From 062111a00374ec6be27186a5b0347c7412a47cd9 Mon Sep 17 00:00:00 2001 From: Michael Peter Christen Date: Tue, 29 Dec 2020 21:01:35 +0100 Subject: [PATCH] improved dockerfiles They do not use git pull to get the latest YaCy code. Instead they copy from local file system. --- docker/Dockerfile | 29 ++++--- docker/Dockerfile.alpine | 30 ++++--- docker/Readme.md | 173 ++++++++++++++++++++------------------- 3 files changed, 116 insertions(+), 116 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index d8f19c7d5..8e44854d7 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -15,31 +15,30 @@ RUN java -version WORKDIR /opt # All in one step to reduce image size growth : -# - install ant and git packages -# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source) +# - install ant package # - Compile with ant # - remove unnecessary and size consuming .git directory -# - remove ant and git packages +# - remove ant package -# Possible alternative : copy directly your current sources an remove git clone command from the following RUN -# COPY . /opt/yacy_search_server/ +# copy sources +COPY . /opt/yacy_search_server/ -RUN apt-get update && \ - apt-get install -yq ant git && \ - git clone https://github.com/yacy/yacy_search_server.git && \ +RUN rm -rf /opt/yacy_search_server/.git && \ + apt-get update && \ + apt-get install -yq ant && \ ant compile -f /opt/yacy_search_server/build.xml && \ - rm -rf /opt/yacy_search_server/.git && \ - apt-get purge -yq --auto-remove ant git && \ + apt-get purge -yq --auto-remove ant && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* RUN \ -# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) +# Set initial admin password: "yacy" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) # > java -classpath classes net.yacy.cora.order.Digest -strfhex "admin:The YaCy access is limited to administrators. If you don't know the password, you can change it using /bin/passwd.sh :docker" - sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init && \ -# Intially enable HTTPS : this is the most secure option for remote administrator authentication + sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:8cffbc0d66567a0987a4aba1ec46d63c" /opt/yacy_search_server/defaults/yacy.init && \ + sed -i "/adminAccountForLocalhost=/c\adminAccountForLocalhost=false" /opt/yacy_search_server/defaults/yacy.init && \ +# Intially enable HTTPS: this is the most secure option for remote administrator authentication sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init && \ -# Create user and group yacy : this user will be used to run YaCy main process +# Create user and group yacy: this user will be used to run YaCy main process adduser --system --group --no-create-home --disabled-password yacy && \ # Set ownership of yacy install directory to yacy user/group chown yacy:yacy -R /opt/yacy_search_server @@ -47,7 +46,7 @@ RUN \ # Expose HTTP and HTTPS default ports EXPOSE 8090 8443 -# Set data volume : yacy data and configuration will persist even after container stop or destruction +# Set data volume: yacy data and configuration will persist even after container stop or destruction VOLUME ["/opt/yacy_search_server/DATA"] # Next commands run as yacy as non-root user for improved security diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 15ee1993a..e0b8d9600 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -77,40 +77,38 @@ ENV PATH ${PATH}:/opt/ant/bin WORKDIR /opt # All in one step to reduce image size growth : -# - add git package -# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source) # - compile with apache ant -# - remove unnecessary and size consuming .git directory -# - delete git package and ant binary install +# - delete ant binary install -# Possible alternative : copy directly your current sources an remove git clone command from the following RUN -# COPY . /opt/yacy_search_server/ +# copy sources +COPY . /opt/yacy_search_server/ -RUN apk add --no-cache git && \ - git clone https://github.com/yacy/yacy_search_server.git && \ +RUN apk add --no-cache \ ant compile -f /opt/yacy_search_server/build.xml && \ rm -rf /opt/yacy_search_server/.git && \ - rm -rf /opt/ant && \ - apk del git + rm -rf /opt/ant RUN \ -# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) - sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init && \ -# Intially enable HTTPS : this is the most secure option for remote administrator authentication +# Set initial admin password: "yacy" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) + sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:8cffbc0d66567a0987a4aba1ec46d63c" /opt/yacy_search_server/defaults/yacy.init && \ + sed -i "/adminAccountForLocalhost=/c\adminAccountForLocalhost=false" /opt/yacy_search_server/defaults/yacy.init && \ +# Intially enable HTTPS: this is the most secure option for remote administrator authentication sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init && \ -# Create user and group yacy : this user will be used to run YaCy main process +# Create user and group yacy: this user will be used to run YaCy main process addgroup yacy && adduser -S -G yacy -H -D yacy && \ # Set ownership of yacy install directory to yacy user/group chown yacy:yacy -R /opt/yacy_search_server +RUN rm -rf /opt/yacy_search_server/DATA + # Expose HTTP and HTTPS default ports EXPOSE 8090 8443 -# Set data volume : yacy data and configuration will persist aven after container stop or destruction +# Set data volume: yacy data and configuration will persist even after container stop or destruction VOLUME ["/opt/yacy_search_server/DATA"] # Next commands run as yacy as non-root user for improved security USER yacy # Start yacy as a foreground process (-f) to display console logs and to wait for yacy process -CMD ["/bin/sh","/opt/yacy_search_server/startYACY.sh","-f"] \ No newline at end of file +CMD ["/bin/sh","/opt/yacy_search_server/startYACY.sh","-f"] diff --git a/docker/Readme.md b/docker/Readme.md index 9beb3a1ab..1fd842bed 100644 --- a/docker/Readme.md +++ b/docker/Readme.md @@ -7,84 +7,89 @@ ## Getting built image from Docker Hub - docker pull yacy/yacy_search_server - -Repository URL : (https://hub.docker.com/r/yacy/yacy_search_server/) +The repository URL is https://hub.docker.com/r/yacy/yacy_search_server/ + +* ubuntu-based: `docker pull yacy/yacy_search_server:latest` +* alpine-based: `docker pull yacy/yacy_search_server:latest-alpine` + ## Building image yourself -Using yacy_search_server/docker/Dockerfile : +Using files in 'yacy_search_server/docker/': +``` +cd yacy_search_server/docker +``` - cd yacy_search_server/docker - docker build . - -To build the Alpine variant : +Then according to the image type: +* for ubuntu-based images: - cd yacy_search_server/docker - docker build -f Dockerfile.alpine . - -## Image variants +``` +docker build -t yacy/yacy_search_server:latest -f Dockerfile ../ +``` -`yacy/yacy_search_server:latest` +* To build the Alpine variant: -This image is based on latest stable official Debian stable [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. +``` +docker build -t yacy/yacy_search_server:alpine-latest -f Dockerfile.alpine ../ +``` -`yacy/yacy_search_server:latest-alpine` +## Image variants -This image is based on latest stable official Alpine Linux [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. - -## Default admin account +* `yacy/yacy_search_server:latest`: This image is based on latest stable official Debian stable [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. +* `yacy/yacy_search_server:latest-alpine`: This image is based on latest stable official Alpine Linux [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. -login : admin +## Default admin account -password : docker +* login: admin +* password: yacy You should modify this default password with page /ConfigAccounts_p.html when exposing publicly your YaCy container. + ## Usage ### First start #### Most basic - docker run yacy/yacy_search_server + docker run yacy/yacy_search_server -YaCy web interface is then exposed at http://[container_ip]:8090. +YaCy web interface is then exposed at http://[container_ip]:8090 You can retrieve the container IP address with `docker inspect`. #### Easier to handle - docker run --name yacy -p 8090:8090 -p 8443:8443 --log-opt max-size=200m --log-opt max-file=2 yacy/yacy_search_server - + docker run --name yacy -p 8090:8090 -p 8443:8443 --log-opt max-size=200m --log-opt max-file=2 yacy/yacy_search_server + ##### Options detail - -* --name : allow easier management of your container (without it, docker automatically generate a new name at each startup). -* -p 8090:8090 -p 8443:8443 : map host ports to YaCy container ports, allowing web interface access through the usual http://localhost:8090 and https://localhost:8443 (you can set a different mapping, for example -p 443:8443 if you prefer to use the default HTTPS port on your host) -* --log-opt max-size : limit maximum docker log file size for this container -* --log-opt max-file : limit number of docker rotated log files for this container -Note : if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days! +* --name: allow easier management of your container (without it, docker automatically generate a new name at each startup). +* -p 8090:8090 -p 8443:8443: map host ports to YaCy container ports, allowing web interface access through the usual http://localhost:8090 and https://localhost:8443 (you can set a different mapping, for example -p 443:8443 if you prefer to use the default HTTPS port on your host) +* --log-opt max-size: limit maximum docker log file size for this container +* --log-opt max-file: limit number of docker rotated log files for this container + +Note: if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days! #### Handle persistent data volume As configured in the Dockerfile, by default yacy data (in /opt/yacy_search_server/DATA) will persist after container stop or deletion, in a volume with an automatically generated id. -But you may map a host directory to hold yacy data in container : +But you may map a host directory to hold yacy data in container: + + docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA yacy/yacy_search_server - docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA yacy/yacy_search_server - Or just use a volume label to help identify it later - docker run -v yacy_volume:/opt/yacy_search_server/DATA yacy/yacy_search_server + docker run -v yacy_volume:/opt/yacy_search_server/DATA yacy/yacy_search_server -Note that you can list all docker volumes with : +Note that you can list all docker volumes with: - docker volume ls + docker volume ls #### Start as background process - docker run -d yacy/yacy_search_server - + docker run -d yacy/yacy_search_server + ### HTTPS support This images are default configured with HTTPS enabled, and use a default certificate stored in defaults/freeworldKeystore. You should use your own certificate. In order to do it, you can proceed as follow. @@ -93,89 +98,87 @@ This images are default configured with HTTPS enabled, and use a default certifi A self-signed certificate will provide encrypted communications with your YaCy server, but browsers will still complain about an invalid security certificate with the error "SEC_ERROR_UNKNOWN_ISSUER". If it is sufficient for you, you can permanently add and exception to your browser. -This kind of certificate can be generated and added to your YaCy Docker container with the following : +This kind of certificate can be generated and added to your YaCy Docker container with the following: - keytool -keystore /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacykeystore -genkey -keyalg RSA -alias yacycert - -Then edit YaCy config file. For example with the nano text editor : + keytool -keystore /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacykeystore -genkey -keyalg RSA -alias yacycert + +Then edit YaCy config file. For example with the nano text editor: - nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf + nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf -And configure the keyStoreXXXX properties accordingly : +And configure the keyStoreXXXX properties accordingly: - keyStore=/opt/yacy_search_server/DATA/SETTINGS/yacykeystore - keyStorePassword=yourpassword - + keyStore=/opt/yacy_search_server/DATA/SETTINGS/yacykeystore + keyStorePassword=yourpassword + #### Import an existing certificate: Importing a certificate validated by a certification authority (CA) will ensure you have full HTTPS support with no security errors when accessing your YaCy peer. You can import an existing certificate in pkcs12 format. -First copy it to the YaCy Docker container volume : +First copy it to the YaCy Docker container volume: + + cp [yourStore].pkcs12 /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/[yourStore].pkcs12 - cp [yourStore].pkcs12 /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/[yourStore].pkcs12 - -Then edit YaCy config file. For example with the nano text editor : +Then edit YaCy config file. For example with the nano text editor: - nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf + nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf -And configure the pkcs12XXX properties accordingly : +And configure the pkcs12XXX properties accordingly: - pkcs12ImportFile=/opt/yacy_search_server/DATA/SETTINGS/[yourStore].pkcs12 - pkcs12ImportPwd=yourpassword + pkcs12ImportFile=/opt/yacy_search_server/DATA/SETTINGS/[yourStore].pkcs12 + pkcs12ImportPwd=yourpassword ### Next starts #### As attached process - docker start -a yacy - + docker start -a yacy + #### As background process - docker start yacy + docker start yacy ### Shutdown * Use "Shutdown" button in administration web interface -* OR run : +* OR run: + + docker exec [your_container_name] /opt/yacy_search_server/stopYACY.sh + +* OR run: - docker exec [your_container_name] /opt/yacy_search_server/stopYACY.sh - -* OR run : + docker stop [your_container_name] - docker stop [your_container_name] - ### Upgrade You can upgrade your YaCy container the Docker way with the following commands sequence. -Get latest Docker image : +Get latest Docker image: - docker pull yacy/yacy_search_server:latest + docker pull yacy/yacy_search_server:latest OR - docker pull yacy/yacy_search_server:latest-alpine - -Create new container based on pulled image, using volume data from old container : - - docker create --name [tmp-container_name] -p 8090:8090 -p 8443:8443 --volumes-from=[container_name] --log-opt max-size=100m --log-opt max-file=2 yacy/yacy_search_server:latest - -Stop old container : + docker pull yacy/yacy_search_server:latest-alpine + +Create new container based on pulled image, using volume data from old container: + + docker create --name [tmp-container_name] -p 8090:8090 -p 8443:8443 --volumes-from=[container_name] --log-opt max-size=100m --log-opt max-file=2 yacy/yacy_search_server:latest - docker exec [container_name] /opt/yacy_search_server/stopYACY.sh - +Stop old container: -Start new container : + docker exec [container_name] /opt/yacy_search_server/stopYACY.sh - docker start [tmp-container_name] - -Check everything works fine, then you can delete old container : - - docker rm [container_name] - -Rename new container to reuse same container name : +Start new container: - docker rename [tmp-container_name] [container_name] + docker start [tmp-container_name] + +Check everything works fine, then you can delete old container: + + docker rm [container_name] + +Rename new container to reuse same container name: + + docker rename [tmp-container_name] [container_name] ## License View [license](https://github.com/yacy/yacy_search_server/blob/master/COPYRIGHT) information for the software contained in this image. -