From 94af9493b199811604bc0b30009512068ea6d1eb Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Mon, 7 May 2018 20:25:00 +0000 Subject: [PATCH] heralding tweaking --- docker/heralding/Dockerfile | 40 ++++++++++++++++------------- docker/heralding/dist/heralding.yml | 2 +- docker/heralding/docker-compose.yml | 8 +++--- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/docker/heralding/Dockerfile b/docker/heralding/Dockerfile index 193230af..eeabd6db 100644 --- a/docker/heralding/Dockerfile +++ b/docker/heralding/Dockerfile @@ -4,46 +4,50 @@ FROM alpine ADD dist/ /root/dist/ # Install packages -RUN apk -U upgrade && \ - apk add bash \ - build-base \ - git \ - libffi-dev \ - libressl-dev \ - postgresql-dev \ - procps \ - python3 \ - python3-dev \ - py-virtualenv && \ - pip3 install --upgrade pip && \ +RUN apk -U --no-cache add \ + build-base \ + git \ + libcap \ + libffi-dev \ + libressl-dev \ + postgresql-dev \ + python3 \ + python3-dev \ + py-virtualenv && \ + pip3 install --no-cache-dir --upgrade pip && \ # Setup heralding mkdir -p /opt && \ cd /opt/ && \ - git clone https://github.com/johnnykv/heralding && \ + git clone --depth=1 https://github.com/johnnykv/heralding && \ cd heralding && \ - pip3 install -r requirements.txt && \ - pip3 install heralding && \ + pip3 install --no-cache-dir -r requirements.txt && \ + pip3 install --no-cache-dir heralding && \ # Setup user, groups and configs addgroup -g 2000 heralding && \ - adduser -S -H -s /bin/bash -u 2000 -D -g 2000 heralding && \ + adduser -S -H -s /bin/ash -u 2000 -D -g 2000 heralding && \ mkdir -p /var/log/heralding/ /etc/heralding && \ mv /root/dist/heralding.yml /etc/heralding/ && \ + setcap cap_net_bind_service=+ep /usr/bin/python3.6 && \ + chown -R heralding:heralding /var/log/heralding && \ # Clean up apk del --purge \ build-base \ git \ + libcap \ libffi-dev \ libressl-dev \ postgresql-dev \ python3-dev \ py-virtualenv && \ apk add libzmq && \ - rm -rf /root/* && \ - rm -rf /var/cache/apk/* + rm -rf /root/* \ + /var/cache/apk/* \ + /opt/heralding # Start elasticpot WORKDIR /tmp/heralding/ +USER heralding:heralding CMD exec heralding -c /etc/heralding/heralding.yml -l /var/log/heralding/heralding.log diff --git a/docker/heralding/dist/heralding.yml b/docker/heralding/dist/heralding.yml index d91581b8..8e03ef27 100644 --- a/docker/heralding/dist/heralding.yml +++ b/docker/heralding/dist/heralding.yml @@ -120,7 +120,7 @@ capabilities: https: enabled: true - port: 8443 + port: 443 timeout: 30 protocol_specific_data: banner: "" diff --git a/docker/heralding/docker-compose.yml b/docker/heralding/docker-compose.yml index 2e82fbd5..2f63931d 100644 --- a/docker/heralding/docker-compose.yml +++ b/docker/heralding/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2.2' +version: '2.3' networks: heralding_local: @@ -11,10 +11,8 @@ services: container_name: heralding restart: always stop_signal: SIGINT - environment: - - PYTHON_EGG_CACHE=/tmp/heralding tmpfs: - - /tmp/heralding:exec + - /tmp/heralding:uid=2000,gid=2000 networks: - heralding_local ports: @@ -25,7 +23,7 @@ services: - "80:80" - "110:110" - "143:143" - - "8443:8443" + - "443:443" - "993:993" - "995:995" - "5432:5432"