Commit fe05d617 authored by ale's avatar ale

Use the docker-apache2-base image as base

Remove custom apache2 config and use setup-apache.sh.
parent 78b7360d
Pipeline #931 passed with stages
in 2 minutes and 44 seconds
FROM bitnami/minideb:stretch
FROM registry.git.autistici.org/ai3/docker-apache2-base:master
COPY conf /tmp/conf
COPY build/src /var/www/webmail
......
......@@ -11,17 +11,10 @@
# removed once we're done.
BUILD_PACKAGES="rsync"
# Packages required to serve the website and run the services.
# We have to keep the python3 packages around in order to run
# chaperone (installed via pip).
# Packages required to serve the website and run the services, in
# addition to those already installed by the base apache2 image.
PACKAGES="
apache2
apache-exporter
libapache2-mod-removeip
libapache2-mod-sso
php-cli
php-fpm
php-mysql
php-gd
php-imap
......@@ -30,47 +23,29 @@ PACKAGES="
php-xml
php-zip
mysql-client
python3-pip
python3-setuptools
python3-wheel
"
# Apache modules to enable.
APACHE_MODULES_ENABLE="
headers
proxy_fcgi
removeip
rewrite
setenvif
sso
unique_id
"
# Apache modules that are enabled by default by the Debian package,
# and that we want to disable.
APACHE_MODULES_DISABLE="
access_compat
deflate
ssl
"
export APACHE_MODULES_ENABLE
# Config snippets to enable for Apache.
APACHE_CONFIG_ENABLE="
metrics
php7.0-fpm
"
# Config snippets to disable.
APACHE_CONFIG_DISABLE="
other-vhosts-access-log
serve-cgi-bin
"
export APACHE_CONFIG_ENABLE
# Sites to enable.
APACHE_SITES="
webmail
"
export APACHE_SITES
export APACHE_PORT=84
# The default bitnami/minideb image defines an 'install_packages'
# command which is just a convenient helper. Define our own in
......@@ -83,30 +58,13 @@ fi
set -e
# Install the main A/I package repository.
install_packages curl gnupg
echo "deb http://deb.autistici.org/urepo ai3/" > /etc/apt/sources.list.d/ai.list
curl -s http://deb.autistici.org/repo.key | apt-key add -
apt-get -q update
install_packages ${BUILD_PACKAGES} ${PACKAGES}
# Install the configuration, overlayed over /etc.
rsync -a /tmp/conf/ /etc/
# Enable/disable Apache modules and configs.
a2enmod -q ${APACHE_MODULES_ENABLE}
a2dismod -q -f ${APACHE_MODULES_DISABLE}
a2enconf -q ${APACHE_CONFIG_ENABLE}
a2disconf -q ${APACHE_CONFIG_DISABLE}
a2ensite ${APACHE_SITES}
# Fix Apache error logging.
sed -i -e 's@^ErrorLog.*$@ErrorLog /dev/stderr@' /etc/apache2/apache2.conf
# Create runtime directories (since we're not going to use init
# scripts or systemd units to start the services).
mkdir -p /var/run/apache2 /var/run/php
# Setup Apache.
/usr/local/bin/setup-apache.sh
# Fix runtime permissions for the Roundcube data directories.
for d in temp logs ; do
......@@ -120,12 +78,8 @@ chmod 755 /start.sh
# Create config mountpoint
mkdir -p /etc/roundcube
# Install Chaperone (minimalistic init service).
pip3 install chaperone
rm -fr /root/.cache/pip
# Remove packages used for installation.
apt-get remove -y --purge curl gnupg ${BUILD_PACKAGES}
apt-get remove -y --purge ${BUILD_PACKAGES}
apt-get autoremove -y
apt-get clean
rm -fr /var/lib/apt/lists/*
......
# Forward Prometheus scrapes to the apache-exporter.
ProxyPass /metrics http://127.0.0.1:9118/metrics
<Directory />
AllowOverride None
Require all denied
</Directory>
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header set X-Content-Type-Options: "nosniff"
<VirtualHost *:83>
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost *:84>
<VirtualHost *:${APACHE_PORT}>
ServerName ${SHARD_ID}.webmail.${DOMAIN}
......
apache2_setup.service: {
type: oneshot,
stdout: inherit,
service_groups: INIT,
process_timeout: 600,
command: "/start.sh",
}
apache2_setup.service: {
type: oneshot,
stdout: inherit,
service_groups: INIT,
process_timeout: 600,
command: "/start.sh",
}
apache2.service: {
command: "bash -c 'source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND'",
kill_signal: SIGWINCH,
exit_kills: true,
}
fpm.service: {
command: "/usr/sbin/php-fpm7.0 --force-stderr --nodaemonize",
exit_kills: true,
}
console.logging: {
selector: '*.info',
stdout: true,
}
settings: {
env_set: {
"LANG": "en_us.UTF-8",
"LC_CTYPE": "$(LANG)",
}
}
[global]
pid = /run/php/php7.0-fpm.pid
error_log = /var/log/php7.0-fpm.log
systemd_interval = 0
include=/etc/php/7.0/fpm/pool.d/*.conf
[www]
user = www-data
group = www-data
listen = /run/php/php7.0-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 10
pm.max_requests = 10000
pm.status_path = /status
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
access.log = /proc/self/fd/2
chdir = /
; Already enabled by default - do not enable twice.
; php_admin_value[opcache.enable] = 1
php_admin_value[opcache.memory_consumption] = 256
php_admin_value[opcache.interned_strings_buffer] = 16
php_admin_value[opcache.max_accelerated_files] = 4000
php_admin_value[opcache.validate_timestamps] = 0
php_admin_value[opcache.fast_shutdown] = 1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment