From 13e42c2dd27894043892a2600679cbecfba05339 Mon Sep 17 00:00:00 2001 From: Michael Peter Christen Date: Thu, 31 Dec 2020 00:02:23 +0100 Subject: [PATCH] aded dockerfiles for 32 and 64 bit ARM/Raspberry Pi --- docker/Dockerfile.aarch64 | 56 +++++++++++++++++++++++++++++++++++++++ docker/Dockerfile.armv7 | 56 +++++++++++++++++++++++++++++++++++++++ docker/Readme.md | 56 +++++++++------------------------------ 3 files changed, 124 insertions(+), 44 deletions(-) create mode 100644 docker/Dockerfile.aarch64 create mode 100644 docker/Dockerfile.armv7 diff --git a/docker/Dockerfile.aarch64 b/docker/Dockerfile.aarch64 new file mode 100644 index 000000000..b6f18a5b9 --- /dev/null +++ b/docker/Dockerfile.aarch64 @@ -0,0 +1,56 @@ +# Build a docker image from latest YaCy sources + +# Base image : latest Debian stable official jdk 8 image from Docker +FROM arm64v8/openjdk:17-buster + +# Install needed packages not in base image +# (curl for sh scripts in /bin, and wkhtmltopdf,imagemagick,xvfb and ghostscript to enable PDF and image snapshot generation) +RUN apt-get update && apt-get install -yq curl wkhtmltopdf imagemagick xvfb ghostscript && \ + rm -rf /var/lib/apt/lists/* + +# trace java version +RUN java -version + +# set current working dir +WORKDIR /opt + +# All in one step to reduce image size growth : +# - install ant package +# - Compile with ant +# - remove unnecessary and size consuming .git directory +# - remove ant package + +# copy sources +COPY . /opt/yacy_search_server/ + +RUN rm -rf /opt/yacy_search_server/.git && \ + apt-get update && \ + apt-get install -yq ant && \ + ant compile -f /opt/yacy_search_server/build.xml && \ + apt-get purge -yq --auto-remove ant && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +RUN \ +# Set initial admin password: "yacy" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) +# > java -classpath classes net.yacy.cora.order.Digest -strfhex "admin:The YaCy access is limited to administrators. If you don't know the password, you can change it using /bin/passwd.sh :docker" + sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:8cffbc0d66567a0987a4aba1ec46d63c" /opt/yacy_search_server/defaults/yacy.init && \ + sed -i "/adminAccountForLocalhost=/c\adminAccountForLocalhost=false" /opt/yacy_search_server/defaults/yacy.init && \ +# Intially enable HTTPS: this is the most secure option for remote administrator authentication + sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init && \ +# Create user and group yacy: this user will be used to run YaCy main process + adduser --system --group --no-create-home --disabled-password yacy && \ +# Set ownership of yacy install directory to yacy user/group + chown yacy:yacy -R /opt/yacy_search_server + +# Expose HTTP and HTTPS default ports +EXPOSE 8090 8443 + +# Set data volume: yacy data and configuration will persist even after container stop or destruction +VOLUME ["/opt/yacy_search_server/DATA"] + +# Next commands run as yacy as non-root user for improved security +USER yacy + +# Start yacy as a foreground process (-f) to display console logs and to wait for yacy process +CMD ["/bin/sh","/opt/yacy_search_server/startYACY.sh","-f"] diff --git a/docker/Dockerfile.armv7 b/docker/Dockerfile.armv7 new file mode 100644 index 000000000..5b02eebd0 --- /dev/null +++ b/docker/Dockerfile.armv7 @@ -0,0 +1,56 @@ +# Build a docker image from latest YaCy sources + +# Base image : latest Debian stable official jdk 8 image from Docker +FROM arm32v7/openjdk:8-jdk + +# Install needed packages not in base image +# (curl for sh scripts in /bin, and wkhtmltopdf,imagemagick,xvfb and ghostscript to enable PDF and image snapshot generation) +RUN apt-get update && apt-get install -yq curl wkhtmltopdf imagemagick xvfb ghostscript && \ + rm -rf /var/lib/apt/lists/* + +# trace java version +RUN java -version + +# set current working dir +WORKDIR /opt + +# All in one step to reduce image size growth : +# - install ant package +# - Compile with ant +# - remove unnecessary and size consuming .git directory +# - remove ant package + +# copy sources +COPY . /opt/yacy_search_server/ + +RUN rm -rf /opt/yacy_search_server/.git && \ + apt-get update && \ + apt-get install -yq ant && \ + ant compile -f /opt/yacy_search_server/build.xml && \ + apt-get purge -yq --auto-remove ant && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +RUN \ +# Set initial admin password: "yacy" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) +# > java -classpath classes net.yacy.cora.order.Digest -strfhex "admin:The YaCy access is limited to administrators. If you don't know the password, you can change it using /bin/passwd.sh :docker" + sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:8cffbc0d66567a0987a4aba1ec46d63c" /opt/yacy_search_server/defaults/yacy.init && \ + sed -i "/adminAccountForLocalhost=/c\adminAccountForLocalhost=false" /opt/yacy_search_server/defaults/yacy.init && \ +# Intially enable HTTPS: this is the most secure option for remote administrator authentication + sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init && \ +# Create user and group yacy: this user will be used to run YaCy main process + adduser --system --group --no-create-home --disabled-password yacy && \ +# Set ownership of yacy install directory to yacy user/group + chown yacy:yacy -R /opt/yacy_search_server + +# Expose HTTP and HTTPS default ports +EXPOSE 8090 8443 + +# Set data volume: yacy data and configuration will persist even after container stop or destruction +VOLUME ["/opt/yacy_search_server/DATA"] + +# Next commands run as yacy as non-root user for improved security +USER yacy + +# Start yacy as a foreground process (-f) to display console logs and to wait for yacy process +CMD ["/bin/sh","/opt/yacy_search_server/startYACY.sh","-f"] diff --git a/docker/Readme.md b/docker/Readme.md index 1fd842bed..d9a61ac8b 100644 --- a/docker/Readme.md +++ b/docker/Readme.md @@ -21,74 +21,44 @@ cd yacy_search_server/docker ``` Then according to the image type: -* for ubuntu-based images: +* `yacy/yacy_search_server:latest`: This image is based on latest stable official Debian stable [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. ``` docker build -t yacy/yacy_search_server:latest -f Dockerfile ../ ``` -* To build the Alpine variant: +* `yacy/yacy_search_server:aarch64-latest`: same as yacy/yacy_search_server:latest but based on ``` -docker build -t yacy/yacy_search_server:alpine-latest -f Dockerfile.alpine ../ +docker build -t yacy/yacy_search_server:aarch64-latest -f Dockerfile.aarch64 ../ ``` -## Image variants - -* `yacy/yacy_search_server:latest`: This image is based on latest stable official Debian stable [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. -* `yacy/yacy_search_server:latest-alpine`: This image is based on latest stable official Alpine Linux [openjdk](https://hub.docker.com/_/openjdk/) 8 image provided by Docker. Embed Yacy compiled from latest git repository sources. - -## Default admin account - -* login: admin -* password: yacy - -You should modify this default password with page /ConfigAccounts_p.html when exposing publicly your YaCy container. ## Usage -### First start +### Run the docker image -#### Most basic - docker run yacy/yacy_search_server +``` +docker run -d --name yacy -p 8090:8090 -p 8443:8443 -v yacy_data:/opt/yacy_search_server/DATA --log-opt max-size=200m --log-opt max-file=2 yacy/yacy_search_server:latest +``` YaCy web interface is then exposed at http://[container_ip]:8090 You can retrieve the container IP address with `docker inspect`. -#### Easier to handle +#### Default admin account - docker run --name yacy -p 8090:8090 -p 8443:8443 --log-opt max-size=200m --log-opt max-file=2 yacy/yacy_search_server - -##### Options detail +* login: admin +* password: yacy -* --name: allow easier management of your container (without it, docker automatically generate a new name at each startup). -* -p 8090:8090 -p 8443:8443: map host ports to YaCy container ports, allowing web interface access through the usual http://localhost:8090 and https://localhost:8443 (you can set a different mapping, for example -p 443:8443 if you prefer to use the default HTTPS port on your host) -* --log-opt max-size: limit maximum docker log file size for this container -* --log-opt max-file: limit number of docker rotated log files for this container +You should modify this default password with page /ConfigAccounts_p.html when exposing publicly your YaCy container. -Note: if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days! #### Handle persistent data volume -As configured in the Dockerfile, by default yacy data (in /opt/yacy_search_server/DATA) will persist after container stop or deletion, in a volume with an automatically generated id. - -But you may map a host directory to hold yacy data in container: - - docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA yacy/yacy_search_server - -Or just use a volume label to help identify it later - - docker run -v yacy_volume:/opt/yacy_search_server/DATA yacy/yacy_search_server - -Note that you can list all docker volumes with: - - docker volume ls - -#### Start as background process +As configured in the Dockerfile, by default yacy data (in /opt/yacy_search_server/DATA) will persist after container stop or deletion, in a volume named "yacy_data" - docker run -d yacy/yacy_search_server ### HTTPS support @@ -156,8 +126,6 @@ You can upgrade your YaCy container the Docker way with the following commands s Get latest Docker image: docker pull yacy/yacy_search_server:latest -OR - docker pull yacy/yacy_search_server:latest-alpine Create new container based on pulled image, using volume data from old container: