -regex \x27.*Version\[0-9]\{14}#g' \ + /usr/src/ucrm/scripts/database_migrations_ready.sh \ + && sed -i '/\[program:nginx]/,+10d' /tmp/supervisor.d/server.ini \ + && sed -i '/\[program:pgbouncer]/,+10d' /tmp/supervisor.d/server.ini \ + && sed -i '/\[program:cron]/,+10d' /tmp/supervisor.d/server.ini \ + && sed -i "1s#^#POSTGRES_SCHEMA=ucrm\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_DB=unms\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_PASSWORD=ucrm\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_USER=ucrm\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_PORT=5432\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_HOST=127.0.0.1\n#" /tmp/crontabs/server \ + && sed -i "1s#^#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n#" /tmp/crontabs/server \ + && sed -i "s#\.0#\.crt#g" /usr/src/ucrm/scripts/update-certificates.sh \ + && sed -i "s#this->localUrlGenerator->generate('homepage')#ucrmPublicUrl#g" \ + /usr/src/ucrm/src/AppBundle/Service/Plugin/PluginUcrmConfigGenerator.php \ + && sed -i "/update-ca-certificates/i cp /config/cert/live.crt /usr/local/share/ca-certificates/ || true" /usr/src/ucrm/scripts/update-certificates.sh \ + && /usr/src/ucrm/scripts/update-certificates.sh +# end unms-crm dockerfile # + # ubnt/nginx docker file # ENV NGINX_UID=1000 \ NGINX_VERSION=nginx-1.14.2 \ LUAJIT_VERSION=2.1.0-beta3 \ - LUA_NGINX_VERSION=0.10.13 + LUA_NGINX_VERSION=0.10.13 \ + PHP_VERSION=php-7.2.19 RUN set -x \ && mkdir -p /tmp/src && cd /tmp/src \ @@ -62,10 +106,13 @@ RUN set -x \ && wget -q https://github.com/openresty/lua-nginx-module/archive/v${LUA_NGINX_VERSION}.tar.gz -O lua-nginx-module.tar.gz \ && wget -q https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz -O ndk.tar.gz \ && wget -q http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz -O luajit.tar.gz \ + && wget -q https://www.php.net/get/${PHP_VERSION}.tar.xz/from/this/mirror -O php.tar.xz \ && tar -zxvf lua-nginx-module.tar.gz \ && tar -zxvf ndk.tar.gz \ && tar -zxvf luajit.tar.gz \ && tar -zxvf nginx.tar.gz \ + && tar -xvf php.tar.xz \ + && cp php.tar.xz /usr/src \ && cd /tmp/src/LuaJIT-${LUAJIT_VERSION} && make amalg PREFIX='/usr' && make install PREFIX='/usr' \ && export LUAJIT_LIB=/usr/lib/libluajit-5.1.so && export LUAJIT_INC=/usr/include/luajit-2.1 \ && cd /tmp/src/${NGINX_VERSION} && ./configure \ @@ -85,7 +132,6 @@ RUN set -x \ --without-http_memcached_module \ --without-http_auth_basic_module \ --without-http_userid_module \ - --without-http_fastcgi_module \ --without-http_uwsgi_module \ --without-http_scgi_module \ --prefix=/var/lib/nginx \ @@ -99,29 +145,88 @@ RUN set -x \ --http-proxy-temp-path=/tmp/proxy \ && make -j $(nproc) \ && make install \ + && cd /tmp/src/${PHP_VERSION} && ./configure \ + --with-config-file-path="/usr/local/etc/php" \ + --with-config-file-scan-dir="/usr/local/etc/php/conf.d" \ + --enable-option-checking=fatal \ + --with-mhash \ + --enable-ftp \ + --enable-mbstring \ + --enable-mysqlnd \ + --with-password-argon2 \ + --with-sodium=shared \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + --enable-fpm \ + --with-fpm-user=www-data \ + --with-fpm-group=www-data \ + --disable-cgi \ + && make -j $(nproc) \ + && make install \ && rm /usr/bin/luajit-${LUAJIT_VERSION} \ && rm -rf /tmp/src \ && rm -rf /var/cache/apk/* \ && echo "unms ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers \ && echo "unms ALL=(ALL) NOPASSWD:SETENV: /copy-user-certs.sh reload" >> /etc/sudoers \ - && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-certificate.sh *" >> /etc/sudoers - -ADD https://github.com/Ubiquiti-App/UNMS/archive/v0.14.4.tar.gz /tmp/unms.tar.gz - -RUN cd /tmp \ - && tar -xzf unms.tar.gz \ - && cd UNMS-*/src/nginx \ - && cp entrypoint.sh refresh-certificate.sh refresh-configuration.sh openssl.cnf ip-whitelist.sh / \ - && cp -R templates /templates \ - && mkdir -p /www/public \ - && cp -R public /www/ \ - && chmod +x /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /ip-whitelist.sh + && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-certificate.sh *" >> /etc/sudoers \ + && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-configuration.sh *" >> /etc/sudoers + +COPY --from=unms-crm /etc/nginx/available-servers /etc/nginx/ucrm + +COPY --from=unms-nginx /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /openssl.cnf /ip-whitelist.sh / +COPY --from=unms-nginx /templates /templates +COPY --from=unms-nginx /www/public /www/public + +RUN chmod +x /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /ip-whitelist.sh \ + && sed -i "s#80#9081#g" /etc/nginx/ucrm/ucrm.conf \ + && sed -i "s#81#9082#g" /etc/nginx/ucrm/suspended_service.conf \ + && sed -i '/conf;/a \ \ include /etc/nginx/ucrm/*.conf;' /templates/nginx.conf.template \ + && sed -i "s#execute('/refresh-certificate.sh#execute('sudo --preserve-env /refresh-certificate.sh#g" /templates/conf.d/nginx-api.conf.template \ + && grep -lR "location /nms/ " /templates | xargs sed -i "s#location /nms/ #location /nms #g" \ + && grep -lR "location /crm/ " /templates | xargs sed -i "s#location /crm/ #location /crm #g" \ + && sed -i "s#\\\.\[0-9]{1,3}#[0-9]#g" /refresh-certificate.sh \ + && echo "cp /config/cert/live.crt /usr/local/share/ca-certificates/ || true" >> /refresh-certificate.sh \ + && echo "update-ca-certificates" >> /refresh-certificate.sh # make compatible with debian RUN sed -i "s#/bin/sh#/bin/bash#g" /entrypoint.sh \ - && sed -i "s#adduser -D#adduser --disabled-password --gecos \"\"#g" /entrypoint.sh + && sed -i "s#adduser -D#adduser --disabled-password --gecos \"\"#g" /entrypoint.sh # end ubnt/nginx docker file # +# php & composer +ENV PHP_INI_DIR=/usr/local/etc/php \ + SYMFONY_ENV=prod + +COPY --from=unms-crm /usr/local/etc/php/php.ini /usr/local/etc/php/ +COPY --from=unms-crm /usr/local/etc/php-fpm.conf /usr/local/etc/ +COPY --from=unms-crm /usr/local/etc/php-fpm.d /usr/local/etc/php-fpm.d + +RUN echo '' | pecl install apcu ds \ + && docker-php-ext-enable apcu ds \ + && docker-php-ext-configure gd \ + --with-gd \ + --with-freetype-dir=/usr/include/ \ + --with-png-dir=/usr/include/ \ + --with-jpeg-dir=/usr/include/ \ + && docker-php-ext-configure curl \ + && docker-php-ext-configure imap \ + --with-imap-ssl \ + --with-kerberos \ + && docker-php-ext-install -j2 pdo_pgsql gmp zip bcmath gd bz2 curl \ + exif intl dom xml opcache imap soap sockets sysvmsg sysvshm sysvsem \ + && curl -sS https://getcomposer.org/installer | php -- \ + --install-dir=/usr/bin --filename=composer \ + && cd /usr/src/ucrm \ + && composer global require hirak/prestissimo \ + && composer install \ + --classmap-authoritative \ + --no-dev --no-interaction \ + && composer clear-cache \ + && sed -i 's#nginx#unms#g' /usr/local/etc/php-fpm.d/zz-docker.conf +# end php & composer + ENV PATH=/home/app/unms/node_modules/.bin:$PATH:/usr/lib/postgresql/9.6/bin \ PGDATA=/config/postgres \ POSTGRES_DB=unms \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 07f4684..9cb95c1 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,10 +1,11 @@ # Multi-stage build - See https://docs.docker.com/engine/userguide/eng-image/multistage-build -FROM ubnt/unms:0.14.4 as unms -FROM ubnt/unms-netflow:0.14.4 as unms-netflow -FROM oznu/s6-node:10.15.1-debian-armhf +FROM ubnt/unms:1.0.3 as unms +FROM ubnt/unms-nginx:1.0.3 as unms-nginx +FROM ubnt/unms-netflow:1.0.3 as unms-netflow +FROM ubnt/unms-crm:3.0.3 as unms-crm +FROM oznu/s6-node:10.15.3-debian-armhf - -ENV DEBIAN_FRONTEND=noninteractive +ENV DEBIAN_FRONTEND=noninteractive # base deps redis, rabbitmq, postgres 9.6 RUN set -x \ @@ -15,7 +16,10 @@ RUN set -x \ && apt-get install -y build-essential rabbitmq-server redis-server \ postgresql-9.6 postgresql-contrib-9.6 postgresql-client-9.6 libpq-dev \ gzip bash vim openssl libcap-dev dumb-init sudo gettext zlibc zlib1g zlib1g-dev \ - iproute2 netcat wget libpcre3 libpcre3-dev libssl-dev git \ + iproute2 netcat wget libpcre3 libpcre3-dev libssl-dev git pkg-config \ + libcurl4-openssl-dev libxml2-dev libedit-dev libsodium-dev libargon2-0-dev \ + jq autoconf libgmp-dev libpng-dev libbz2-dev libc-client-dev libkrb5-dev \ + libjpeg-dev libfreetype6-dev supervisor \ && apt-get install -y certbot -t stretch-backports # start ubnt/unms dockerfile # @@ -29,11 +33,7 @@ COPY --from=unms /home/app/unms /home/app/unms RUN rm -rf node_modules \ && JOBS=$(nproc) npm install sharp@latest \ && JOBS=$(nproc) npm install --production \ - && JOBS=$(nproc) npm install npm \ - && mkdir -p -m 777 "$HOME/unms/public/site-images" \ - && mkdir -p -m 777 "$HOME/unms/data/config-backups" \ - && mkdir -p -m 777 "$HOME/unms/data/unms-backups" \ - && mkdir -p -m 777 "$HOME/unms/data/import" + && JOBS=$(nproc) npm install npm COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh RUN chmod +x /usr/local/bin/docker-entrypoint.sh \ @@ -46,16 +46,59 @@ RUN mkdir -p /home/app/netflow COPY --from=unms-netflow /home/app /home/app/netflow RUN cd /home/app/netflow \ - && rm -rf node_modules \ - && JOBS=$(nproc) npm install --production - + && rm -rf node_modules \ + && JOBS=$(nproc) npm install --production # end unms-netflow dockerfile # +# start unms-crm dockerfile # +RUN mkdir -p /usr/src/ucrm \ + && mkdir -p /tmp/crontabs \ + && mkdir -p /usr/local/etc/php/conf.d \ + && mkdir -p /usr/local/etc/php-fpm.d \ + && mkdir -p /tmp/supervisor.d \ + && mkdir -p /tmp/supervisord + +COPY --from=unms-crm /usr/src/ucrm /usr/src/ucrm +COPY --from=unms-crm /usr/local/bin/crm* /usr/local/bin/ +COPY --from=unms-crm /usr/local/bin/docker* /usr/local/bin/ +COPY --from=unms-crm /tmp/crontabs/server /tmp/crontabs/server +COPY --from=unms-crm /tmp/supervisor.d /tmp/supervisor.d +COPY --from=unms-crm /tmp/supervisord /tmp/supervisord + +RUN grep -lR "nginx:nginx" /usr/src/ucrm/ | xargs sed -i 's/nginx:nginx/unms:unms/g' \ + && grep -lR "su-exec nginx" /usr/src/ucrm/ | xargs sed -i 's/su-exec nginx//g' \ + && grep -lR "su-exec nginx" /tmp/crontabs/ | xargs sed -i 's/su-exec nginx//g' \ + && grep -lR "su-exec nginx" /tmp/supervisor.d/ | xargs sed -i 's/su-exec nginx//g' \ + && sed -i 's#chmod -R 775 /data/log/var/log#chmod -R 777 /data/log/var/log#g' /usr/src/ucrm/scripts/dirs.sh \ + && sed -i 's#chown -R unms:unms /data/log/var/log#chown root:root /data/log/var/log#g' /usr/src/ucrm/scripts/dirs.sh \ + && sed -i 's#rm -rf /var/log#mv /var/log /data/log/var#g' /usr/src/ucrm/scripts/dirs.sh \ + && sed -i 's#LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 48 | head -n 1 || true#head /dev/urandom | tr -dc A-Za-z0-9 | head -c 48#g' \ + /usr/src/ucrm/scripts/parameters.sh \ + && sed -i 's#-regex \x27.*Version\[0-9]\\{14\\}#-regextype posix-extended -regex \x27.*Version\[0-9]\{14}#g' \ + /usr/src/ucrm/scripts/database_migrations_ready.sh \ + && sed -i '/\[program:nginx]/,+10d' /tmp/supervisor.d/server.ini \ + && sed -i '/\[program:pgbouncer]/,+10d' /tmp/supervisor.d/server.ini \ + && sed -i '/\[program:cron]/,+10d' /tmp/supervisor.d/server.ini \ + && sed -i "1s#^#POSTGRES_SCHEMA=ucrm\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_DB=unms\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_PASSWORD=ucrm\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_USER=ucrm\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_PORT=5432\n#" /tmp/crontabs/server \ + && sed -i "1s#^#POSTGRES_HOST=127.0.0.1\n#" /tmp/crontabs/server \ + && sed -i "1s#^#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n#" /tmp/crontabs/server \ + && sed -i "s#\.0#\.crt#g" /usr/src/ucrm/scripts/update-certificates.sh \ + && sed -i "s#this->localUrlGenerator->generate('homepage')#ucrmPublicUrl#g" \ + /usr/src/ucrm/src/AppBundle/Service/Plugin/PluginUcrmConfigGenerator.php \ + && sed -i "/update-ca-certificates/i cp /config/cert/live.crt /usr/local/share/ca-certificates/ || true" /usr/src/ucrm/scripts/update-certificates.sh \ + && /usr/src/ucrm/scripts/update-certificates.sh +# end unms-crm dockerfile # + # ubnt/nginx docker file # ENV NGINX_UID=1000 \ NGINX_VERSION=nginx-1.14.2 \ LUAJIT_VERSION=2.1.0-beta3 \ - LUA_NGINX_VERSION=0.10.13 + LUA_NGINX_VERSION=0.10.13 \ + PHP_VERSION=php-7.2.19 RUN set -x \ && mkdir -p /tmp/src && cd /tmp/src \ @@ -63,10 +106,13 @@ RUN set -x \ && wget -q https://github.com/openresty/lua-nginx-module/archive/v${LUA_NGINX_VERSION}.tar.gz -O lua-nginx-module.tar.gz \ && wget -q https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz -O ndk.tar.gz \ && wget -q http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz -O luajit.tar.gz \ + && wget -q https://www.php.net/get/${PHP_VERSION}.tar.xz/from/this/mirror -O php.tar.xz \ && tar -zxvf lua-nginx-module.tar.gz \ && tar -zxvf ndk.tar.gz \ && tar -zxvf luajit.tar.gz \ && tar -zxvf nginx.tar.gz \ + && tar -xvf php.tar.xz \ + && cp php.tar.xz /usr/src \ && cd /tmp/src/LuaJIT-${LUAJIT_VERSION} && make amalg PREFIX='/usr' && make install PREFIX='/usr' \ && export LUAJIT_LIB=/usr/lib/libluajit-5.1.so && export LUAJIT_INC=/usr/include/luajit-2.1 \ && cd /tmp/src/${NGINX_VERSION} && ./configure \ @@ -86,7 +132,6 @@ RUN set -x \ --without-http_memcached_module \ --without-http_auth_basic_module \ --without-http_userid_module \ - --without-http_fastcgi_module \ --without-http_uwsgi_module \ --without-http_scgi_module \ --prefix=/var/lib/nginx \ @@ -100,29 +145,88 @@ RUN set -x \ --http-proxy-temp-path=/tmp/proxy \ && make -j $(nproc) \ && make install \ + && cd /tmp/src/${PHP_VERSION} && ./configure \ + --with-config-file-path="/usr/local/etc/php" \ + --with-config-file-scan-dir="/usr/local/etc/php/conf.d" \ + --enable-option-checking=fatal \ + --with-mhash \ + --enable-ftp \ + --enable-mbstring \ + --enable-mysqlnd \ + --with-password-argon2 \ + --with-sodium=shared \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + --enable-fpm \ + --with-fpm-user=www-data \ + --with-fpm-group=www-data \ + --disable-cgi \ + && make -j $(nproc) \ + && make install \ && rm /usr/bin/luajit-${LUAJIT_VERSION} \ && rm -rf /tmp/src \ && rm -rf /var/cache/apk/* \ && echo "unms ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers \ && echo "unms ALL=(ALL) NOPASSWD:SETENV: /copy-user-certs.sh reload" >> /etc/sudoers \ - && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-certificate.sh *" >> /etc/sudoers - -ADD https://github.com/Ubiquiti-App/UNMS/archive/v0.14.4.tar.gz /tmp/unms.tar.gz - -RUN cd /tmp \ - && tar -xzf unms.tar.gz \ - && cd UNMS-*/src/nginx \ - && cp entrypoint.sh refresh-certificate.sh refresh-configuration.sh openssl.cnf ip-whitelist.sh / \ - && cp -R templates /templates \ - && mkdir -p /www/public \ - && cp -R public /www/ \ - && chmod +x /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /ip-whitelist.sh + && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-certificate.sh *" >> /etc/sudoers \ + && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-configuration.sh *" >> /etc/sudoers + +COPY --from=unms-crm /etc/nginx/available-servers /etc/nginx/ucrm + +COPY --from=unms-nginx /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /openssl.cnf /ip-whitelist.sh / +COPY --from=unms-nginx /templates /templates +COPY --from=unms-nginx /www/public /www/public + +RUN chmod +x /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /ip-whitelist.sh \ + && sed -i "s#80#9081#g" /etc/nginx/ucrm/ucrm.conf \ + && sed -i "s#81#9082#g" /etc/nginx/ucrm/suspended_service.conf \ + && sed -i '/conf;/a \ \ include /etc/nginx/ucrm/*.conf;' /templates/nginx.conf.template \ + && sed -i "s#execute('/refresh-certificate.sh#execute('sudo --preserve-env /refresh-certificate.sh#g" /templates/conf.d/nginx-api.conf.template \ + && grep -lR "location /nms/ " /templates | xargs sed -i "s#location /nms/ #location /nms #g" \ + && grep -lR "location /crm/ " /templates | xargs sed -i "s#location /crm/ #location /crm #g" \ + && sed -i "s#\\\.\[0-9]{1,3}#[0-9]#g" /refresh-certificate.sh \ + && echo "cp /config/cert/live.crt /usr/local/share/ca-certificates/ || true" >> /refresh-certificate.sh \ + && echo "update-ca-certificates" >> /refresh-certificate.sh # make compatible with debian RUN sed -i "s#/bin/sh#/bin/bash#g" /entrypoint.sh \ - && sed -i "s#adduser -D#adduser --disabled-password --gecos \"\"#g" /entrypoint.sh + && sed -i "s#adduser -D#adduser --disabled-password --gecos \"\"#g" /entrypoint.sh # end ubnt/nginx docker file # +# php & composer +ENV PHP_INI_DIR=/usr/local/etc/php \ + SYMFONY_ENV=prod + +COPY --from=unms-crm /usr/local/etc/php/php.ini /usr/local/etc/php/ +COPY --from=unms-crm /usr/local/etc/php-fpm.conf /usr/local/etc/ +COPY --from=unms-crm /usr/local/etc/php-fpm.d /usr/local/etc/php-fpm.d + +RUN echo '' | pecl install apcu ds \ + && docker-php-ext-enable apcu ds \ + && docker-php-ext-configure gd \ + --with-gd \ + --with-freetype-dir=/usr/include/ \ + --with-png-dir=/usr/include/ \ + --with-jpeg-dir=/usr/include/ \ + && docker-php-ext-configure curl \ + && docker-php-ext-configure imap \ + --with-imap-ssl \ + --with-kerberos \ + && docker-php-ext-install -j2 pdo_pgsql gmp zip bcmath gd bz2 curl \ + exif intl dom xml opcache imap soap sockets sysvmsg sysvshm sysvsem \ + && curl -sS https://getcomposer.org/installer | php -- \ + --install-dir=/usr/bin --filename=composer \ + && cd /usr/src/ucrm \ + && composer global require hirak/prestissimo \ + && composer install \ + --classmap-authoritative \ + --no-dev --no-interaction \ + && composer clear-cache \ + && sed -i 's#nginx#unms#g' /usr/local/etc/php-fpm.d/zz-docker.conf +# end php & composer + ENV PATH=/home/app/unms/node_modules/.bin:$PATH:/usr/lib/postgresql/9.6/bin \ PGDATA=/config/postgres \ POSTGRES_DB=unms \ diff --git a/root/etc/cont-init.d/40-prepare b/root/etc/cont-init.d/40-prepare index 2275550..9e2ad9a 100644 --- a/root/etc/cont-init.d/40-prepare +++ b/root/etc/cont-init.d/40-prepare @@ -9,6 +9,10 @@ chown -R abc:abc /config/redis [ -d /home/app/unms/data ] && rm -rf /home/app/unms/data ln -s /config/unms /home/app/unms/data +# UCRM +[ -e /config/unms/ucrm ] || mkdir -p /config/unms/ucrm +ln -s /config/unms/ucrm /data + # Nginx Firmware mkdir -p /home/app/unms/public/firmwares /www ln -s /home/app/unms/public/firmwares /www/firmwares @@ -17,7 +21,7 @@ ln -s /home/app/unms/public/firmwares /www/firmwares [ -e /config/cert ] || mkdir -p /config/cert ln -s /config/cert /cert -# UNMS Logs +# UNMS / UCRM Logs [ -e /config/unms/logs ] || mkdir -p /config/unms/logs chown -R nobody:nogroup /config/unms/logs @@ -33,3 +37,4 @@ echo "127.0.0.1 unms" >> /etc/hosts # Fix logrotate permission chmod 644 /etc/logrotate.d/unms +chmod 644 /etc/logrotate.d/ucrm diff --git a/root/etc/cont-init.d/50-postgres b/root/etc/cont-init.d/50-postgres index 4dd8e83..75826a4 100644 --- a/root/etc/cont-init.d/50-postgres +++ b/root/etc/cont-init.d/50-postgres @@ -7,5 +7,5 @@ chmod 0700 /config/postgres if [ -e /config/postgres/postgresql.conf ]; then echo "Database already configured" else - s6-setuidgid postgres initdb + s6-setuidgid postgres initdb --locale=C.UTF-8 fi diff --git a/root/etc/logrotate.d/ucrm b/root/etc/logrotate.d/ucrm new file mode 100644 index 0000000..d8e0d41 --- /dev/null +++ b/root/etc/logrotate.d/ucrm @@ -0,0 +1,39 @@ +/config/ucrm/logs/*.log { + size 10M + copytruncate + missingok + rotate 7 + compress + delaycompress +} + +/data/log/ucrm/app/logs/*log { + rotate 14 + daily + maxsize 10M + compress + missingok + notifempty + copytruncate + su unms unms + create 775 unms unms +} + +/data/log/ucrm/nginx/*log /data/log/ucrm/php/*log /data/log/ucrm/letsencrypt/*log { + rotate 14 + daily + maxsize 10M + compress + missingok + notifempty + copytruncate + su root root + create 775 root root +} + +/var/log/supervisor/*.log { + missingok + weekly + notifempty + nocompress +} diff --git a/root/etc/services.d/nginx/run b/root/etc/services.d/nginx/run index 441524e..cb6ee25 100644 --- a/root/etc/services.d/nginx/run +++ b/root/etc/services.d/nginx/run @@ -7,6 +7,9 @@ export UNMS_WS_PORT=8082 export UNMS_WS_SHELL_PORT=8083 export UNMS_WS_API_PORT=8084 export UNMS_HOST=127.0.0.1 +export UCRM_HOST=127.0.0.1 +export UCRM_HTTP_PORT=9081 +export UCRM_SUSPEND_PORT=9082 echo "Starting nginx..." diff --git a/root/etc/services.d/permissions/run b/root/etc/services.d/permissions/run index b6420b9..cca4d76 100644 --- a/root/etc/services.d/permissions/run +++ b/root/etc/services.d/permissions/run @@ -2,4 +2,6 @@ sleep 20 chown -R unms:unms /home/app/unms/public +chown -R unms:unms /usr/src/ucrm/web +chown -R unms:unms /usr/src/ucrm/app/cache sleep 40 \ No newline at end of file diff --git a/root/etc/services.d/ucrm/run b/root/etc/services.d/ucrm/run new file mode 100644 index 0000000..a8fd0ed --- /dev/null +++ b/root/etc/services.d/ucrm/run @@ -0,0 +1,68 @@ +#!/usr/bin/with-contenv sh + +export TERM=xterm +export POSTGRES_USER=ucrm +export POSTGRES_DB=unms +export POSTGRES_PASSWORD=ucrm +export POSTGRES_HOST=127.0.0.1 +export POSTGRES_HOST_BOUNCER=127.0.0.1 +export POSTGRES_PORT=5432 +export POSTGRES_PORT_BOUNCER=5432 +export POSTGRES_SCHEMA=ucrm +export UNMS_POSTGRES_SCHEMA=unms +export MAILER_HOST=127.0.0.1 +export MAILER_USERNAME=null +export MAILER_PASSWORD=null +export MAILER_AUTH_MODE=null +export MAILER_ENCRYPTION=null +export MAILER_PORT=null +export MAILER_TRANSPORT=smtp +export RABBITMQ_HOST=127.0.0.1 +export RABBITMQ_PORT=5672 +export RABBITMQ_USER=guest +export RABBITMQ_PASSWORD=guest +export NETFLOW_HOST=127.0.0.1 +export NETFLOW_PORT=2055 +export SECRET=changeThisSecretKey +export SYMFONY_ENV=prod +export FORCE_HTTPS=1 +export TRUSTED_PROXIES=all +export UCRM_USERNAME=null +export UCRM_PASSWORD=null +export UCRM_DISK_USAGE_DIRECTORY=/ +export UAS_INSTALLATION= +export NGINX_VERSION=1.14.2 +export PGBOUNCER_VERSION=1.10.0 +export UNMS_HOST=127.0.0.1 +export UNMS_PORT=8081 +export UNMS_TOKEN=ucrm +export UNMS_VERSION=1.0.3 +export SUSPEND_PORT=9082 +export CLOUD=0 +export CLOUD_SMTP_PORT=null +export CLOUD_SMTP_USERNAME=null +export CLOUD_SMTP_PASSWORD=null +export CLOUD_SMTP_HOSTNAME=null +export CLOUD_SMTP_TLS_ALLOW_UNAUTHORIZED=null +export CLOUD_SMTP_SECURITY_MODE=null +export CLOUD_MAPS_API_KEY=null +export NODE_ENV=production + +# wait for postgres to come up +until pg_isready; do + echo "Waiting for postgres to come up..." + sleep 1 +done + + +if [ "$QUIET_MODE" = "1" ]; then + echo "Starting UCRM in quiet mode..." + cd /usr/src/ucrm + s6-setuidgid root make server_with_migrate >> /config/unms/logs/ucrm.log 2>&1 + + printf "\n\nUCRM exited, last 100 lines of log:\n\n" + tail -n 100 /config/unms/logs/ucrm.log +else + cd /usr/src/ucrm + s6-setuidgid root make server_with_migrate 2>&1 | tee -a /config/unms/logs/ucrm.log +fi diff --git a/root/etc/services.d/unms/run b/root/etc/services.d/unms/run index 8a44c24..72addb1 100644 --- a/root/etc/services.d/unms/run +++ b/root/etc/services.d/unms/run @@ -17,6 +17,9 @@ export UNMS_FLUENTD_HOST=127.0.0.1 export UNMS_FLUENTD_PORT=8081 export UNMS_NGINX_HOST=127.0.0.1 export UNMS_NGINX_PORT=12345 +export UNMS_TOKEN=ucrm +export UCRM_HOST=127.0.0.1 +export UCRM_PORT=9081 export UCRM_PG_USER=ucrm export UCRM_PG_SCHEMA=ucrm export UCRM_PG_PASSWORD=ucrm @@ -34,13 +37,14 @@ if [ $? -ne 0 ]; then echo "Creating database..." createdb -U postgres -O postgres $POSTGRES_DB fi - + +# Migrate database psql -U postgres -d $POSTGRES_DB -qt -c "SELECT schema_name FROM information_schema.schemata" | cut -d \| -f 1 | grep -qw $UNMS_PG_SCHEMA if [ $? -ne 0 ]; then echo "Migrating database..." # Create user unms psql -U postgres -d $POSTGRES_DB -c "CREATE USER $UNMS_PG_USER SUPERUSER PASSWORD '$UNMS_PG_PASSWORD'" - psql -U postgres -d unms -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $UNMS_PG_USER" + psql -U postgres -d $POSTGRES_DB -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $UNMS_PG_USER" # Create user ucrm psql -U postgres -d $POSTGRES_DB -c "CREATE USER $UCRM_PG_USER SUPERUSER PASSWORD '$UCRM_PG_PASSWORD'" psql -U postgres -d $POSTGRES_DB -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $UCRM_PG_USER" @@ -55,18 +59,41 @@ if [ $? -ne 0 ]; then # Change schema owners psql -U postgres -d $POSTGRES_DB -c "ALTER SCHEMA $UNMS_PG_SCHEMA OWNER TO $UNMS_PG_USER" psql -U postgres -d $POSTGRES_DB -c "ALTER SCHEMA $UCRM_PG_SCHEMA OWNER TO $UCRM_PG_USER" - #UCRM views - psql -U postgres -d $POSTGRES_DB -c "CREATE VIEW crm_db_version_view AS SELECT character varying(500) '0.14.4' as value" - psql -U postgres -d $POSTGRES_DB -c "ALTER VIEW crm_db_version_view OWNER TO $UCRM_PG_USER" - psql -U postgres -d $POSTGRES_DB -c "CREATE VIEW crm_permission_group_view AS select uuid '00000000-0000-0000-0000-000000000000' as id, character varying(250) '0' as name" - psql -U postgres -d $POSTGRES_DB -c "ALTER VIEW crm_permission_group_view OWNER TO $UCRM_PG_USER" fi -psql -U postgres -d $POSTGRES_DB -qt -c "SELECT value FROM crm_db_version_view" | cut -d \| -f 1 | grep -qw 0.14.4 +# Migrate extensions +psql -U postgres -d $POSTGRES_DB -qt -c "\df" | cut -d \| -f 2 | grep -qw "uuid_generate_v4" if [ $? -ne 0 ]; then - echo "Updating crm_db_version_view..." - psql -U postgres -d $POSTGRES_DB -c "DROP VIEW IF EXISTS crm_db_version_view" - psql -U postgres -d $POSTGRES_DB -c "CREATE VIEW crm_db_version_view AS SELECT character varying(500) '0.14.4' as value" + echo "Migrating extensions..." + extensions="$(psql -U postgres -d $POSTGRES_DB -qt -c "SELECT extname FROM pg_extension WHERE extname != 'plpgsql'")" + for extension in ${extensions}; do + psql -U postgres -d $POSTGRES_DB -c "ALTER EXTENSION \"${extension}\" SET SCHEMA public" + done +fi + +# Convert database to UTF8 +psql -U postgres -d $POSTGRES_DB -qt -c "SHOW SERVER_ENCODING" | cut -d \| -f 1 | grep -qw UTF8 +if [ $? -ne 0 ]; then + echo "Converting database to UTF8..." + pg_dump -U postgres --encoding utf8 $POSTGRES_DB -f /config/unms_utf8.sql + s6-svc -wd -d /var/run/s6/services/postgres/ + killall -u postgres -w + cp -r /config/postgres /config/postgres_ascii + rm -rf /config/postgres/* + s6-setuidgid postgres initdb --locale=C.UTF-8 + s6-svc -wu -u /var/run/s6/services/postgres/ + until pg_isready; do + echo "Waiting for postgres to come up..." + sleep 1 + done + createdb -U postgres -O postgres $POSTGRES_DB + psql -U postgres -d $POSTGRES_DB -c "CREATE USER $UNMS_PG_USER SUPERUSER PASSWORD '$UNMS_PG_PASSWORD'" + psql -U postgres -d $POSTGRES_DB -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $UNMS_PG_USER" + psql -U postgres -d $POSTGRES_DB -c "CREATE USER $UCRM_PG_USER SUPERUSER PASSWORD '$UCRM_PG_PASSWORD'" + psql -U postgres -d $POSTGRES_DB -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $UCRM_PG_USER" + psql -U postgres -d $POSTGRES_DB -c "ALTER USER $UNMS_PG_USER SET search_path = $UNMS_PG_SCHEMA,public" + psql -U postgres -d $POSTGRES_DB -c "ALTER USER $UCRM_PG_USER SET search_path = $UCRM_PG_SCHEMA,public" + psql -U postgres -f /config/unms_utf8.sql -d unms fi if [ "$QUIET_MODE" = "1" ]; then