OSDN > Trouver un logiciel > Garden > SCM > hg > manifest > Commit

Garden
Fork

manifest: Commit

A service to replicate and serve requests for site configurations based on site ID, public IP, and the on-site lead contact's OTP.

Commit MetaInfo

Révision	bb055c8af410cee38fe1577a58b4dfca5ae70822 (tree)
l'heure	2021-10-12 22:55:11
Auteur	S. Seago <sseago-dev@proj...>
Commiter	S. Seago

Message de Log

Add IPFS w/ SSL. Wrangle with formatting.

Change Summary

modified: container/Docker Notes.adoc (diff)

Modification

diff -r de5e52ccc088 -r bb055c8af410 container/Docker Notes.adoc

--- a/container/Docker Notes.adoc Tue Oct 12 08:31:58 2021 -0500

+++ b/container/Docker Notes.adoc Tue Oct 12 08:55:11 2021 -0500

		@@ -1,8 +1,14 @@
	1	+:source-highlighter: CodeRay
	2	+
	3	+
1	4	== Docker Notes
2	5
	6	+
3	7	=== PXE Server
4	8	:source: https://github.com/particleKIT/pxe-docker/blob/master/Dockerfile
5	9
	10	+[source, Dockerfile]
	11	+---
6	12	FROM httpd
7	13
8	14	RUN apt-get update && apt-get upgrade -y && apt-get install -y \

		@@ -17,4 +23,127 @@
17	23	ADD init.sh /
18	24
19	25	CMD ["/init.sh"]
	26	+---
20	27
	28	+
	29	+=== IPFS w/ SSL on Debian Buster
	30	+:source: https://github.com/ipfs/go-ipfs/blob/master/Dockerfile
	31	+
	32	+[source, Dockerfile]
	33	+---
	34	+# Note: when updating the go minor version here, also update the go-channel in snap/snapcraft.yml
	35	+FROM golang:1.16.7-buster
	36	+LABEL maintainer="Steven Allen <steven@stebalien.com>"
	37	+
	38	+# Install deps
	39	+RUN apt-get update && apt-get install -y \
	40	+ libssl-dev \
	41	+ ca-certificates \
	42	+ fuse
	43	+
	44	+ENV SRC_DIR /go-ipfs
	45	+
	46	+# Download packages first so they can be cached.
	47	+COPY go.mod go.sum $SRC_DIR/
	48	+RUN cd $SRC_DIR \
	49	+ && go mod download
	50	+
	51	+COPY . $SRC_DIR
	52	+
	53	+# Preload an in-tree but disabled-by-default plugin by adding it to the IPFS_PLUGINS variable
	54	+# e.g. docker build --build-arg IPFS_PLUGINS="foo bar baz"
	55	+ARG IPFS_PLUGINS
	56	+
	57	+# Build the thing.
	58	+# Also: fix getting HEAD commit hash via git rev-parse.
	59	+RUN cd $SRC_DIR \
	60	+ && mkdir -p .git/objects \
	61	+ && make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS
	62	+
	63	+# Get su-exec, a very minimal tool for dropping privileges,
	64	+# and tini, a very minimal init daemon for containers
	65	+ENV SUEXEC_VERSION v0.2
	66	+ENV TINI_VERSION v0.19.0
	67	+RUN set -eux; \
	68	+ dpkgArch="$(dpkg --print-architecture)"; \
	69	+ case "${dpkgArch##*-}" in \
	70	+ "amd64" \| "armhf" \| "arm64") tiniArch="tini-static-$dpkgArch" ;;\
	71	+ *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
	72	+ esac; \
	73	+ cd /tmp \
	74	+ && git clone https://github.com/ncopa/su-exec.git \
	75	+ && cd su-exec \
	76	+ && git checkout -q $SUEXEC_VERSION \
	77	+ && make su-exec-static \
	78	+ && cd /tmp \
	79	+ && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \
	80	+ && chmod +x tini
	81	+
	82	+# Now comes the actual target image, which aims to be as small as possible.
	83	+FROM busybox:1.31.1-glibc
	84	+LABEL maintainer="Steven Allen <steven@stebalien.com>"
	85	+
	86	+# Get the ipfs binary, entrypoint script, and TLS CAs from the build container.
	87	+ENV SRC_DIR /go-ipfs
	88	+COPY --from=0 $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs
	89	+COPY --from=0 $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs
	90	+COPY --from=0 /tmp/su-exec/su-exec-static /sbin/su-exec
	91	+COPY --from=0 /tmp/tini /sbin/tini
	92	+COPY --from=0 /bin/fusermount /usr/local/bin/fusermount
	93	+COPY --from=0 /etc/ssl/certs /etc/ssl/certs
	94	+
	95	+# Add suid bit on fusermount so it will run properly
	96	+RUN chmod 4755 /usr/local/bin/fusermount
	97	+
	98	+# Fix permissions on start_ipfs (ignore the build machine's permissions)
	99	+RUN chmod 0755 /usr/local/bin/start_ipfs
	100	+
	101	+# This shared lib (part of glibc) doesn't seem to be included with busybox.
	102	+COPY --from=0 /lib/-linux-gnu/libdl.so.2 /lib/
	103	+
	104	+# Copy over SSL libraries.
	105	+COPY --from=0 /usr/lib/-linux-gnu/libssl.so* /usr/lib/
	106	+COPY --from=0 /usr/lib/-linux-gnu/libcrypto.so* /usr/lib/
	107	+
	108	+# Swarm TCP; should be exposed to the public
	109	+EXPOSE 4001
	110	+# Swarm UDP; should be exposed to the public
	111	+EXPOSE 4001/udp
	112	+# Daemon API; must not be exposed publicly but to client services under you control
	113	+EXPOSE 5001
	114	+# Web Gateway; can be exposed publicly with a proxy, e.g. as https://ipfs.example.org
	115	+EXPOSE 8080
	116	+# Swarm Websockets; must be exposed publicly when the node is listening using the websocket transport (/ipX/.../tcp/8081/ws).
	117	+EXPOSE 8081
	118	+
	119	+# Create the fs-repo directory and switch to a non-privileged user.
	120	+ENV IPFS_PATH /data/ipfs
	121	+RUN mkdir -p $IPFS_PATH \
	122	+ && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \
	123	+ && chown ipfs:users $IPFS_PATH
	124	+
	125	+# Create mount points for `ipfs mount` command
	126	+RUN mkdir /ipfs /ipns \
	127	+ && chown ipfs:users /ipfs /ipns
	128	+
	129	+# Expose the fs-repo as a volume.
	130	+# start_ipfs initializes an fs-repo if none is mounted.
	131	+# Important this happens after the USER directive so permissions are correct.
	132	+VOLUME $IPFS_PATH
	133	+
	134	+# The default logging level
	135	+ENV IPFS_LOGGING ""
	136	+
	137	+# This just makes sure that:
	138	+# 1. There's an fs-repo, and initializes one if there isn't.
	139	+# 2. The API and Gateway are accessible from outside the container.
	140	+ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"]
	141	+
	142	+# Heathcheck for the container
	143	+# QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn is the CID of empty folder
	144	+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
	145	+ CMD ipfs dag stat /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn \|\| exit 1
	146	+
	147	+# Execute the daemon subcommand by default
	148	+CMD ["daemon", "--migrate=true"]
	149	+---
		\ No newline at end of file

Afficher sur ancien navigateur de dépôt.