Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lupa/compose.libre.sh
  • libre.sh/compose.libre.sh
  • ecobytes/compose.libre.sh
  • jordan.mitchell/compose.libre.sh
  • timothee/compose.libre.sh
5 results
Show changes
Commits on Source (434)
334 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 487 additions and 411 deletions
.gitignore
View file @ 408b8f91
.vagrant
docker-haproxy-confd
*.swp
CHANGELOG.md
View file @ 408b8f91
# 1.2.0
* Add app admin email as argument in provision #189
* Handle git branches when provisioning #174
* REPO mode to retrieve application recipe #187
# 0.3.0
* adds automation script for user provisionning
* moves backup to duplicity
* big simplification
* some fixes
# 0.2.4
......
INSTALL.cloud.md 0 → 100644
View file @ 408b8f91
# Instructions to install libre.sh
## Recommendation
- you'd need API key on Namecheap (if you want to automatically buy and configure domain name)
## Installation
These instructions depend a bit on your cloud provider.
### [Digital Ocean](https://m.do.co/c/1b468ce0671f)
1. Install [doctl](https://github.com/digitalocean/doctl/)
2. Issue the following command:
```
doctl compute droplet create libre.sh --user-data-file ./user_data --wait --ssh-keys $KEY_ID --size 1gb --region lon1 --image coreos-stable
```
### Provider with user_data support
If you use a cloud provider that support `user_data`, like [Scaleway](http://scaleway.com/), just use [this user_data](https://raw.githubusercontent.com/indiehosters/libre.sh/master/user_data).
### Hetzner
You can also buy a baremetal at [Hetzner](https://serverboerse.de/index.php?country=EN) as they are the cheapest options around. Follow these [instructions](INSTALL_HETZNER.md) in this case.
### Provider without user_data support
Use boot a live cd, and issue that command:
```
wget https://raw.github.com/coreos/init/master/bin/coreos-install
bash coreos-install -d /dev/sda -c user_data
```
And voila, your first libre.sh node is ready!
INSTALL_HETZNER.md 0 → 100644
View file @ 408b8f91
# Instructions to install libre.sh
## Recommendation
- ssd on /dev/sda
- hdd on /dev/sdb
- hdd on /dev/sdc
- API key on Namecheap (if you want to automatically buy domain name)
# Installation
First, you need a server.
We recommend [Hetzner](https://serverboerse.de/index.php?country=EN) as they are the cheapest options around.
You can filter servers with ssd.
These instructions can also work on any VM/VPS/Hardware.
## Install the system
```
IP=
ssh -o "StrictHostKeyChecking no" root@$IP
hostname=
ssh_public_key=""
fdisk -l #find your ssd
# Setup raid
cat > /etc/mdadm.conf << EOF
MAILADDR dev@null.org
EOF
mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/sdb /dev/sdc
mkfs.ext4 /dev/md0
cat > cloud-config.tmp << EOF
#cloud-config
hostname: "$hostname"
ssh_authorized_keys:
- $ssh_public_key
EOF
apt-get install gawk
wget https://raw.github.com/coreos/init/master/bin/coreos-install
bash coreos-install -d /dev/sda -c cloud-config.tmp
reboot
```
```
ssh core@$IP
#configure mdmonitor.
sudo su -
mdadm --examine --scan > /etc/mdadm.conf
vim /etc/mdadm.conf
#ADD your mail
MAILADDR xxx@xxx.org
# Start service
systemctl start mdmonitor.service
cat > /etc/systemd/system/data.mount << EOF
[Mount]
What=/dev/md0
Where=/data
Type=ext4
EOF
wget https://raw.githubusercontent.com/indiehosters/libre.sh/master/user_data -O /var/lib/coreos-install/user_data
coreos-cloudinit /var/lib/coreos-install/user_data
INSTALL_LINUX.md 0 → 100644
View file @ 408b8f91
# Instructions to install libre.sh on linux with Systemd
## Recommendation
- Systemd distro (ubuntu server 18.04.3 or debian 9 )
# Installation
Where basicly reproduce what the user_data do for us.
as root
# configure sshd (Optional)
Don't forget to create the user core and adding your ssh key before
You could also remove AllowUsers core or/and change the username.
```
cat > /etc/ssh/sshd_config <<EOF
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
PermitRootLogin no
AllowUsers core
PasswordAuthentication no
ChallengeResponseAuthentication no
EOF
chmod 600 /etc/ssh/sshd_config
systemctl restart sshd
```
# add kernel parameter (optional but recommended )
```
cat > /etc/sysctl.d/libresh.conf <<EOF
fs.aio-max-nr=1048576
vm.max_map_count=262144
vm.overcommit_memory=1
EOF
chmod 644 /etc/sysctl.d/libresh.conf
sysctl -p /etc/sysctl.d/libresh.conf
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```
# define Localhost (should not be needed but... )
```
cat > /etc/hosts <<EOF
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
EOF
```
# define envrionment
```
cat > /etc/environment <<EOF
NAMECHEAP_URL="namecheap.com"
NAMECHEAP_API_USER="pierreo"
NAMECHEAP_API_KEY=
IP="curl -s http://icanhazip.com/"
FirstName="Pierre"
LastName="Ozoux"
Address=""
PostalCode=""
Country="Portugal"
Phone="+351.967184553"
EmailAddress="pierre@ozoux.net"
City="Lisbon"
CountryCode="PT"
BACKUP_DESTINATION=root@xxxxx:port
MAIL_USER=
MAIL_PASS=
MAIL_HOST=mail.indie.host
MAIL_PORT=587
EOF
```
# install docker
*Current tested version : 19.03.5 see https://docs.docker.com/install/linux/docker-ce/ubuntu/ .*
# install docker-compose
*Remark I did a variante to find the last version of DockerCompose and download it*
```
mkdir -p /opt/bin &&\
dockerComposeVersion=$(curl -s https://api.github.com/repos/docker/compose/releases/latest|grep tag_name|cut -d'"' -f4) &&\
curl -L https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` > /opt/bin/docker-compose &&\
chmod +x /opt/bin/docker-compose
```
# install Libre.sh
```
git clone https://lab.libreho.st/libre.sh/compose.libre.sh /libre.sh &&\
mkdir -p /{data,system} &&\
mkdir -p /data/trash &&\
cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
systemctl enable web-net.service &&\
systemctl start web-net.service &&\
mkdir -p /opt/bin &&\
cp /libre.sh/utils/* /opt/bin/
```
# add /opt/bin path
```
cat > /etc/profile.d/libre.sh <<EOF
export PATH=$PATH:/opt/bin
EOF
chmod 644 /etc/profile.d/libre.sh
```
README.md
View file @ 408b8f91
## IndieHosters
# libre.sh Version 1.2
[![Backers on Open Collective](https://opencollective.com/libresh/backers/badge.svg)](#backers)
[![Sponsors on Open Collective](https://opencollective.com/libresh/sponsors/badge.svg)](#sponsors)
This repository contains the configuration and scripts we use to control our servers.
It can run inside Vagrant or [deploy to a server](doc/getting-started-as-a-hoster.md)
## Introduction
## Prerequisites to running this code with Vagrant:
- [vagrant](http://www.vagrantup.com/)
- [virtualbox](https://www.virtualbox.org/)
- nfs
- linux: run `apt-get install nfs-kernel-server`, or your OS equivalent
- [vagrant-hostsupdater](https://github.com/cogitatio/vagrant-hostsupdater)
- run `vagrant plugin install vagrant-hostsupdater` to install
An ecosystem to ease free software hosting \o/
## Get started:
We are working on bootstrapping an ecosystem of tools to facilitate the hosting of free software.
Think of it as
- [ISPconfig](https://www.ispconfig.org/)
- FLOSS [cpanel](https://www.cpanel.net/products/)
- [cloudron](https://cloudron.io/) with email
```bash
vagrant up
```
Wait for the provisioning to finish (~40mins), and go to your browser: https://indiehosters.dev
* Libre.sh V1 (Stable) is using docker-compose
* Libre.sh V2 (Alpha) is using [kubernetes](https://kubernetes.io/).
This ecosystem can be deployed on [Raspberries](https://kubecloud.io/setting-up-a-kubernetes-1-11-raspberry-pi-cluster-using-kubeadm-952bbda329c8) or on popular cloud providers and scale globally or anything in between.
We can affirm that V2 scales globally because it is based on kubernetes, a tool developped from the experience of Google hosting containers at scale.
## Installation
To install it, follow the instructions in `INSTALL_LINUX.md` : https://lab.libreho.st/libre.sh/compose.libre.sh/blob/master/INSTALL_LINUX.md
Or run our installer script
https://lab.libreho.st/libre.sh/compose.libre.sh/raw/master/install.linux.sh
### What is libre.sh
libre.sh is a little framework to host Docker. It is simple and modular and respect the convention over configuration paradigm.
This is aimed at Hosters to manage a huge amount of different web application, and a quantity of domain names related with emails and so on.
It is currently installed at 3 different hosters in production and hosting ~20 different web applications, with ~500 containers.
Once well installed, in one bash command, you'll be able to:
- buy a domain name
- configure DNS for it
- configure email for it
- configure dkim for that domain
- configure dmarc for that domain
- configure autoconfig for that domain
- install and start a web application on that domain (WordPress, Nextcloud, piwik...)
- provision a TLS cert on that domain
If the process fails, for instance due to network problems, you can retry by running `vagrant provision`.
Amazing, right?
### Set up a domain:
### Modular
The PaaS is really modular, that's why it contains the strict necessary, then you'll probably want to add `system` modules or `applications`.
It contains 2 [unit-files](https://lab.libreho.st/libre.sh/compose.libre.sh/tree/master/unit-files) to manage system modules and applications, start them at boot, and load the appropriate environment.
### Support
You can use the following channels to request community support:
- [mailinglist/forum](https://forum.indie.host/t/about-the-libre-sh-category/71)
- [chat](https://chat.indie.host/channel/libre.sh)
For paid support, just send an inquiry to support@libre.sh.
You can also watch the Fosdem Video : [Video Fosdem](https://fosdem.org/2017/schedule/event/libre_sh/)
All of this is hosted by libre.sh :)
## System modules
Here is a list of modules supported:
- https proxy:
- [HAProxy](https://lab.libreho.st/libre.sh/compose/haproxy)
- [Nginx](https://lab.libreho.st/libre.sh/compose/nginx)
- [monitoring](https://lab.libreho.st/libre.sh/compose/monitoring)
- [git-puller](https://lab.libreho.st/libre.sh/compose/git-puller)
Go to their respective page for more details.
### To install and start a module:
```bash
vagrant ssh core-1
sudo mkdir -p /data/import/example.dev/TLS
sudo cp /data/indiehosters/scripts/unsecure-certs/example.dev.pem /data/import/example.dev/TLS
sudo systemctl enable static@example.dev
sudo systemctl start static@example.dev
```
cd /system/
git clone https://lab.libreho.st/libre.sh/compose/[module]
cd module
libre enable
libre start
```
## Applications
### List of supported applications
Check https://example.dev in your bowser!
| Application | Latest Version | Comments |
|--------------|---------------------------|------------|
| wordpress | 5.9 | Includes the support of SMTP email though libresh variables |
| dolibarr | 15.0.3 | need manual deletion of the install.lock to upgrade |
### Cleaning up
To clean up stuff from previous runs of your VM, you can do:
### Installation
```bash
vagrant destroy
vagrant up
To install application `wordpress` on `example.org`, first make point example.org to your server IP, and then, just run:
```
libre provision -a wordpress -u example.org -s
```
## Tests
```bash
vagrant destroy
vagrant up
# Set up example.dev as above, and test https://example.dev in your browser
vagrant ssh core-1
sudo su
/data/indiehosters/tests/start.sh
exit
exit
vagrant reload --provision
vagrant ssh core-1
sudo su
/data/indiehosters/tests/finish.sh
- -u [arg] URL to process. Required.
- -a [arg] Application to install. (wordpress in REPO_MODE)
- -t [arg] Checkout a specific tag or branch from the application repo. default to master
- -e [arg] Specify the email of the application admin
- -s Start the application right away.
- -b Buys the associated domain name.
- -i Configure OpenDKIM.
- -c Configures DNS if possible.
