* [PATCH a001 v1 1/7] Use nginx from Ubuntu for simplicity
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 2/7] start.sh: Add vmail storage directory Ammar Faizi
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
Using custom nginx package has different directory structures. It
confuses me when migrating the old data to this new docker container.
Just use the nginx that Ubuntu provides.
Signed-off-by: Ammar Faizi <[email protected]>
---
Dockerfile | 20 +++++++-------------
apt-sources/nginx.list | 2 --
2 files changed, 7 insertions(+), 15 deletions(-)
delete mode 100644 apt-sources/nginx.list
diff --git a/Dockerfile b/Dockerfile
index 92d79f31f3f888e9..721ef4de494e186e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,10 @@ ARG DEBIAN_FRONTEND=noninteractive
RUN yes | unminimize
# Install base packages
-RUN apt-get update && apt-get -y --no-install-recommends install ca-certificates gnupg htop ncurses-term vim software-properties-common sudo wget net-tools rsyslog
+RUN apt-get update && apt-get -y --no-install-recommends install \
+ ca-certificates gnupg htop ncurses-term vim \
+ software-properties-common sudo wget net-tools rsyslog \
+ openssh-server nginx mysql-server
# Change root password, and create main user
RUN echo "root:${rootPassword}" | chpasswd \
@@ -21,17 +24,6 @@ RUN echo "root:${rootPassword}" | chpasswd \
&& usermod -aG sudo ${mainUser} \
&& sed -i /etc/sudoers -re '/%sudo ALL=(ALL:ALL) ALL/s/^#//g'
-# Copy additional apt sources
-COPY apt-sources/* /etc/apt/sources.list.d
-
-# Install server components
-RUN apt-key adv --fetch-keys https://nginx.org/keys/nginx_signing.key \
- && apt-get update \
- && apt-get -y --no-install-recommends install openssh-server nginx mysql-server
-
-# Mark port 48589/tcp is to be exposed
-EXPOSE 48589/tcp 25/tcp 25/tcp 465/tcp 587/tcp 143/tcp 993/tcp
-
# Apply SSH config and add public keys
COPY etc/ssh/sshd_config /etc/ssh/sshd_config
RUN rm -rf /root/.ssh /home/${mainUser}/.ssh
@@ -45,7 +37,9 @@ RUN chown -R root:root /root/.ssh \
# Mailserver
RUN apt update \
- && apt -y --no-install-recommends install postfix postfix-mysql postfix-policyd-spf-python dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql opendkim opendmarc
+ && apt -y --no-install-recommends install postfix postfix-mysql \
+ postfix-policyd-spf-python dovecot-core dovecot-imapd \
+ dovecot-lmtpd dovecot-mysql opendkim opendmarc
COPY mailserver /root/mailserver
RUN --mount=type=secret,required=true,id=config /root/mailserver/setup.sh
diff --git a/apt-sources/nginx.list b/apt-sources/nginx.list
deleted file mode 100644
index 4ae2224978c48157..0000000000000000
--- a/apt-sources/nginx.list
+++ /dev/null
@@ -1,2 +0,0 @@
-deb https://nginx.org/packages/ubuntu/ focal nginx
-deb-src https://nginx.org/packages/ubuntu/ focal nginx
\ No newline at end of file
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH a001 v1 2/7] start.sh: Add vmail storage directory
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 1/7] Use nginx from Ubuntu for simplicity Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 3/7] Dockerfile: Upgrade the Ubuntu version to 22.04 (jammy) Ammar Faizi
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
vmail will contain the mailbox data for each user. It should be mounted
from the host to make the backup process easy and won't be destroyed
when the container is dead.
Signed-off-by: Ammar Faizi <[email protected]>
---
start.sh | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/start.sh b/start.sh
index 706c3626f4a22a95..70e72b629a4d6e84 100755
--- a/start.sh
+++ b/start.sh
@@ -5,16 +5,19 @@ HOSTNAME="gnuweeb.org";
CONTAINER_NAME="server-a001-ct";
MYSQL_DATA_DIR="./storage/mysql_data";
KEYS_DIR="./storage/keys";
+VMAIL_DIR="./storage/vmail";
SSL_KEYS_DIR="./storage/ssl";
DKIM_KEYS_DIR="./storage/dkim";
-mkdir -pv "$MYSQL_DATA_DIR";
+mkdir -pv "${MYSQL_DATA_DIR}";
mkdir -pv "${KEYS_DIR}/ssl";
mkdir -pv "${KEYS_DIR}/dkim";
+mkdir -pv "${VMAIL_DIR}";
MYSQL_DATA_DIR="$(readlink -e "${MYSQL_DATA_DIR}")";
KEYS_DIR="$(readlink -e "${KEYS_DIR}")";
+VMAIL_DIR="$(readlink -e ${VMAIL_DIR})";
CMD="$1";
@@ -30,6 +33,7 @@ if [[ "${CMD}" == "run" ]]; then
--hostname "${HOSTNAME}" \
--mount "type=volume,dst=/var/keys,volume-driver=local,volume-opt=type=none,volume-opt=o=bind,volume-opt=device=${KEYS_DIR}" \
--mount "type=volume,dst=/var/lib/mysql,volume-driver=local,volume-opt=type=none,volume-opt=o=bind,volume-opt=device=${MYSQL_DATA_DIR}" \
+ --mount "type=volume,dst=/var/vmail,volume-driver=local,volume-opt=type=none,volume-opt=o=bind,volume-opt=device=${VMAIL_DIR}" \
--tty \
--interactive \
--detach \
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH a001 v1 3/7] Dockerfile: Upgrade the Ubuntu version to 22.04 (jammy)
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 1/7] Use nginx from Ubuntu for simplicity Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 2/7] start.sh: Add vmail storage directory Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 4/7] Dockerfile: Set the default main user to "ubuntu" Ammar Faizi
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
Ubuntu 22.04 (jammy) has been released, upgrade the base image.
