boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

improved dockerfiles

Browse Source 
They do not use git pull to get the latest YaCy code.
Instead they copy from local file system.
pull/402/head
Michael Peter Christen 3 years ago
parent 4c920d05b5
commit 062111a003
3 changed files with 116 additions and 116 deletions
Show Stats Download Patch File Download Diff File

29
docker/Dockerfile
Unescape View File

@ -15,31 +15,30 @@ RUN java -version
WORKDIR /opt
# All in one step to reduce image size growth :
# - install ant and git packages
# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source)
# - install ant package
# - Compile with ant
# - remove unnecessary and size consuming .git directory
# - remove ant and git packages
# - remove ant package
# Possible alternative : copy directly your current sources an remove git clone command from the following RUN
# COPY . /opt/yacy_search_server/
# copy sources
COPY . /opt/yacy_search_server/
RUN apt-get update && \
apt-get install -yq ant git && \
git clone https://github.com/yacy/yacy_search_server.git && \
RUN rm -rf /opt/yacy_search_server/.git && \
apt-get update && \
apt-get install -yq ant && \
ant compile -f /opt/yacy_search_server/build.xml && \
rm -rf /opt/yacy_search_server/.git && \
apt-get purge -yq --auto-remove ant git && \
apt-get purge -yq --auto-remove ant && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN \
# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex())
# Set initial admin password: "yacy" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex())
# > java -classpath classes net.yacy.cora.order.Digest -strfhex "admin:The YaCy access is limited to administrators. If you don't know the password, you can change it using <yacy-home>/bin/passwd.sh <new-password>:docker"
sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init && \
# Intially enable HTTPS : this is the most secure option for remote administrator authentication
sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:8cffbc0d66567a0987a4aba1ec46d63c" /opt/yacy_search_server/defaults/yacy.init && \
sed -i "/adminAccountForLocalhost=/c\adminAccountForLocalhost=false" /opt/yacy_search_server/defaults/yacy.init && \
# Intially enable HTTPS: this is the most secure option for remote administrator authentication
sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init && \
# Create user and group yacy : this user will be used to run YaCy main process
# Create user and group yacy: this user will be used to run YaCy main process
adduser --system --group --no-create-home --disabled-password yacy && \
# Set ownership of yacy install directory to yacy user/group
chown yacy:yacy -R /opt/yacy_search_server
@ -47,7 +46,7 @@ RUN \
# Expose HTTP and HTTPS default ports
EXPOSE 8090 8443
# Set data volume : yacy data and configuration will persist even after container stop or destruction
# Set data volume: yacy data and configuration will persist even after container stop or destruction
VOLUME ["/opt/yacy_search_server/DATA"]
# Next commands run as yacy as non-root user for improved security

30
docker/Dockerfile.alpine
Unescape View File

@ -77,40 +77,38 @@ ENV PATH ${PATH}:/opt/ant/bin
WORKDIR /opt
# All in one step to reduce image size growth :
# - add git package
# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source)
# - compile with apache ant
# - remove unnecessary and size consuming .git directory
# - delete git package and ant binary install
# - delete ant binary install
# Possible alternative : copy directly your current sources an remove git clone command from the following RUN
# COPY . /opt/yacy_search_server/
# copy sources
COPY . /opt/yacy_search_server/
RUN apk add --no-cache git && \
git clone https://github.com/yacy/yacy_search_server.git && \
RUN apk add --no-cache \
ant compile -f /opt/yacy_search_server/build.xml && \
rm -rf /opt/yacy_search_server/.git && \
rm -rf /opt/ant && \
apk del git
rm -rf /opt/ant
RUN \
# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex())
sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init && \
# Intially enable HTTPS : this is the most secure option for remote administrator authentication
# Set initial admin password: "yacy" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex())
sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:8cffbc0d66567a0987a4aba1ec46d63c" /opt/yacy_search_server/defaults/yacy.init && \
sed -i "/adminAccountForLocalhost=/c\adminAccountForLocalhost=false" /opt/yacy_search_server/defaults/yacy.init && \
# Intially enable HTTPS: this is the most secure option for remote administrator authentication
sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init && \
# Create user and group yacy : this user will be used to run YaCy main process
# Create user and group yacy: this user will be used to run YaCy main process
addgroup yacy && adduser -S -G yacy -H -D yacy && \
# Set ownership of yacy install directory to yacy user/group
chown yacy:yacy -R /opt/yacy_search_server
RUN rm -rf /opt/yacy_search_server/DATA
# Expose HTTP and HTTPS default ports
EXPOSE 8090 8443
# Set data volume : yacy data and configuration will persist aven after container stop or destruction
# Set data volume: yacy data and configuration will persist even after container stop or destruction
VOLUME ["/opt/yacy_search_server/DATA"]
# Next commands run as yacy as non-root user for improved security
USER yacy
# Start yacy as a foreground process (-f) to display console logs and to wait for yacy process
CMD ["/bin/sh","/opt/yacy_search_server/startYACY.sh","-f"]
CMD ["/bin/sh","/opt/yacy_search_server/startYACY.sh","-f"]