## To debug a module or an application:
```
libre ps
libre logs -f --tail=100
libre stop
libre restart
```
## Contributing
If you have any issue (something not working, missing doc), please do report an issue here! Thanks
This system is used in production at [IndieHosters](https://indiehosters.net/) so it is maintained. If you use it, please tell us, and we'll be really happy to update this README!
You can help us by:
- starring this project
- sending us a thanks email
- reporting bugs
- writing documentation/blog on how you got up and running in 5mins
- writing more documentation
- sending us cake :) We loove cake!
## Contributors
This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
<a href="https://github.com/indiehosters/libre.sh/graphs/contributors"><img src="https://opencollective.com/libresh/contributors.svg?width=890&button=false" /></a>
## Backers
Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/libresh#backer)]
<a href="https://opencollective.com/libresh#backers" target="_blank"><img src="https://opencollective.com/libresh/backers.svg?width=890"></a>
## Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/libresh#sponsor)]
<a href="https://opencollective.com/libresh/sponsor/0/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/0/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/1/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/1/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/2/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/2/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/3/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/3/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/4/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/4/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/5/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/5/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/6/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/6/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/7/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/7/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/8/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/8/avatar.svg"></a>
<a href="https://opencollective.com/libresh/sponsor/9/website" target="_blank"><img src="https://opencollective.com/libresh/sponsor/9/avatar.svg"></a>
## Other projects
Simplifying web application hosting has always been a goal for a lot of other projects, here is some project that share goals with libre.sh
- Yunohost https://yunohost.org
- Sandstorm https://sandstorm.io/
- Cloudron https://git.cloudron.io/cloudron/box
ROADMAP.md 0 → 100644
View file @ 408b8f91
# TL;DR
- k8s
- [ ] ceph
- [ ] flannel
- [ ] baremetal install
# Object
The aim of this document is to write the big lines of the future of libre.sh.
# Version 1
The current version, let's call it 1, is a nice opiniated framework on how to run a single host with docker-compose.
It provides a list of packages and module compatible with this framework.
The best features of this framework are:
- https only
- some integration between the tools (auto provisioning of emails for new applications)
- domain name buying (Namecheap api)
- dns configuration (Namecheap api)
# Version 2 - k8s
This roadmap will discuss about the migration to kubernetes (k8s).
## Distributions
There are various k8s distributions (Tectonic, deis, openshift..) and the aim of libre.sh is not to become yet another distribution.
It would be nice if we could list them, evaluate them, and decide to use one of them or not.
## Installation/Operation
libre.sh should be opiniated on the way to install and operate the cluster.
It should provide easy steps to install on baremetal first. We aim for libre software, and as such, we can't rely
on cloud providers like gcloud, aws, or digital ocean.
As a second priority, we should give easy instructions to deploy on any cloud providers, as people are free to choose their chains :)
## Storage
One big challenge in k8s cluster context is to provide an implementation of major cloud providers about [PersistantVolume](https://kubernetes.io/docs/user-guide/persistent-volumes/).
In a libre cluster, this function would be achieved by a distributed file system technology.
After some investigation, the choice would be to use ceph.
There are already some work done on it like the [ceph-docker](https://github.com/ceph/ceph-docker/tree/master/examples) repo.
## Network
Another big challenge is network. k8s is strongly opiniated on what should be the network configuration.
Ideally, we would use some IPsec to secure the links between machine in a context we can't trust the network (like at hetzner).
There are 3 options:
- zerotier
- tinc vpn
- flannel that might implement IPsec in a near future
The cheapest in term of work would be to bet on flannel.
## Packages
There is now a way to create and distribute packages in a standard way.
We can then remove the idea of modules and applications.
They will all be packages.
The k8s standard for that is [helm](http://helm.sh/). There is already a big list of packages.
As for libre.sh, the idea would be to contribute the missing packages there.
### opportunistic packages
libre.sh would then be, just a repo of documentation on how to install, operate and manage a k8s cluster on baremetal.
There is still a place where we can have a difference.
This idea is called opportunistic package.
This would be a package based on an official one.
Let's take the example of WordPress.
The libre.sh version of WordPress would be based on the official one.
But it will have some mechanisms to discovers services available inside the cluster it is running on.
These services could be:
- ldap
- piwik
- email
So, when you install a new WordPress, it will try to discover opportunistically if there is a ldap service in the cluster,
and if yes, configure WordPress to use this ldap service.
This pattern will help make it happen:
https://github.com/kubernetes-incubator/service-catalog
Vagrantfile deleted 100644 → 0
View file @ fac415ae
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.require_version ">= 1.5.0"
# Size of the CoreOS cluster created by Vagrant
$num_instances=1
# Official CoreOS channel from which updates should be downloaded
$update_channel='stable'
# Setting for VirtualBox VMs
$vb_memory = 1024
$vb_cpus = 1
BASE_IP_ADDR = ENV['BASE_IP_ADDR'] || "192.168.65"
HOSTNAME = ENV['HOSTNAME'] || "indiehosters.dev"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "coreos-%s" % $update_channel
config.vm.box_version = ">= 308.0.1"
config.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json" % $update_channel
config.vm.define "backup" do |backup|
backup.vm.provider :virtualbox do |vb|
vb.memory = 512
vb.cpus = 1
vb.check_guest_additions = false
vb.functional_vboxsf = false
end
# plugin conflict
if Vagrant.has_plugin?("vagrant-vbguest") then
backup.vbguest.auto_update = false
end
backup.vm.hostname = "backup.dev"
backup.vm.network :private_network, ip: "192.168.65.100"
end
(1..$num_instances).each do |i|
config.vm.define "core-#{i}" do |core|
core.vm.provider :virtualbox do |vb|
vb.memory = $vb_memory
vb.cpus = $vb_cpus
# On VirtualBox, we don't have guest additions or a functional vboxsf
# in CoreOS, so tell Vagrant that so it can be smarter.
vb.check_guest_additions = false
vb.functional_vboxsf = false
end
# plugin conflict
if Vagrant.has_plugin?("vagrant-vbguest") then
core.vbguest.auto_update = false
end
core.vm.hostname = HOSTNAME
core.hostsupdater.aliases = ["example.dev"]
core.vm.network :private_network, ip: "#{BASE_IP_ADDR}.#{i+1}"
core.vm.synced_folder ".", "/data/indiehosters", id: "coreos-indiehosters", :nfs => true, :mount_options => ['nolock,vers=3,udp']
core.vm.provision :file, source: "./cloud-config", destination: "/tmp/vagrantfile-user-data"
$install_insecure_keys = <<SCRIPT
mkdir ~/.ssh
wget https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub -O ~/.ssh/id_rsa.pub
wget https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant -O ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
SCRIPT
core.vm.provision :shell, inline: $install_insecure_keys
core.vm.provision :shell, inline: "mkdir -p /data/runtime/haproxy/approved-certs; cp /data/indiehosters/scripts/unsecure-certs/*.pem /data/runtime/haproxy/approved-certs"
core.vm.provision :shell, path: "./scripts/setup.sh", args: [HOSTNAME]
$start_indiehosters_dev = <<SCRIPT
sudo mkdir -p /data/import/indiehosters.dev/TLS
sudo cp /data/indiehosters/scripts/unsecure-certs/indiehosters.dev.pem /data/import/indiehosters.dev/TLS
sudo systemctl enable static@indiehosters.dev
sudo systemctl start static@indiehosters.dev
SCRIPT
core.vm.provision :shell, inline: $start_indiehosters_dev
end
end
end
cloud-config deleted 100644 → 0
View file @ fac415ae
#cloud-config
hostname: k1
coreos:
update:
reboot-strategy: best-effort
etcd:
addr: 172.17.42.1:4001
bind-addr: 172.17.42.1:4001
peer-addr: 172.17.42.1:7001
peer-bind-addr: 172.17.42.1:7001
units:
- name: etcd.service
command: start
write_files:
- path: /data/BACKUP_DESTINATION
permissions: 0644
owner: root
content: |
core@backup.dev
write_files:
- path: /etc/hosts
permissions: 0644
owner: root
content: |
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
10.0.0.xx mybackupserver
10.0.0.yy myotherserver
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
users:
- name: backup
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key (this should be ssh key of the root user of the other server)
dockerfiles/email-forwarder/Dockerfile deleted 100644 → 0
View file @ fac415ae
FROM debian:jessie
MAINTAINER Michiel de Jong <michiel@indiehosters.net>
# Borrows from https://docs.docker.com/articles/dockerfile_best-practices/
# Borrows from https://registry.hub.docker.com/u/previousnext/postfix
# Borrows from https://registry.hub.docker.com/u/catatnight/postfix
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& echo "postfix postfix/main_mailer_type string 'Internet site'" | debconf-set-selections \
&& echo "postfix postfix/mailname string 'HOSTNAME.EXAMPLE.COM'" | debconf-set-selections \
&& echo "postfix postfix/root_address string 'ROOTMAIL@EXAMPLE.COM'" | debconf-set-selections \
&& apt-get install -q -y \
postfix \
rsyslog \
supervisor \
&& rm -rf /var/lib/apt/lists/*
COPY assets/install.sh /opt/install.sh
VOLUME ["/etc/postfix", "/var/spool/mail", "/var/log"]
EXPOSE 25
CMD /opt/install.sh;/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
dockerfiles/email-forwarder/assets/install.sh deleted 100755 → 0
View file @ fac415ae
#!/bin/bash
#judgement
if [[ -a /etc/supervisor/conf.d/supervisord.conf ]]; then
exit 0
fi
#supervisor
cat > /etc/supervisor/conf.d/supervisord.conf <<EOF
[supervisord]
nodaemon=true
[program:postfix]
command=/opt/postfix.sh
[program:rsyslog]
command=/usr/sbin/rsyslogd -n
EOF
############
# postfix
############
cat >> /opt/postfix.sh <<EOF
#!/bin/bash
service postfix start
touch /var/log/mail.log
tail -f /var/log/mail.log
EOF
chmod +x /opt/postfix.sh
# put the same FQDN in /data/hostname and in reverse DNS
# for the public IP address on which this server will be
# receiving smtp traffic.
cp /data/hostname /etc/mailname
/usr/sbin/postconf -e "myhostname=`cat /data/hostname`"
# put all relevant domains in /data/destinations.
/usr/sbin/postconf -e "mydestination=`cat /data/destinations`"
#put your forwarding addresses in /data/forwards.
echo "virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp" >> /etc/postfix/main.cf
cp /data/forwards /etc/postfix/virtual-regexp
postmap /etc/postfix/virtual-regexp
touch /etc/postfix/virtual
postmap /etc/postfix/virtual
dockerfiles/load-balancer/confd/Dockerfile deleted 100644 → 0
View file @ fac415ae
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
RUN \
apt-get update &&\
apt-get install -y \
wget \
ca-certificates &&\
rm -rf /var/lib/apt/lists/*
ADD confd /etc/confd
RUN \
wget https://github.com/kelseyhightower/confd/releases/download/v0.6.3/confd-0.6.3-linux-amd64 -O confd && \
chmod +x confd
RUN \
wget https://get.docker.com/builds/Linux/x86_64/docker-1.2.0 -O docker && \
chmod +x docker
VOLUME ["/etc/confd/", "/etc/haproxy"]
ENTRYPOINT ["/confd"]
CMD ["-interval=60", "-node=172.17.42.1:4001"]
dockerfiles/load-balancer/confd/README.md deleted 100644 → 0
View file @ fac415ae
# Confd
The smallest confd docker image in town ;)
## Run
This image will log everything to stdout/stderr.
It was designed to work with HAproxy, but you can use it for anything! There is no configuration, you'll have to mount the config folder. There is a nice example in [indiehosters/confd git repo](https://github.com/indiehosters/dockerfiles/tree/master/server-wide/confd).
```bash
docker run\
-v /haproxy-config:/etc/haproxy/\
-v ./confd/:/etc/confd/\
-v /var/run/docker.sock:/var/run/docker.sock\
indiehosters/confd
```
It works really well with [indiehosters/haproxy](https://registry.hub.docker.com/u/indiehosters/haproxy/) to have automatic configuration of HAproxy backed by `etcd` or `consul`.
dockerfiles/load-balancer/confd/confd/conf.d/crt-list.toml deleted 100644 → 0
View file @ fac415ae
[template]
src = "crt-list.tmpl"
dest = "/etc/haproxy/crt-list"
keys = [
"/services"
]
reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
dockerfiles/load-balancer/confd/confd/conf.d/haproxy.toml deleted 100644 → 0
View file @ fac415ae
[template]
src = "haproxy.cfg.tmpl"
dest = "/etc/haproxy/haproxy.cfg"
keys = [
"/services"
]
reload_cmd = "/docker kill --signal=\"SIGUSR1\" haproxy"
dockerfiles/load-balancer/confd/confd/templates/crt-list.tmpl deleted 100644 → 0
View file @ fac415ae
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
/etc/haproxy/approved-certs/{{base $hostname}}.pem {{base $hostname}}
/etc/haproxy/approved-certs/{{base $hostname}}.pem www.{{base $hostname}}
{{end}}
{{end}}
dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl deleted 100644 → 0
View file @ fac415ae
global
maxconn 4096
user haproxy
group haproxy
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
defaults
mode http
option forwardfor
option httpclose
option httplog
option dontlognull
retries 3
timeout connect 5000
timeout client 50000
timeout server 50000
frontend https-in
mode http
bind *:443 ssl no-sslv3 crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
reqadd X-Forwarded-Proto:\ https
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
{{$data := json .Value}}
# {{base $hostname}}:
acl https_{{base $hostname}} hdr(host) -i {{base $hostname}}
acl https_{{base $hostname}} hdr(host) -i www.{{base $hostname}}
use_backend {{base $hostname}} if https_{{base $hostname}}
{{end}}
{{end}}
frontend http-in
bind *:80
redirect scheme https code 301
{{range $app := lsdir "/services"}}
{{$hostnames := printf "/services/%s/*" $app}}
{{range gets $hostnames}}
{{$hostname := .Key}}
{{$data := json .Value}}
# {{base $hostname}}:
backend {{base $hostname}}
cookie SERVERID insert nocache indirect
server Server {{$data.ip}}:{{$data.port}} cookie Server
{{end}}
{{end}}
dockerfiles/load-balancer/haproxy/Dockerfile deleted 100644 → 0
View file @ fac415ae
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
# Install Haproxy.
RUN \
apt-get update && \
apt-get install -y haproxy && \
rm -rf /var/lib/apt/lists/*
VOLUME ["/etc/haproxy"]
ENTRYPOINT ["haproxy"]
CMD ["-d", "-f", "/etc/haproxy/haproxy.cfg"]
EXPOSE 80
EXPOSE 443
dockerfiles/load-balancer/haproxy/README.md deleted 100644 → 0
View file @ fac415ae
# HAproxy
The smallest HAproxy docker image in town ;)
## Run
This image will log everything to stdout/stderr. Somehow, it respects 12-Factor App. But it uses the debug flag of HAProxy. If you have a better idea, please read this [blog post](http://pierre-o.fr/blog/2014/08/27/haproxy-coreos/) first.
```bash
docker run\
-v /haproxy-config:/etc/haproxy\
-p 80:80\
-p 443:443\
indiehosters/haproxy
```
Have a look to [indiehosters/confd](https://registry.hub.docker.com/u/indiehosters/confd/) to have automatic configuration of HAproxy backed by `etcd` or `consul`.
dockerfiles/services/apache/Dockerfile deleted 100644 → 0
View file @ fac415ae
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& apt-get -yq install \
apache2 \
curl \
mysql-client \
libapache2-mod-php5 \
php-apc \
php-pear \
php5-curl \
php5-gd \
php5-mysql \
php5-xmlrpc \
&& rm -rf /var/lib/apt/lists/*
# Add image configuration and scripts
ADD default.conf /etc/apache2/sites-enabled/000-default.conf
ADD run.sh /run.sh
RUN sed -i "s/variables_order.*/variables_order = \"EGPCS\"/g" /etc/php5/apache2/php.ini \
&& mkdir -p /app \
&& rm -rf /var/www/html \
&& ln -s /app /var/www/html \
&& a2enmod rewrite \
&& chmod 755 /run.sh
CMD ["/run.sh"]
EXPOSE 80