diff --git a/docker/Dockerfile b/docker/Dockerfile index 35102e4d6..401d1f1d0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -18,6 +18,10 @@ WORKDIR /opt # - Compile with ant # - remove unnecessary and size consuming .git directory # - remove ant and git packages + +# Possible alternative : copy directly your current sources an remove git clone command from the following RUN +# COPY . /opt/yacy_search_server/ + RUN apt-get update && \ apt-get install -yq ant git && \ git clone https://github.com/yacy/yacy_search_server.git && \ @@ -30,14 +34,17 @@ RUN apt-get update && \ # Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init +# Intially enable HTTPS : this is the most secure option for remote administrator authentication +RUN sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init + # Create user and group yacy : this user will be used to run YaCy main process RUN adduser --system --group --no-create-home --disabled-password yacy # Set ownership of yacy install directory to yacy user/group RUN chown yacy:yacy -R /opt/yacy_search_server -# Expose port 8090 -EXPOSE 8090 +# Expose HTTP and HTTPS default ports +EXPOSE 8090 8443 # Set data volume : yacy data and configuration will persist aven after container stop or destruction VOLUME ["/opt/yacy_search_server/DATA"] diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 497dd70ed..77134f222 100755 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -51,6 +51,10 @@ WORKDIR /opt # - compile with apache ant # - remove unnecessary and size consuming .git directory # - delete git package and ant binary install + +# Possible alternative : copy directly your current sources an remove git clone command from the following RUN +# COPY . /opt/yacy_search_server/ + RUN apk update && \ apk add --no-cache git && \ git clone https://github.com/yacy/yacy_search_server.git && \ @@ -62,14 +66,17 @@ RUN apk update && \ # Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init +# Intially enable HTTPS : this is the most secure option for remote administrator authentication +RUN sed -i "/server.https=false/c\server.https=true" /opt/yacy_search_server/defaults/yacy.init + # Create user and group yacy : this user will be used to run YaCy main process RUN addgroup yacy && adduser -S -G yacy -H -D yacy # Set ownership of yacy install directory to yacy user/group RUN chown yacy:yacy -R /opt/yacy_search_server -# Expose port 8090 -EXPOSE 8090 +# Expose HTTP and HTTPS default ports +EXPOSE 8090 8443 # Set data volume : yacy data and configuration will persist aven after container stop or destruction VOLUME ["/opt/yacy_search_server/DATA"] diff --git a/docker/Readme.md b/docker/Readme.md index 0ff35757f..9c9d7c07e 100755 --- a/docker/Readme.md +++ b/docker/Readme.md @@ -18,6 +18,11 @@ Using yacy_search_server/docker/Dockerfile : cd yacy_search_server/docker docker build . +To build the Alpine variant : + + cd yacy_search_server/docker + docker build -f Dockerfile.alpine . + ## Image variants `luccioman/yacy:latest` @@ -49,12 +54,12 @@ You can retrieve the container IP address with `docker inspect`. #### Easier to handle - docker run --name yacy -p 8090:8090 --log-opt max-size=100m --log-opt max-file=2 luccioman/yacy + docker run --name yacy -p 8090:8090 -p 8443:8443 --log-opt max-size=200m --log-opt max-file=2 luccioman/yacy ##### Options detail * --name : allow easier management of your container (without it, docker automatically generate a new name at each startup). -* -p : map host port and container port, allowing web interface access through the usual http://localhost:8090. +* -p 8090:8090 -p 8443:8443 : map host ports to YaCy container ports, allowing web interface access through the usual http://localhost:8090 and https://localhost:8443 (you can set a different mapping, for example -p 443:8443 if you prefer to use the default HTTPS port on your host) * --log-opt max-size : limit maximum docker log file size for this container * --log-opt max-file : limit number of docker rotated log files for this container @@ -76,9 +81,47 @@ Note that you can list all docker volumes with : docker volume ls -#### As background process +#### Start as background process docker run -d luccioman/yacy + +### HTTPS support + +This images are default configured with HTTPS enabled, and use a default certificate stored in defaults/freeworldKeystore. You should use your own certificate. In order to do it, you can proceed as follow. + +#### Self-signed certificate + +A self-signed certificate will provide encrypted communications with your YaCy server, but browsers will still complain about an invalid security certificate with the error "SEC_ERROR_UNKNOWN_ISSUER". If it is sufficient for you, you can permanently add and exception to your browser. + +This kind of certificate can be generated and added to your YaCy Docker container with the following : + + keytool -keystore /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacykeystore -genkey -keyalg RSA -alias yacycert + +Then edit YaCy config file. For example with the nano text editor : + + nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf + +And configure the keyStoreXXXX properties accordingly : + + keyStore=/opt/yacy_search_server/DATA/SETTINGS/yacykeystore + keyStorePassword=yourpassword + +#### Import an existing certificate: + +Importing a certificate validated by a certification authority (CA) will ensure you have full HTTPS support with no security errors when accessing your YaCy peer. You can import an existing certificate in pkcs12 format. + +First copy it to the YaCy Docker container volume : + + cp [yourStore].pkcs12 /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/[yourStore].pkcs12 + +Then edit YaCy config file. For example with the nano text editor : + + nano /var/lib/docker/volumes/[your_yacy_volume]/_data/SETTINGS/yacy.conf + +And configure the pkcs12XXX properties accordingly : + + pkcs12ImportFile=/opt/yacy_search_server/DATA/SETTINGS/[yourStore].pkcs12 + pkcs12ImportPwd=yourpassword ### Next starts @@ -109,7 +152,7 @@ OR Create new container based on pulled image, using volume data from old container : - docker create --name [tmp-container_name] -p 8090:8090 --volumes-from=[container_name] --log-opt max-size=100m --log-opt max-file=2 luccioman/yacy:latest + docker create --name [tmp-container_name] -p 8090:8090 -p 8443:8443 --volumes-from=[container_name] --log-opt max-size=100m --log-opt max-file=2 luccioman/yacy:latest Stop old container : diff --git a/docker/docker-cloud.yml b/docker/docker-cloud.yml index 24a09a69b..97e965bd7 100644 --- a/docker/docker-cloud.yml +++ b/docker/docker-cloud.yml @@ -2,5 +2,6 @@ yacy: image: 'luccioman/yacy:latest' ports: - '8090:8090' + - '8443:8443' restart: on-failure autoredeploy: true \ No newline at end of file