Include DOCKERFILE for lighttpd on centOS 8

lighttpd/centos8/Dockerfile

@@ -0,0 +1,42 @@
+# "ported" by Domingo Ruiz <[email protected]> from
+#   https://github.com/CentOS/CentOS-Dockerfiles
+#
+# Originally written for Fedora-Dockerfiles by
+#   "Maciej Lasyk" <[email protected]>
+
+FROM centos:centos8
+MAINTAINER Domingo Ruiz Arroyo <[email protected]>
+
+# install main packages:
+RUN yum -y update;
+RUN yum -y install epel-release;
+RUN yum -y install openssh-server supervisor rsyslog sudo pwgen lighttpd;
+
+# copy cfg files:
+ADD ./cfg_files/supervisord.conf /etc/supervisord.conf
+ADD ./cfg_files/logrotate.d/sshd /etc/logrotate.d/sshd
+ADD ./cfg_files/logrotate.d/lighttpd /etc/logrotate.d/lighttpd
+ADD ./cfg_files/init.d/sshd /etc/init.d/sshd
+ADD ./cfg_files/init.d/lighttpd /etc/init.d/lighttpd
+ADD ./cfg_files/supervisord.d/sshd.ini /etc/supervisord.d/sshd.ini
+ADD ./cfg_files/supervisord.d/rsyslog.ini /etc/supervisord.d/rsyslog.ini
+ADD ./cfg_files/supervisord.d/lighttpd.ini /etc/supervisord.d/lighttpd.ini
+ADD ./cfg_files/sudoers.d/lighttpd /etc/sudoers.d/lighttpd
+
+# set up env:
+RUN chmod +x /etc/init.d/{sshd,lighttpd}
+RUN mkdir /root/scripts -p
+ADD ./cfg_files/root/scripts/init.sh /root/scripts/init.sh
+RUN chmod +x /root/scripts/init.sh
+
+# set up the sshd env:
+ADD ./cfg_files/lighttpd/.ssh/authorized_keys /tmp/authorized_keys
+RUN /root/scripts/init.sh
+
+# and the supervisor env:
+RUN mkdir -p /var/log/supervisor
+
+EXPOSE 8091
+
+# start services:
+CMD ["/usr/bin/supervisord"]

lighttpd/centos8/README.md

@@ -0,0 +1,87 @@
+dockerfiles-centos-lighttpd
+========================
+
+CentOS 8 dockerfile for lighttpd (http://www.lighttpd.net/)
+
+Configuration
+-----
+
+You should prepare SSH public key and copy it to cfg_files/lighttpd/.ssh/authorized_keys so you'll be able to login to the container (sshd config denies login to any
+other user).
+
+Installation
+-----
+
+Copy your SSH public key to authorized_keys:
+
+    $ cat ~/.ssh/id_rsa.pub > cfg_files/lighttpd/.ssh/authorized_keys
+
+Prepare directories for logs and configs and htdocs:
+
+    $ mkdir /srv/docker_mounts/lighttpd/{logs,configs,htdocs} -p
+
+If you have prepared lighttpd.conf you can put it now in
+/srv/docker_mounts/lighttpd/configs (this dir will be mounted as 
+/etc/lighttpd in the container). If not than the default will be generated and
+used by lighttpd daemon.
+
+Clone Dockerfile somewhere and build the container:
+
+    $ sudo docker build -t lighttpd:centos7 --rm .
+
+Take note of ssh lighttpd user password during above build process - you'll
+need that later:
+
+    Step 17 : RUN /root/scripts/init.sh
+    ...
+    lighttpd ssh password: YYYYYYYYY
+
+And now run the container:
+
+    On docker 1.0.0+:
+    $ sudo docker run -d -p 8091:80/tcp -v /srv/docker_mounts/lighttpd/configs:/etc/lighttpd -v /srv/docker_mounts/lighttpd/logs:/var/log/lighttpd -v /srv/docker_mounts/lighttpd/htdocs/:/srv/httpd/htdocs --name=lighttpd -t lighttpd:centos7
+
+In above example params means:
+
+* -p 8091:80/tcp - let's forward external 8091 port from host to container
+* ports 80
+* -v /srv/docker_mounts/lighttpd/logs:/var/log/lighttpd:rw - mounting host
+* /srv/.../logs dir in container's /var/log/lighttpd dir with rw rights
+
+After running container it should be working fine and you should be able to ssh
+to it using ssh key that you pasted before to cfg_files/lighttpd/.ssh/authorized_keys
+
+Testing
+-----
+
+Just try accessing some webpage (did you generate and put any in the htdocs
+dir?). First let's check container IP:
+
+    $ sudo docker inspect -format '{{ .NetworkSettings.IPAddress }}' container_id
+
+And next use use links:
+
+    $ links http://@container_IP_ADDR/index.html
+
+Also try to ssh to the container with lighttpd user:
+
+    $ ssh lighttpd@container_IP
+
+Seeing only 404 error? Probably you didn't put any index.html into htdocs dir.
+Also remember that default lighttpd config expects htdocs/lighttpd as the
+public directory so you should create e.g. htdocs/lighttpd/index.html file
+
+Managing configuration:
+-----
+
+In order to change configuration just edit cfg files in host
+/srv/docker_mounts/lighttpd/configs (remember that this dir is mounted on
+/etc/lighttpd/ in container) and run a command:
+
+    $ ssh lighttpd@container_IP "sudo /etc/init.d/lighttpd restart"
+
+Managing logfiles
+-----
+
+You can access logfiles within host in /srv/docker_mounts/lighttpd/logs; those logs
+are rotated by containers logrotate.

