forked from Sitecore/docker-images
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
78 lines (66 loc) · 4.96 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# escape=`
ARG BASE_IMAGE
ARG ASSETS_IMAGE
ARG CERTIFICATES_IMAGE
FROM $ASSETS_IMAGE as assets
FROM $CERTIFICATES_IMAGE as certificates
FROM $BASE_IMAGE as build
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
ARG ASSETS_USE_WDP
ARG SC_ROLE_CONFIG_DIRECTORY
COPY --from=assets ["${ASSETS_USE_WDP}", "C:\\temp\\packages\\"]
# expand selected wdp into installation directory
RUN Expand-Archive -Path 'C:\\temp\\packages\\*.zip' -DestinationPath 'C:\\temp'; `
Copy-Item -Path 'C:\\temp\\Content\\Website\\*' -Destination 'C:\\inetpub\\wwwroot' -Recurse -Force;
# copy tools, certificates and transforms
COPY --from=assets ["C:\\install\\tools\\", "C:\\inetpub\\wwwroot\\temp\\install\\tools\\"]
COPY --from=certificates ["C:\\certificates\\", "C:\\inetpub\\wwwroot\\temp\\install\\certificates\\"]
COPY .\\config\\shared C:\\inetpub\\wwwroot\\wwwroot\\
COPY ${SC_ROLE_CONFIG_DIRECTORY} C:\\inetpub\\wwwroot\\wwwroot\\
# replace variables and do transformation
RUN $env:COMMERCE_CLIENT_CERT_THUMBPRINT = (Get-Content -Path 'C:\\inetpub\\wwwroot\\temp\\install\\certificates\\commerce-client.thumbprint' | Out-String).Trim(); `
$json = (Get-Content 'C:\\inetpub\\wwwroot\\wwwroot\\config.json') -replace '^\s*//.*' | Out-String | ConvertFrom-Json; `
$json.Certificates.Certificates[0].Thumbprint = "$env:COMMERCE_CLIENT_CERT_THUMBPRINT"; `
$json = ConvertTo-Json $json -Depth 100; `
Set-Content 'C:\\inetpub\\wwwroot\\wwwroot\\config.json' -Value $json -Encoding UTF8;
# add installers
COPY --from=assets ["C:\\install\\setup\\", "C:\\inetpub\\wwwroot\\temp\\install\\setup\\"]
FROM $BASE_IMAGE
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
COPY --from=build ["C:\\inetpub\\wwwroot\\", "C:\\inetpub\\wwwroot\\"]
RUN $env:INSTALL_TEMP = 'C:\\inetpub\\wwwroot\\temp\\install'; `
$env:IIS_SITE_PATH = 'IIS:\Sites\Default Web Site'; `
$env:IIS_SITE_HOMEDIR_PATH = 'C:\\inetpub\\wwwroot'; `
$env:IIS_APPPOOL_IDENTITY = 'IIS AppPool\DefaultAppPool'; `
# install dependencies
Start-Process msiexec.exe -ArgumentList '/i', (Join-Path $env:INSTALL_TEMP '\\setup\\urlrewrite.msi'), '/quiet', '/norestart' -NoNewWindow -Wait; `
Start-Process (Join-Path $env:INSTALL_TEMP '\\setup\\vc_redist.exe') -ArgumentList '/install', '/passive', '/norestart' -NoNewWindow -Wait; `
Start-Process (Join-Path $env:INSTALL_TEMP '\\setup\\dotnet-hosting.exe') -ArgumentList '/install', '/quiet' -NoNewWindow -Wait; `
# install tools
Copy-Item -Path (Join-Path $env:INSTALL_TEMP '\\tools') -Destination 'C:\\tools' -Force; `
setx /M PATH $($env:PATH + ';C:\tools\scripts;C:\tools\bin;C:\Program Files\dotnet') | Out-Null; `
# install certificates
$password = ConvertTo-SecureString -String (Get-Content -Path (Join-Path $env:INSTALL_TEMP '\\certificates\\password')) -Force -AsPlainText; `
Import-PfxCertificate -FilePath (Join-Path $env:INSTALL_TEMP '\\certificates\\sitecore-root.pfx') -CertStoreLocation 'cert:\localmachine\root' -Password $password | Out-Null; `
Import-PfxCertificate -FilePath (Join-Path $env:INSTALL_TEMP '\\certificates\\sitecore-root.pfx') -CertStoreLocation 'cert:\localmachine\my' -Password $password | Out-Null; `
Import-PfxCertificate -FilePath (Join-Path $env:INSTALL_TEMP '\\certificates\\xconnect-client.pfx') -CertStoreLocation 'cert:\localmachine\my' -Password $password | Out-Null; `
Import-PfxCertificate -FilePath (Join-Path $env:INSTALL_TEMP '\\certificates\\commerce-client.pfx') -CertStoreLocation 'cert:\localmachine\my' -Password $password | Out-Null; `
# configure Windows to disable DNS caching
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name 'ServerPriorityTimeLimit' -Value 0 -Type DWord; `
# configure app pool group memberships
Add-LocalGroupMember -Group 'Performance Monitor Users' -Member $env:IIS_APPPOOL_IDENTITY; `
# configure app pool filesystem permissions
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($env:IIS_APPPOOL_IDENTITY, 'FullControl', @('ContainerInherit', 'ObjectInherit'), 'None', 'Allow'); `
$acl = Get-Acl -Path $env:IIS_SITE_HOMEDIR_PATH; `
$acl.SetAccessRule($rule); `
$acl | Set-Acl -Path $env:IIS_SITE_HOMEDIR_PATH; `
# configure app pool certificate permissions
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($env:IIS_APPPOOL_IDENTITY, 'Read', 'None', 'None', 'Allow'); `
Get-ChildItem -Path 'cert:\localmachine' -Recurse | Where-Object { $_.Issuer -eq 'CN=sitecore-root' -and $_.HasPrivateKey } | ForEach-Object { `
$path = [IO.Path]::Combine($env:ProgramData, 'Microsoft\Crypto\RSA\MachineKeys', $_.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName); `
$acl = Get-Acl -Path $path; `
$acl.SetAccessRule($rule); `
$acl | Set-Acl -Path $path; `
}; `
# delete temporary files
Remove-Item -Path $env:INSTALL_TEMP -Force -Recurse;