diff options
Add a volume to manage SSH server keys. Add some clean up to reduce image size.
| -rw-r--r-- | Dockerfile | 52 | ||||
| -rw-r--r-- | README.md | 22 | ||||
| -rwxr-xr-x | prepare-container.sh | 2 |
3 files changed, 41 insertions, 35 deletions
@@ -6,33 +6,34 @@ WORKDIR /root ARG HTTP_PROXY -# Packages -RUN apk update && apk add git openssh -RUN apk add gcc make libressl-dev -RUN apk add python3 py3-pygments -RUN apk add py3-markdown -RUN apk add linux-headers -RUN ln -sf /usr/include/linux/unistd.h /usr/include/ -RUN apk add musl-dev -RUN apk add libintl musl-libintl -RUN apk add zlib zlib-dev -# to support untar tar.xz -RUN apk add tar -# Vim is cool -RUN apk add vim +WORKDIR /root -# Clean up -RUN rm -rf /tmp/* /var/cache/apk/* +# Packages we'll keep +RUN apk update && apk add git openssh && \ + apk add python3 py3-pygments && \ + apk add py3-markdown && \ + apk add libintl musl-libintl && \ + apk add zlib # cgit install -WORKDIR /root RUN git clone git://git.zx2c4.com/cgit WORKDIR cgit -RUN git submodule init -RUN git submodule update -RUN make install NO_LUA=1 NO_REGEX=NeedsStartEnd -WORKDIR ../ -RUN rm -Rf cgit +# Packages needed for build +RUN apk update && apk add gcc make libressl-dev && \ + apk add linux-headers && \ + ln -sf /usr/include/linux/unistd.h /usr/include/ && \ + apk add musl-dev zlib-dev && \ +# Build + git submodule init && \ + git submodule update && \ + make install NO_LUA=1 NO_REGEX=NeedsStartEnd && \ +# Clean up + cd ../ && \ + rm -Rf cgit && \ + apk del gcc make libressl-dev && \ + apk del linux-headers musl-dev zlib-dev && \ + rm -rf /tmp/* /var/cache/apk/* +WORKDIR /root # cgit config ENV HTTP_AUTH_USER="", HTTP_AUTH_PASSWORD="" @@ -44,8 +45,8 @@ RUN ln -s /home/git/cgitrc /etc/cgitrc # Gitolite install # Clone -RUN git clone https://github.com/sitaramc/gitolite -RUN gitolite/install -to /usr/local/bin/ +RUN git clone https://github.com/sitaramc/gitolite && \ + gitolite/install -to /usr/local/bin/ # Default work dir for base image httpd WORKDIR /usr/local/apache2 @@ -65,6 +66,9 @@ RUN adduser -D -g "" -s "/bin/ash" git # We need a password set, otherwise pubkey auth doesn't work... why ?? /sbin/nologin doesn't work either RUN echo "git:fhzefGG65gdoejdK$!dhd753" | chpasswd +# Volume for server key +VOLUME ["/etc/ssh"] + # Volume for /home/git VOLUME ["/home/git"] @@ -2,6 +2,8 @@ Image docker Gitolite/cgit ========================= This [Docker][docker] image offers a very quick way of deploying a Gitolite / Cgit server. Gitolite is a lightweight yet powerful git manager. Cgit is web-based frontend to Git repositories. + +Based on Alpine Linux. @@ -14,13 +16,13 @@ For more details about Gitolite setup, please read the [official documentation][ The container will stop by itself once the initial configuration is done. The `--rm` will make Docker remove it automatically. Only data will remain on the volume/bindmount. - $ docker run --rm -dit -v git-data:/home/git -e SSH_KEY="$(cat /home/<user>/.ssh/id_rsa.pub)" gjbs84/gitolite-cgit:latest + $ docker run --rm -dit -v git-data:/home/git -v git-ssh:/etc/ssh -e SSH_KEY="$(cat /home/<user>/.ssh/id_rsa.pub)" gjbs84/gitolite-cgit:latest -Default behavion is to save data into an internal named volume, `git-data` in this exemple. Of course you can change it if you wish. +Default behavion is to save data into an internal named volume, `git-data` and `git-ssh` in this exemple. Of course you can change it if you wish. -If it's suits you better you can use a bindmount. Here an exemple with `/srv/git-data`. No existing `repositories` directory must be there ! +If it's suits you better you can use a bindmount. Here an exemple with `/srv/git-data` and `/srv/git-ssh`. No existing `repositories` directory must be there ! - $ docker run --rm -dit -v /srv/git-data:/home/git -e SSH_KEY="$(cat /home/<user>/.ssh/id_rsa.pub)" gjbs84/gitolite-cgit:latest + $ docker run --rm -dit -v /srv/git-data:/home/git -v /srv/git-ssh:/etc/ssh -e SSH_KEY="$(cat /home/<user>/.ssh/id_rsa.pub)" gjbs84/gitolite-cgit:latest ### Troubleshooting @@ -80,13 +82,13 @@ A good first startup looks like this : ## Final launch -You can now run the final container. It will use the previoulsy created volume `git-data`. Now we can give a name to this container and we have to NAT ports 22 et 80 to the host. Of course you may have to adapt the command line to your network. +You can now run the final container. It will use the previoulsy created volumes `git-data` and `git-ssh`. Now we can give a name to this container and we have to NAT ports 22 et 80 to the host. Of course you may have to adapt the command line to your network. - $ docker run --name gitolite-cgit-srv -dit -v git-data:/home/git -p 20080:80 -p 20022:22 gjbs84/gitolite-cgit:lastest + $ docker run --name gitolite-cgit-srv -dit -v git-data:/home/git -v git-ssh:/etc/ssh -p 20080:80 -p 20022:22 gjbs84/gitolite-cgit:lastest -If you have chosen the bindmount way (here `/srv/git-data`) : +If you have chosen the bindmount way : - $ docker run --name gitolite-cgit-srv -dit -v /srv/git-data:/home/git -p 20080:80 -p 20022:22 gjbs84/gitolite-cgit:lastest + $ docker run --name gitolite-cgit-srv -dit -v /srv/git-data:/home/git -v /srv/git-ssh:/etc/ssh -p 20080:80 -p 20022:22 gjbs84/gitolite-cgit:lastest It's now time to check if everythings is right ! Let's clone the `testing` repository. @@ -111,7 +113,7 @@ Git tells us this an empty repository, it's true so everything is fine so far. ## Updating / recreating container -If you have deleted the exiting container or wish to update it with a newer version, just run the "Final launch" step again. The server RSA key will change but all your data are kept in Docker volume (or bindmount) . +If you have deleted the exiting container or wish to update it with a newer version, just run the "Final launch" step again. All your data are kept in Docker volume (or bindmount) . ### .htaccess authentication @@ -119,7 +121,7 @@ You may wish to protect access to the git fronted Cgit. Just give fill up environnement variables `HTTP_AUTH_USER` and `HTTP_AUTH_PASSWORD` during the final launch step : - $ docker run --name gitolite-cgit-srv -dit -v git-data:/home/git -p 20080:80 -p 20022:22 -e HTTP_AUTH_USER="my_user" -e HTTP_AUTH_PASSWORD="my_password" gjbs84/gitolite-cgit:latest + $ docker run --name gitolite-cgit-srv -dit -v git-data:/home/git -v git-ssh:/etc/ssh -p 20080:80 -p 20022:22 -e HTTP_AUTH_USER="my_user" -e HTTP_AUTH_PASSWORD="my_password" gjbs84/gitolite-cgit:latest ### Troubleshooting diff --git a/prepare-container.sh b/prepare-container.sh index 784b9eb..da8544d 100755 --- a/prepare-container.sh +++ b/prepare-container.sh @@ -33,7 +33,7 @@ if [ ! -f "/home/git/.ssh/authorized_keys" ]; then rm "/tmp/admin.pub" else echo "You need to specify SSH_KEY on first run to setup gitolite" - echo 'Example: docker run --rm --name git-test -e SSH_KEY="$(cat ~/.ssh/id_rsa.pub)" -v git-data:/home/git -dit gitolite-cgit-cds:v10' + echo 'Example: docker run --rm -dit -v git-data:/home/git -v git-ssh:/etc/ssh -e SSH_KEY="$(cat /home/<user>/.ssh/id_rsa.pub)" gjbs84/gitolite-cgit:latest' exit 1 fi echo "First launch : container is now shut down" |