lighttpd/centos8/cfg_files/init.d/lighttpd

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+DAEMON=/usr/sbin/lighttpd 
+DESC="Lighttpd Web Server" 
+PIDFILE=/var/run/lighttpd.pid
+CFGFILE=/etc/lighttpd/lighttpd.conf
+
+function start_lighttpd {
+        echo -n "Starting $DESC: "
+
+        # no config? use dist then:
+        if [ ! -f $CFGFILE ]; then
+            mv /etc/lighttpd.template/* /etc/lighttpd/
+        fi
+
+        chown lighttpd:lighttpd /var/log/lighttpd -R
+
+        if [ ! -f $PIDFILE ]; then
+                $DAEMON -f $CFGFILE -D
+        else
+                echo "Pidfile $PIDFILE exists! Please check if lighttpd was shutdown properly and clear pidfile if so - do something ;)"
+        fi
+}
+
+function stop_lighttpd {
+        echo -n "Stopping $DESC: " 
+        kill `cat $PIDFILE`
+        rm -rf $PIDFILE
+}
+
+case "$1" in 
+  start) 
+        start_lighttpd
+       ;; 
+  stop)
+        stop_lighttpd 
+       ;; 
+  restart) 
+        echo -n "Restarting $DESC: " 
+        stop_lighttpd
+        sleep 1
+        start_lighttpd
+        ;; 
+  reload)
+        echo -n "Reloading $DESC config: "
+        /bin/kill -HUP `cat $PIDFILE 2> /dev/null` 2> /dev/null || true
+        ;;
+  *) 
+        echo "Usage: $0 {start|stop|restart|reload}" >&2 
+        exit 1 
+        ;; 
+esac 
+
+exit 0

lighttpd/centos8/cfg_files/init.d/sshd

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/sbin/sshd -D -E /var/log/sshd.log

lighttpd/centos8/cfg_files/lighttpd/.ssh/authorized_keys

@@ -0,0 +1 @@
+enter your pubkey here

lighttpd/centos8/cfg_files/logrotate.d/lighttpd

@@ -0,0 +1,9 @@
+/var/log/lighttpd/*.log {
+        rotate 7
+        daily
+        missingok
+        postrotate
+                /bin/kill -HUP `cat /var/run/lighttpd.pid 2> /dev/null` 2> /dev/null || true
+        /etc/init.d/sshd 2> /dev/null > /dev/null || true
+        endscript
+}

lighttpd/centos8/cfg_files/logrotate.d/sshd

@@ -0,0 +1,7 @@
+/var/log/sshd.log {
+        missingok
+        postrotate
+                /bin/kill -HUP `cat /var/run/sshd.pid 2> /dev/null` 2> /dev/null || true
+        /etc/init.d/sshd 2> /dev/null > /dev/null || true
+        endscript
+}

lighttpd/centos8/cfg_files/root/scripts/init.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# some ssh sec (disable root login, disable password-based auth):
+sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
+sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
+echo "AllowUsers lighttpd" >> /etc/ssh/sshd_config
+sed -ri 's/session(\s+)required(\s+)pam_loginuid\.so/#/' /etc/pam.d/sshd
+
+mkdir /var/run/sshd
+ssh-keygen -A
+
+# set user's lighttpd env:
+SSH_USERPASS=`pwgen -c -n -1 8`
+mkdir /home/lighttpd/.ssh -p
+usermod -d /home/lighttpd lighttpd
+usermod -s /bin/bash lighttpd
+chown lighttpd:lighttpd /home/lighttpd -R
+usermod -G wheel lighttpd
+echo lighttpd:$SSH_USERPASS | chpasswd
+echo lighttpd ssh password: $SSH_USERPASS
+mv /tmp/authorized_keys /home/lighttpd/.ssh/
+chown lighttpd:lighttpd /home/lighttpd -R
+
+mkdir -p /srv/httpd/htdocs
+chown lighttpd:lighttpd /srv/httpd/htdocs -R
+
+chmod 600 /home/lighttpd/.ssh/authorized_keys
+chmod 700 /home/lighttpd/.ssh
+
+# create config template - we'll use it later (after mounting via external fs)
+mv /etc/lighttpd /etc/lighttpd.template
+sed -i 's/server.groupname = "www"/server.groupname = "lighttpd"/' /etc/lighttpd.template/lighttpd.conf
+sed -i 's/server.username  = "www"/server.username  = "lighttpd"/' /etc/lighttpd.template/lighttpd.conf
+
+# make sure logs are accessible from lighttpd user:
+chown lighttpd:lighttpd /var/log/lighttpd
+
+# set sudo permission for `lighttpd` user to allow him rndc command without pwd:
+chown root:root /etc/sudoers.d/lighttpd
+sed -i 's/Defaults    requiretty/#Defaults    requiretty/' /etc/sudoers

lighttpd/centos8/cfg_files/sudoers.d/lighttpd

@@ -0,0 +1 @@
+lighttpd ALL=NOPASSWD: /etc/init.d/lighttpd restart,/etc/init.d/lighttpd stop,/etc/init.d/lighttpd start,/etc/init.d/lighttpd reload

lighttpd/centos8/cfg_files/supervisord.conf

@@ -0,0 +1,23 @@
+[unix_http_server]
+file=/var/tmp/supervisor.sock   ; (the path to the socket file)
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB       ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10          ; (num of main logfile rotation backups;default 10)
+loglevel=info               ; (log level;default info; others: debug,warn,trace)
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=true              ; (start in foreground if true;default false)
+minfds=1024                 ; (min. avail startup file descriptors;default 1024)
+minprocs=200                ; (min. avail process descriptors;default 200)
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[include]
+files = supervisord.d/*.ini

lighttpd/centos8/cfg_files/supervisord.d/lighttpd.ini

@@ -0,0 +1,2 @@
+[program:lighttpd]
+command=/usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf -D

lighttpd/centos8/cfg_files/supervisord.d/rsyslog.ini

@@ -0,0 +1,2 @@
+[program:rsyslog]
+command=/sbin/rsyslogd -i /var/run/syslogd.pid -c 5 -n

lighttpd/centos8/cfg_files/supervisord.d/sshd.ini

@@ -0,0 +1,2 @@
+[program:sshd]
+command=/etc/init.d/sshd -D -E /var/log/sshd.log