From ecbc55f318af984c2fdba70c3aadc7cbced8107c Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 24 Feb 2023 18:31:46 +1000 Subject: [PATCH] Updated to latest s6-overlay --- docker/Dockerfile | 2 +- docker/dev/Dockerfile | 9 +-- docker/rootfs/etc/cont-finish.d/.gitignore | 2 - docker/rootfs/etc/cont-init.d/10-nginx | 18 ------ docker/rootfs/etc/cont-init.d/20-adduser | 33 ---------- docker/rootfs/etc/fix-attrs.d/.gitignore | 2 - .../s6-rc.d/backend/dependencies.d/prepare | 0 .../s6-rc.d}/backend/run | 16 ++--- .../etc/s6-overlay/s6-rc.d/backend/type | 1 + .../s6-rc.d/frontend/dependencies.d/prepare | 0 .../s6-rc.d}/frontend/run | 5 +- .../etc/s6-overlay/s6-rc.d/frontend/type | 1 + .../s6-rc.d/nginx/dependencies.d/prepare | 0 .../rootfs/etc/s6-overlay/s6-rc.d/nginx/run | 5 ++ .../rootfs/etc/s6-overlay/s6-rc.d/nginx/type | 1 + .../s6-rc.d/prepare/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/prepare/script.sh | 61 +++++++++++++++++++ .../etc/s6-overlay/s6-rc.d/prepare/type | 1 + .../rootfs/etc/s6-overlay/s6-rc.d/prepare/up | 1 + .../s6-rc.d/user/contents.d/backend | 0 .../s6-rc.d/user/contents.d/frontend | 0 .../s6-overlay/s6-rc.d/user/contents.d/nginx | 0 .../s6-rc.d/user/contents.d/prepare | 0 docker/rootfs/etc/services.d/backend/finish | 5 -- docker/rootfs/etc/services.d/frontend/finish | 5 -- docker/rootfs/etc/services.d/nginx/finish | 6 -- docker/rootfs/etc/services.d/nginx/run | 3 - scripts/install-s6 | 15 +++-- 28 files changed, 94 insertions(+), 98 deletions(-) delete mode 100644 docker/rootfs/etc/cont-finish.d/.gitignore delete mode 100755 docker/rootfs/etc/cont-init.d/10-nginx delete mode 100755 docker/rootfs/etc/cont-init.d/20-adduser delete mode 100644 docker/rootfs/etc/fix-attrs.d/.gitignore create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare rename docker/rootfs/etc/{services.d => s6-overlay/s6-rc.d}/backend/run (53%) create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare rename docker/rootfs/etc/{services.d => s6-overlay/s6-rc.d}/frontend/run (74%) create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare create mode 100755 docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base create mode 100755 docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx create mode 100644 docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare delete mode 100755 docker/rootfs/etc/services.d/backend/finish delete mode 100755 docker/rootfs/etc/services.d/frontend/finish delete mode 100755 docker/rootfs/etc/services.d/nginx/finish delete mode 100755 docker/rootfs/etc/services.d/nginx/run diff --git a/docker/Dockerfile b/docker/Dockerfile index 3a0c7b4..f08fb51 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -44,7 +44,7 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager # These acmesh vars are defined in the base image ENV SUPPRESS_NO_CONFIG_WARNING=1 \ - S6_FIX_ATTRS_HIDDEN=1 \ + S6_LOGGING=0 \ ACMESH_CONFIG_HOME=/data/.acme.sh/config \ ACMESH_HOME=/data/.acme.sh \ CERT_HOME=/data/.acme.sh/certs \ diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index fa8fa9f..7f34a7e 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -12,7 +12,6 @@ ENV GOPROXY=$GOPROXY \ GOPRIVATE=$GOPRIVATE \ S6_LOGGING=0 \ SUPPRESS_NO_CONFIG_WARNING=1 \ - S6_FIX_ATTRS_HIDDEN=1 \ ACMESH_CONFIG_HOME=/data/.acme.sh/config \ ACMESH_HOME=/data/.acme.sh \ CERT_HOME=/data/.acme.sh/certs \ @@ -35,12 +34,14 @@ RUN cd /usr \ && curl -sL https://taskfile.dev/install.sh | sh \ && cd /root -COPY rootfs / +COPY docker/rootfs / RUN rm -f /etc/nginx/conf.d/production.conf # s6 overlay -RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \ - && tar -xzf /tmp/s6-overlay-amd64.tar.gz -C / +COPY scripts/install-s6 /tmp/install-s6 +RUN /tmp/install-s6 && rm -rf /tmp/* +#RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \ +# && tar -xzf /tmp/s6-overlay-amd64.tar.gz -C / # Fix for golang dev: RUN chown -R 1000:1000 /opt/go diff --git a/docker/rootfs/etc/cont-finish.d/.gitignore b/docker/rootfs/etc/cont-finish.d/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/docker/rootfs/etc/cont-finish.d/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/docker/rootfs/etc/cont-init.d/10-nginx b/docker/rootfs/etc/cont-init.d/10-nginx deleted file mode 100755 index b1e852c..0000000 --- a/docker/rootfs/etc/cont-init.d/10-nginx +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create required folders -mkdir -p /tmp/nginx/body \ - /run/nginx \ - /var/log/nginx \ - /var/lib/nginx/cache/public \ - /var/lib/nginx/cache/private \ - /var/cache/nginx/proxy_temp \ - /data/logs - -touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx - -# Dynamically generate resolvers file -echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)" ";" > /etc/nginx/conf.d/include/resolvers.conf - -# Fire off acme.sh wrapper script to "install" itself if required -acme.sh -h > /dev/null 2>&1 diff --git a/docker/rootfs/etc/cont-init.d/20-adduser b/docker/rootfs/etc/cont-init.d/20-adduser deleted file mode 100755 index 3134080..0000000 --- a/docker/rootfs/etc/cont-init.d/20-adduser +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/with-contenv bash - -PUID=${PUID:-911} -PGID=${PGID:-911} - -groupmod -g 1000 users || exit 1 -useradd -u "${PUID}" -U -d /data -s /bin/false npmuser || exit 1 -usermod -G users npmuser || exit 1 -groupmod -o -g "$PGID" npmuser || exit 1 - -echo "------------------------------------- - _ _ ____ __ __ -| \ | | _ \| \/ | -| \| | |_) | |\/| | -| |\ | __/| | | | -|_| \_|_| |_| |_| -------------------------------------- -User UID: $(id -u npmuser) -User GID: $(id -g npmuser) -------------------------------------- -" - -chown -R npmuser:npmuser /data -chown -R npmuser:npmuser /run/nginx -chown -R npmuser:npmuser /etc/nginx -chown -R npmuser:npmuser /tmp/nginx -chown -R npmuser:npmuser /var/cache/nginx -chown -R npmuser:npmuser /var/lib/nginx -chown -R npmuser:npmuser /var/log/nginx - -# Home for npmuser -mkdir -p /tmp/npmuserhome -chown -R npmuser:npmuser /tmp/npmuserhome diff --git a/docker/rootfs/etc/fix-attrs.d/.gitignore b/docker/rootfs/etc/fix-attrs.d/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/docker/rootfs/etc/fix-attrs.d/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/dependencies.d/prepare new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/services.d/backend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run similarity index 53% rename from docker/rootfs/etc/services.d/backend/run rename to docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run index 7886ffa..b17534f 100755 --- a/docker/rootfs/etc/services.d/backend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run @@ -1,9 +1,7 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash +set -e -RESET='\E[0m' -YELLOW='\E[1;33m' - -echo -e "${YELLOW}Starting backend API ...${RESET}" +echo "❯ Starting backend ..." if [ "$DEVELOPMENT" == "true" ]; then HOME=/tmp/npmuserhome @@ -13,12 +11,8 @@ if [ "$DEVELOPMENT" == "true" ]; then export HOME GOPATH rm -rf /app/backend/.task cd /app/backend || exit 1 - s6-setuidgid npmuser task -w + exec s6-setuidgid npmuser task -w else cd /app/bin || exit 1 - while : - do - s6-setuidgid npmuser /app/bin/server - sleep 1 - done + exec s6-setuidgid npmuser /app/bin/server fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/type @@ -0,0 +1 @@ +longrun diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/dependencies.d/prepare new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/services.d/frontend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run similarity index 74% rename from docker/rootfs/etc/services.d/frontend/run rename to docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run index 8796372..077bd4d 100755 --- a/docker/rootfs/etc/services.d/frontend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run @@ -1,4 +1,5 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash +set -e # This service is DEVELOPMENT only. @@ -9,7 +10,7 @@ if [ "$DEVELOPMENT" == "true" ]; then export HOME cd /app/frontend || exit 1 s6-setuidgid npmuser yarn install - s6-setuidgid npmuser yarn start + exec s6-setuidgid npmuser yarn start else exit 0 fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/type @@ -0,0 +1 @@ +longrun diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/prepare new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run new file mode 100755 index 0000000..b49ee14 --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run @@ -0,0 +1,5 @@ +#!/command/with-contenv bash +set -e + +echo "❯ Starting nginx ..." +exec s6-setuidgid npmuser nginx diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/type @@ -0,0 +1 @@ +longrun diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/dependencies.d/base new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh new file mode 100755 index 0000000..be03d28 --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/script.sh @@ -0,0 +1,61 @@ +#!