Signed-off-by: Ammar Faizi <[email protected]>
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 721ef4de494e186e..b54745737a6c24ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal as base
+FROM ubuntu:jammy as base
# Build args
ARG rootPassword=somerootpassword
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH a001 v1 4/7] Dockerfile: Set the default main user to "ubuntu"
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
` (2 preceding siblings ...)
2023-03-29 7:59 ` [PATCH a001 v1 3/7] Dockerfile: Upgrade the Ubuntu version to 22.04 (jammy) Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 5/7] Add an installer script Ammar Faizi
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
The usual main user name on a ubuntu server is "ubuntu". Adjust it to
that.
Signed-off-by: Ammar Faizi <[email protected]>
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index b54745737a6c24ff..7bc54e0afb43d8ce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM ubuntu:jammy as base
# Build args
ARG rootPassword=somerootpassword
-ARG mainUser=user
+ARG mainUser=ubuntu
ARG mainUserPassword=someuserpassword
# Tell apt that DEBIAN_FRONTEND is noninteractive
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH a001 v1 5/7] Add an installer script
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
` (3 preceding siblings ...)
2023-03-29 7:59 ` [PATCH a001 v1 4/7] Dockerfile: Set the default main user to "ubuntu" Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 6/7] Create a simple init program Ammar Faizi
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
To simplify the docker image installation.
Signed-off-by: Ammar Faizi <[email protected]>
---
install.sh | 4 ++++
1 file changed, 4 insertions(+)
create mode 100755 install.sh
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000000000000..652861d263a698dc
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+set -e;
+DOCKER_BUILDKIT=1 docker build --secret id=config -t server-a001 .;
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH a001 v1 6/7] Create a simple init program
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
` (4 preceding siblings ...)
2023-03-29 7:59 ` [PATCH a001 v1 5/7] Add an installer script Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 7:59 ` [PATCH a001 v1 7/7] docker-entrypoint: Properly set directory ownership and mode Ammar Faizi
2023-03-29 19:36 ` [PATCH a001 v1 0/7] server-a001 updates Alviro Iskandar Setiawan
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
Using "tail -f /dev/null" as the init program is wrong because it
doesn't handle the SIGCHLD signal, resulting many zombie processes like
these:
Zs 08:30 0:00 [master] <defunct>
Z 08:30 0:00 [qmgr] <defunct>
Zs 08:30 0:00 [dovecot] <defunct>
Z 08:30 0:00 [anvil] <defunct>
Z 08:30 0:00 [log] <defunct>
Z 08:30 0:00 [config] <defunct>
Z 08:30 0:00 [tlsmgr] <defunct>
Z 08:30 0:00 [stats] <defunct>
Z 08:33 0:00 [imap-login] <defunct>
Z 08:33 0:00 [imap] <defunct>
Z 08:33 0:00 [imap-login] <defunct>
Z 08:33 0:00 [imap] <defunct>
Z 08:39 0:01 [imap-login] <defunct>
Z 08:39 0:03 [imap] <defunct>
Z 11:50 0:00 [pickup] <defunct>
Zs 12:31 0:00 [dovecot] <defunct>
Z 12:31 0:00 [anvil] <defunct>
Z 12:31 0:00 [log] <defunct>
Z 12:31 0:00 [config] <defunct>
Z 12:31 0:00 [imap-login] <defunct>
Z 12:31 0:00 [stats] <defunct>
Z 12:31 0:00 [imap] <defunct>
Create a simple init program that ignores SIGCHLD so that the zombie
processes are gone.
Signed-off-by: Ammar Faizi <[email protected]>
---
.gitignore | 1 +
Dockerfile | 5 +++--
init.c | 15 +++++++++++++++
install.sh | 1 +
4 files changed, 20 insertions(+), 2 deletions(-)
create mode 100644 init.c
diff --git a/.gitignore b/.gitignore
index 50cf6dedd170238f..bceb5ce4098add1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/config
+/init
diff --git a/Dockerfile b/Dockerfile
index 7bc54e0afb43d8ce..3492aa0408b7b5a3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,10 +41,11 @@ RUN apt update \
postfix-policyd-spf-python dovecot-core dovecot-imapd \
dovecot-lmtpd dovecot-mysql opendkim opendmarc
+COPY init /bin/gwinitd
COPY mailserver /root/mailserver
RUN --mount=type=secret,required=true,id=config /root/mailserver/setup.sh
-
+RUN chmod -v +x /bin/gwinitd
COPY docker-entrypoint.sh /
ENTRYPOINT [ "/docker-entrypoint.sh" ]
-CMD [ "tail", "-f", "/dev/null" ]
+CMD [ "/bin/gwinitd" ]
diff --git a/init.c b/init.c
new file mode 100644
index 0000000000000000..adc67275dd3414c0
--- /dev/null
+++ b/init.c
@@ -0,0 +1,15 @@
+#include <signal.h>
+#include <unistd.h>
+
+int main(void)
+{
+ struct sigaction a = { .sa_handler = SIG_IGN };
+
+ if (sigaction(SIGCHLD, &a, NULL) < 0)
+ return 1;
+
+ while (1)
+ sleep(1000000);
+
+ return 0;
+}
diff --git a/install.sh b/install.sh
index 652861d263a698dc..dea60516f2e27512 100755
--- a/install.sh
+++ b/install.sh
@@ -1,4 +1,5 @@
#!/bin/bash
set -e;
+gcc -Wall -Wextra -Os init.c -o init;
DOCKER_BUILDKIT=1 docker build --secret id=config -t server-a001 .;
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH a001 v1 7/7] docker-entrypoint: Properly set directory ownership and mode
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
` (5 preceding siblings ...)
2023-03-29 7:59 ` [PATCH a001 v1 6/7] Create a simple init program Ammar Faizi
@ 2023-03-29 7:59 ` Ammar Faizi
2023-03-29 19:36 ` [PATCH a001 v1 0/7] server-a001 updates Alviro Iskandar Setiawan
7 siblings, 0 replies; 9+ messages in thread
From: Ammar Faizi @ 2023-03-29 7:59 UTC (permalink / raw)
To: GNU/Weeb Mailing List
Cc: Muhamad Hazmi Alfarizqi, Muhamad Hazmi Alfarizqi,
Alviro Iskandar Setiawan, Arthur Lapz, Ammar Faizi
When the container is restarted, the ownership and mode of the mounted
directories might have changed. Ensure we correct them properly at
initialization. While in there, also change "service rsyslog start" with
directly invoke "/usr/sbin/rsyslogd". Using Ubuntu 22.04 can't start it
using service:
# service rsyslog start
rsyslog: unrecognized service
Signed-off-by: Ammar Faizi <[email protected]>
---
docker-entrypoint.sh | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index d741061731ecc64f..963e249bc601102b 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -2,11 +2,20 @@
chown -v root:root /var/keys
-service rsyslog start
+chown -R opendkim:opendkim /var/keys/dkim
+chmod -R 700 /var/keys/dkim
+
+chown -R vmail:vmail /var/vmail
+chmod -R u+rw,g+rw,o= /var/vmail
+
+chown -R mysql:mysql /var/lib/mysql
+chmod -R u+rw,g+rw,o= /var/lib/mysql
+
+/usr/sbin/rsyslogd
+
service ssh start
-service nginx start
service mysql start
-
+service nginx start
service postfix start
service dovecot start
service opendkim start
--
Ammar Faizi
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH a001 v1 0/7] server-a001 updates
2023-03-29 7:59 [PATCH a001 v1 0/7] server-a001 updates Ammar Faizi
` (6 preceding siblings ...)
2023-03-29 7:59 ` [PATCH a001 v1 7/7] docker-entrypoint: Properly set directory ownership and mode Ammar Faizi
@ 2023-03-29 19:36 ` Alviro Iskandar Setiawan
7 siblings, 0 replies; 9+ messages in thread
From: Alviro Iskandar Setiawan @ 2023-03-29 19:36 UTC (permalink / raw)
To: Ammar Faizi
Cc: GNU/Weeb Mailing List, Muhamad Hazmi Alfarizqi,
Muhamad Hazmi Alfarizqi, Arthur Lapz
On Wed, Mar 29, 2023 at 2:59 PM Ammar Faizi wrote:
> Ammar Faizi (7):
> Use nginx from Ubuntu for simplicity
> start.sh: Add vmail storage directory
> Dockerfile: Upgrade the Ubuntu version to 22.04 (jammy)
> Dockerfile: Set the default main user to "ubuntu"
> Add an installer script
> Create a simple init program
> docker-entrypoint: Properly set directory ownership and mode
Acked-by: Alviro Iskandar Setiawan <[email protected]>
^ permalink raw reply [flat|nested] 9+ messages in thread