173
docker/Readme.md
Unescape View File

@ -7,84 +7,89 @@
## Getting built image from Docker Hub
docker pull yacy/yacy_search_server
Repository URL : (https://hub.docker.com/r/yacy/yacy_search_server/)
The repository URL is https://hub.docker.com/r/yacy/yacy_search_server/
* ubuntu-based: `docker pull yacy/yacy_search_server:latest`
* alpine-based: `docker pull yacy/yacy_search_server:latest-alpine`
## Building image yourself
Using yacy_search_server/docker/Dockerfile :
Using files in 'yacy_search_server/docker/':
```
cd yacy_search_server/docker
```
cd yacy_search_server/docker
docker build .
To build the Alpine variant :
Then according to the image type:
* for ubuntu-based images:
cd yacy_search_server/docker
docker build -f Dockerfile.alpine .
## Image variants
```
docker build -t yacy/yacy_search_server:latest -f Dockerfile ../
```
`yacy/yacy_search_server:latest`
* To build the Alpine variant:
This image is based on latest stable official Debian stable [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources.
```
docker build -t yacy/yacy_search_server:alpine-latest -f Dockerfile.alpine ../
```
`yacy/yacy_search_server:latest-alpine`
## Image variants
This image is based on latest stable official Alpine Linux [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources.
## Default admin account
* `yacy/yacy_search_server:latest`: This image is based on latest stable official Debian stable [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources.
* `yacy/yacy_search_server:latest-alpine`: This image is based on latest stable official Alpine Linux [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources.
login : admin
## Default admin account
password : docker
* login: admin
* password: yacy
You should modify this default password with page /ConfigAccounts_p.html when exposing publicly your YaCy container.
## Usage
### First start
#### Most basic
docker run yacy/yacy_search_server
docker run yacy/yacy_search_server
YaCy web interface is then exposed at http://[container_ip]:8090.
YaCy web interface is then exposed at http://[container_ip]:8090
You can retrieve the container IP address with `docker inspect`.
#### Easier to handle
docker run --name yacy -p 8090:8090 -p 8443:8443 --log-opt max-size=200m --log-opt max-file=2 yacy/yacy_search_server
docker run --name yacy -p 8090:8090 -p 8443:8443 --log-opt max-size=200m --log-opt max-file=2 yacy/yacy_search_server
##### Options detail
* --name : allow easier management of your container (without it, docker automatically generate a new name at each startup).
* -p 8090:8090 -p 8443:8443 : map host ports to YaCy container ports, allowing web interface access through the usual http://localhost:8090 and https://localhost:8443 (you can set a different mapping, for example -p 443:8443 if you prefer to use the default HTTPS port on your host)
* --log-opt max-size : limit maximum docker log file size for this container
* --log-opt max-file : limit number of docker rotated log files for this container
Note : if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days!
* --name: allow easier management of your container (without it, docker automatically generate a new name at each startup).
* -p 8090:8090 -p 8443:8443: map host ports to YaCy container ports, allowing web interface access through the usual http://localhost:8090 and https://localhost:8443 (you can set a different mapping, for example -p 443:8443 if you prefer to use the default HTTPS port on your host)
* --log-opt max-size: limit maximum docker log file size for this container
* --log-opt max-file: limit number of docker rotated log files for this container
Note: if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days!
#### Handle persistent data volume
As configured in the Dockerfile, by default yacy data (in /opt/yacy_search_server/DATA) will persist after container stop or deletion, in a volume with an automatically generated id.
But you may map a host directory to hold yacy data in container :
But you may map a host directory to hold yacy data in container:
docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA yacy/yacy_search_server
docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA yacy/yacy_search_server
Or just use a volume label to help identify it later
docker run -v yacy_volume:/opt/yacy_search_server/DATA yacy/yacy_search_server
docker run -v yacy_volume:/opt/yacy_search_server/DATA yacy/yacy_search_server
Note that you can list all docker volumes with :
Note that you can list all docker volumes with:
docker volume ls
docker volume ls
#### Start as background process
docker run -d yacy/yacy_search_server
docker run -d yacy/yacy_search_server