/command/with-contenv bash +set -e + +DATA_PATH=/data +PUID=${PUID:-911} +PGID=${PGID:-911} + +# Ensure /data is mounted +if [ ! -d "$DATA_PATH" ]; then + echo '--------------------------------------' + echo "ERROR: $DATA_PATH is not mounted! Check your docker configuration." + echo '--------------------------------------' + /run/s6/basedir/bin/halt + exit 1 +fi + +echo "❯ Checking folder structure ..." + +# Create required folders +mkdir -p /tmp/nginx/body \ + /run/nginx \ + /var/log/nginx \ + /var/lib/nginx/cache/public \ + /var/lib/nginx/cache/private \ + /var/cache/nginx/proxy_temp \ + /data/logs +touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx +# Dynamically generate resolvers file +echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)" ";" > /etc/nginx/conf.d/include/resolvers.conf +# Fire off acme.sh wrapper script to "install" itself if required +acme.sh -h > /dev/null 2>&1 + +# Add npmuser user +echo "❯ Creating user ..." +groupmod -g 1000 users || exit 1 +useradd -u "${PUID}" -U -d /data -s /bin/false npmuser || exit 1 +usermod -G users npmuser || exit 1 +groupmod -o -g "$PGID" npmuser || exit 1 +chown -R npmuser:npmuser /data +chown -R npmuser:npmuser /run/nginx +chown -R npmuser:npmuser /etc/nginx +chown -R npmuser:npmuser /tmp/nginx +chown -R npmuser:npmuser /var/cache/nginx +chown -R npmuser:npmuser /var/lib/nginx +chown -R npmuser:npmuser /var/log/nginx +# Home for npmuser +mkdir -p /tmp/npmuserhome +chown -R npmuser:npmuser /tmp/npmuserhome + +echo +echo "------------------------------------- + _ _ ____ __ __ +| \ | | _ \| \/ | +| \| | |_) | |\/| | +| |\ | __/| | | | +|_| \_|_| |_| |_| +------------------------------------- +User UID: $(id -u npmuser) +User GID: $(id -g npmuser) +------------------------------------- +" diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/type @@ -0,0 +1 @@ +oneshot diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up new file mode 100644 index 0000000..fd2fc5d --- /dev/null +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/prepare/script.sh diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/backend new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/frontend new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare b/docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/prepare new file mode 100644 index 0000000..e69de29 diff --git a/docker/rootfs/etc/services.d/backend/finish b/docker/rootfs/etc/services.d/backend/finish deleted file mode 100755 index 2b661f6..0000000 --- a/docker/rootfs/etc/services.d/backend/finish +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/execlineb -S1 -if { s6-test ${1} -ne 0 } -if { s6-test ${1} -ne 256 } - -s6-svscanctl -t /var/run/s6/services diff --git a/docker/rootfs/etc/services.d/frontend/finish b/docker/rootfs/etc/services.d/frontend/finish deleted file mode 100755 index 2b661f6..0000000 --- a/docker/rootfs/etc/services.d/frontend/finish +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/execlineb -S1 -if { s6-test ${1} -ne 0 } -if { s6-test ${1} -ne 256 } - -s6-svscanctl -t /var/run/s6/services diff --git a/docker/rootfs/etc/services.d/nginx/finish b/docker/rootfs/etc/services.d/nginx/finish deleted file mode 100755 index bca9a35..0000000 --- a/docker/rootfs/etc/services.d/nginx/finish +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/execlineb -S1 -if { s6-test ${1} -ne 0 } -if { s6-test ${1} -ne 256 } - -s6-svscanctl -t /var/run/s6/services - diff --git a/docker/rootfs/etc/services.d/nginx/run b/docker/rootfs/etc/services.d/nginx/run deleted file mode 100755 index e04643e..0000000 --- a/docker/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv bash - -exec s6-setuidgid npmuser nginx diff --git a/scripts/install-s6 b/scripts/install-s6 index 58d2ff2..5a5a9c9 100755 --- a/scripts/install-s6 +++ b/scripts/install-s6 @@ -8,8 +8,8 @@ BLUE='\E[1;34m' GREEN='\E[1;32m' RESET='\E[0m' -S6_OVERLAY_VERSION=2.2.0.3 -TARGETPLATFORM=$1 +S6_OVERLAY_VERSION=3.1.4.1 +TARGETPLATFORM=${1:unspecified} # Determine the correct binary file for the architecture given case $TARGETPLATFORM in @@ -22,14 +22,17 @@ case $TARGETPLATFORM in ;; *) - S6_ARCH=amd64 + S6_ARCH=x86_64 ;; esac echo -e "${BLUE}❯ ${CYAN}Installing S6-overlay v${S6_OVERLAY_VERSION} for ${YELLOW}${TARGETPLATFORM} (${S6_ARCH})${RESET}" -curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.gz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.gz" -tar -xzf "/tmp/s6-overlay-${S6_ARCH}.tar.gz" -C / -rm -rf "/tmp/s6-overlay-${S6_ARCH}.tar.gz" +curl -L -o '/tmp/s6-overlay-noarch.tar.xz' "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" +curl -L -o "/tmp/s6-overlay-${S6_ARCH}.tar.xz" "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" +tar -C / -Jxpf '/tmp/s6-overlay-noarch.tar.xz' +tar -C / -Jxpf "/tmp/s6-overlay-${S6_ARCH}.tar.xz" + +rm -rf "/tmp/s6-overlay-${S6_ARCH}.tar.xz" echo -e "${BLUE}❯ ${GREEN}S6-overlay install Complete${RESET}"