boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #55 from luccioman/docker

Browse Source 
Improve Docker image security, size and reliability
pull/62/head
Orbiter 9 years ago committed by GitHub
parent 82f40aefb5 fc958230c4
commit c9ec0d0311
4 changed files with 194 additions and 35 deletions
Show Stats Download Patch File Download Diff File

59
docker/Dockerfile
Unescape View File

@ -1,46 +1,49 @@
# Build a docker image from latest YaCy sources # Build a docker image from latest YaCy sources
# Base image : latest stable Debian # Base image : latest stable official jdk image from Docker (Debian based)
FROM debian:latest FROM java:latest
# Install needed packages # Install needed packages not in base image
RUN apt-get update && apt-get install -yq \ RUN apt-get update && apt-get install -yq curl
default-jdk \
default-jre-headless \ # trace java version
ant \ RUN java -version
git
# set current working dir # set current working dir
WORKDIR /opt WORKDIR /opt
# clone main YaCy git repository (we need to clone git repository to generate correct version when building from source) # All in one step to reduce image size growth :
RUN git clone https://github.com/yacy/yacy_search_server.git # - install ant and git packages
# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source)
# - Compile with ant
# - remove unnecessary and size consuming .git directory
# - remove ant and git packages
RUN apt-get update && \
apt-get install -yq ant git && \
git clone https://github.com/yacy/yacy_search_server.git && \
ant compile -f /opt/yacy_search_server/build.xml && \
rm -rf /opt/yacy_search_server/.git && \
apt-get purge -yq --auto-remove ant git && \
apt-get clean
# trace content of source directory
RUN ls -la /opt/yacy_search_server
# set current working dir
WORKDIR /opt/yacy_search_server
# Compile with ant
RUN ant compile
# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex()) # Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex())
RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init
# make some cleaning to reduce image size # Create user and group yacy : this user will be used to run YaCy main process
RUN rm -rf .git \ RUN adduser --system --group --no-create-home --disabled-password yacy
&& apt-get purge -yq --auto-remove \
default-jdk \ # Set ownership of yacy install directory to yacy user/group
ant \ RUN chown yacy:yacy -R /opt/yacy_search_server
git \
&& apt-get clean
# Expose port 8090 # Expose port 8090
EXPOSE 8090 EXPOSE 8090
# Set data volume : can be used to persist yacy data and configuration # Set data volume : yacy data and configuration will persist aven after container stop or destruction
VOLUME ["/opt/yacy_search_server/DATA"] VOLUME ["/opt/yacy_search_server/DATA"]
# Start yacy ind debug mode (-d) to display console logs and to wait for yacy process # Next commands run as yacy as non-root user for improved security
USER yacy
# Start yacy in debug mode (-d) to display console logs and to wait for yacy process
CMD sh /opt/yacy_search_server/startYACY.sh -d CMD sh /opt/yacy_search_server/startYACY.sh -d

81
docker/Dockerfile.alpine
Unescape View File

@ -0,0 +1,81 @@
# Build a docker image from latest YaCy sources on Alpine Linux
# Base image : latest stable official jdk image from Docker based on Alpine Linux
FROM java:alpine
# trace java version
RUN java -version
# Install needed packages not in base image
RUN apk update && \
apk add --no-cache curl
# set current working dir
WORKDIR /tmp
# --- Begin of apache ant install : from binary distribution because ant is not in alpine packages
# set ant version once in a environment variable
ENV ANT_VERSION 1.9.7
# All in one step to reduce image size growth :
# - add gnupg package
# - get ant binary file from a mirror and PGP file signature from main repository
# - import gpg keys from main repository and verify binary file signature
# - extract binary, make /opt directory, move extracted ant to /opt/ant
# - remove archive and gnupg package
RUN apk update && \
apk add --no-cache gnupg && \
curl -fSL http://www.eu.apache.org/dist//ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz -o apache-ant-${ANT_VERSION}-bin.tar.gz && \
curl -fSL https://www.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz.asc -o apache-ant-${ANT_VERSION}-bin.tar.gz.asc && \
curl -fSL https://www.apache.org/dist/ant/KEYS | gpg --import && \
gpg --verify apache-ant-${ANT_VERSION}-bin.tar.gz.asc && \
tar xzf apache-ant-${ANT_VERSION}-bin.tar.gz && \
mkdir /opt && \
mv apache-ant-${ANT_VERSION} /opt/ant && \
rm -f apache-ant-${ANT_VERSION}-bin.tar.gz && \
apk del gnupg
# set ant required environment variables
ENV ANT_HOME /opt/ant
ENV PATH ${PATH}:/opt/ant/bin
# --- End of apache ant install
# set current working dir
WORKDIR /opt
# All in one step to reduce image size growth :
# - add git package
# - clone main YaCy git repository (we need to clone git repository to generate correct version when building from source)
# - compile with apache ant
# - remove unnecessary and size consuming .git directory
# - delete git package and ant binary install
RUN apk update && \
apk add --no-cache git && \
git clone https://github.com/yacy/yacy_search_server.git && \
ant compile -f /opt/yacy_search_server/build.xml && \
rm -rf /opt/yacy_search_server/.git && \
rm -rf /opt/ant && \
apk del git
# Set initial admin password : "docker" (encoded with custom yacy md5 function net.yacy.cora.order.Digest.encodeMD5Hex())
RUN sed -i "/adminAccountBase64MD5=/c\adminAccountBase64MD5=MD5:e672161ffdce91be4678605f4f4e6786" /opt/yacy_search_server/defaults/yacy.init
# Create user and group yacy : this user will be used to run YaCy main process
RUN addgroup yacy && adduser -S -G yacy -H -D yacy
# Set ownership of yacy install directory to yacy user/group
RUN chown yacy:yacy -R /opt/yacy_search_server
# Expose port 8090
EXPOSE 8090
# Set data volume : yacy data and configuration will persist aven after container stop or destruction
VOLUME ["/opt/yacy_search_server/DATA"]
# Next commands run as yacy as non-root user for improved security
USER yacy
# Start yacy in debug mode (-d) to display console logs and to wait for yacy process
CMD sh /opt/yacy_search_server/startYACY.sh -d