### HTTPS support
This images are default configured with HTTPS enabled, and use a default certificate stored in defaults/freeworldKeystore. You should use your own certificate. In order to do it, you can proceed as follow.
@ -93,89 +98,87 @@ This images are default configured with HTTPS enabled, and use a default certifi
A self-signed certificate will provide encrypted communications with your YaCy server, but browsers will still complain about an invalid security certificate with the error "SEC_ERROR_UNKNOWN_ISSUER". If it is sufficient for you, you can permanently add and exception to your browser.
This kind of certificate can be generated and added to your YaCy Docker container with the following :
This kind of certificate can be generated and added to your YaCy Docker container with the following:
keytool -keystore /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacykeystore -genkey -keyalg RSA -alias yacycert
Then edit YaCy config file. For example with the nano text editor :
keytool -keystore /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacykeystore -genkey -keyalg RSA -alias yacycert
Then edit YaCy config file. For example with the nano text editor:
nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf
nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf
And configure the keyStoreXXXX properties accordingly :
And configure the keyStoreXXXX properties accordingly:
keyStore=/opt/yacy_search_server/DATA/SETTINGS/yacykeystore
keyStorePassword=yourpassword
keyStore=/opt/yacy_search_server/DATA/SETTINGS/yacykeystore
keyStorePassword=yourpassword
#### Import an existing certificate:
Importing a certificate validated by a certification authority (CA) will ensure you have full HTTPS support with no security errors when accessing your YaCy peer. You can import an existing certificate in pkcs12 format.
First copy it to the YaCy Docker container volume :
First copy it to the YaCy Docker container volume:
cp [yourStore].pkcs12 /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/[yourStore].pkcs12
cp [yourStore].pkcs12 /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/[yourStore].pkcs12
Then edit YaCy config file. For example with the nano text editor :
Then edit YaCy config file. For example with the nano text editor:
nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf
nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf
And configure the pkcs12XXX properties accordingly :
And configure the pkcs12XXX properties accordingly:
pkcs12ImportFile=/opt/yacy_search_server/DATA/SETTINGS/[yourStore].pkcs12
pkcs12ImportPwd=yourpassword
pkcs12ImportFile=/opt/yacy_search_server/DATA/SETTINGS/[yourStore].pkcs12
pkcs12ImportPwd=yourpassword
### Next starts
#### As attached process
docker start -a yacy
docker start -a yacy
#### As background process
docker start yacy
docker start yacy
### Shutdown
* Use "Shutdown" button in administration web interface
* OR run :
* OR run:
docker exec [your_container_name] /opt/yacy_search_server/stopYACY.sh
* OR run:
docker exec [your_container_name] /opt/yacy_search_server/stopYACY.sh
* OR run :
docker stop [your_container_name]
docker stop [your_container_name]
### Upgrade
You can upgrade your YaCy container the Docker way with the following commands sequence.
Get latest Docker image :
Get latest Docker image:
docker pull yacy/yacy_search_server:latest
docker pull yacy/yacy_search_server:latest
OR
docker pull yacy/yacy_search_server:latest-alpine
Create new container based on pulled image, using volume data from old container :
docker create --name [tmp-container_name] -p 8090:8090 -p 8443:8443 --volumes-from=[container_name] --log-opt max-size=100m --log-opt max-file=2 yacy/yacy_search_server:latest
Stop old container :
docker pull yacy/yacy_search_server:latest-alpine
Create new container based on pulled image, using volume data from old container:
docker create --name [tmp-container_name] -p 8090:8090 -p 8443:8443 --volumes-from=[container_name] --log-opt max-size=100m --log-opt max-file=2 yacy/yacy_search_server:latest
docker exec [container_name] /opt/yacy_search_server/stopYACY.sh
Stop old container:
Start new container :
docker exec [container_name] /opt/yacy_search_server/stopYACY.sh
docker start [tmp-container_name]
Check everything works fine, then you can delete old container :
docker rm [container_name]
Rename new container to reuse same container name :
Start new container:
docker rename [tmp-container_name] [container_name]
docker start [tmp-container_name]
Check everything works fine, then you can delete old container:
docker rm [container_name]
Rename new container to reuse same container name:
docker rename [tmp-container_name] [container_name]
## License
View [license](https://github.com/yacy/yacy_search_server/blob/master/COPYRIGHT) information for the software contained in this image.

Write Preview
Loading…
Cancel
Save