82
docker/Readme.md
Unescape View File

@ -2,6 +2,11 @@
[![Deploy to Docker Cloud](https://files.cloud.docker.com/images/deploy-to-dockercloud.svg)](https://cloud.docker.com/stack/deploy/?repo=https://github.com/luccioman/yacy_search_server/tree/docker/docker) [![Deploy to Docker Cloud](https://files.cloud.docker.com/images/deploy-to-dockercloud.svg)](https://cloud.docker.com/stack/deploy/?repo=https://github.com/luccioman/yacy_search_server/tree/docker/docker)
## Supported tags and respective Dockerfiles
* latest (Dockerfile)
* lastet-alpine (Dockerfile.alpine)
## Getting built image from Docker Hub ## Getting built image from Docker Hub
docker pull luccioman/yacy docker pull luccioman/yacy
@ -15,6 +20,16 @@ Using yacy_search_server/docker/Dockerfile :
cd yacy_search_server/docker cd yacy_search_server/docker
docker build . docker build .
## Image variants
`luccioman/yacy:latest`
This image is based on latest stable official Debian [java](https://hub.docker.com/_/java/) image provided by Docker. Embed Yacy compiled from latest git repository sources.
`luccioman/yacy:latest-alpine`
This image is based on latest stable official Alpine Linux [java](https://hub.docker.com/_/java/) image provided by Docker. Embed Yacy compiled from latest git repository sources.
## Default admin account ## Default admin account
login : admin login : admin
@ -36,17 +51,32 @@ You can retrieve the container IP address with `docker inspect`.
#### Easier to handle #### Easier to handle
docker run --name yacy -p 8090:8090 luccioman/yacy docker run --name yacy -p 8090:8090 --log-opt max-size=100m --log-opt max-file=2 luccioman/yacy
##### Options detail
* --name : allow easier management of your container (without it, docker automatically generate a new name at each startup).
* -p : map host port and container port, allowing web interface access through the usual http://localhost:8090.
* --log-opt max-size : limit maximum docker log file size for this container
* --log-opt max-file : limit number of docker rotated log files for this container
Note : if you do not specify the log related options, when running a YaCy container 24hour a day with default log level, your Docker container log file will grow up to some giga bytes in a few days!
#### Handle persistent data volume
As configured in the Dockerfile, by default yacy data (in /opt/yacy_search_server/DATA) will persist after container stop or deletion, in a volume with an automatically generated id.
But you may map a host directory to hold yacy data in container :
docker run -v [/your_host/data/directory]:/opt/yacy_search_server/DATA luccioman/yacy
--name option allow easier management of your container (without it, docker automatically generate a new name at each startup). Or just use a volume label to help identify it later
-p option map host port and container port, allowing web interface access through the usual http://localhost:8090. docker run -v yacy_volume:/opt/yacy_search_server/DATA luccioman/yacy
#### With persistent data volume Note that you can list all docker volumes with :
docker run -v [your_host/data/directory]:/opt/yacy_search_server/DATA luccioman/yacy docker volume ls
This allow your container to reuse a data directory form the host.
#### As background process #### As background process
@ -65,3 +95,41 @@ This allow your container to reuse a data directory form the host.
### Shutdown ### Shutdown
* Use "Shutdown" button in administration web interface * Use "Shutdown" button in administration web interface
* OR run :
docker exec [your_container_name] /opt/yacy_search_server/stopYACY.sh
### Upgrade
You can upgrade your YaCy container the Docker way with the following commands sequence.
Get latest Docker image :
docker pull luccioman/yacy:latest
OR
docker pull luccioman/yacy:latest-alpine
Create new container based on pulled image, using volume data from old container :
docker create --name [tmp-container_name] -p 8090:8090 --volumes-from=[container_name] luccioman/yacy:latest
Stop old container :
docker exec [container_name] /opt/yacy_search_server/stopYACY.sh
Start new container :
docker start [tmp-container_name]
Check everything works fine, then you can delete old container :
docker rm [container_name]
Rename new container to reuse same container name :
docker rename [tmp-container_name] [container_name]
## License
View [license](https://github.com/yacy/yacy_search_server/blob/master/COPYRIGHT) information for the software contained in this image.

7
readme.mediawiki
Unescape View File

@ -99,6 +99,13 @@ http://<remote-server-address>:8090/ConfigAccounts_p.html
and set an administration account. and set an administration account.
== CAN I RUN YACY IN A VIRTUAL MACHINE OR A CONTAINER ==
YaCy runs fine in virtual machines managed by software such as VirtualBox or VMware.
Container technology may be more flexible and lightweight and also works fine with YaCy.
More details for YaCy with Docker [[docker/Readme.md|here]].
== PORT 8090 IS BAD, PEOPLE ARE NOT ALLOWED TO ACCESS THAT PORT == == PORT 8090 IS BAD, PEOPLE ARE NOT ALLOWED TO ACCESS THAT PORT ==
You can forward port 80 to 8090 with iptables: You can forward port 80 to 8090 with iptables:

Write Preview
Loading…
Cancel
Save