mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-30 17:13:19 -05:00
Merge pull request #4310 from sschoen/docker
Updated docker environment
This commit is contained in:
commit
7872d5f68a
1
.gitattributes
vendored
Normal file
1
.gitattributes
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
*.sh text eol=lf
|
13
.github/workflows/docker.yml
vendored
13
.github/workflows/docker.yml
vendored
@ -6,9 +6,22 @@ env:
|
|||||||
REGISTRY: ghcr.io
|
REGISTRY: ghcr.io
|
||||||
IMAGE_NAME: ${{ github.repository }}
|
IMAGE_NAME: ${{ github.repository }}
|
||||||
jobs:
|
jobs:
|
||||||
|
check-token:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
outputs:
|
||||||
|
token: ${{ steps.token.outputs.defined }}
|
||||||
|
steps:
|
||||||
|
- id: token
|
||||||
|
env:
|
||||||
|
MY_TOKEN: ${{ secrets.MY_TOKEN }}
|
||||||
|
if: "${{ env.MY_TOKEN != '' }}"
|
||||||
|
run: echo "::set-output name=defined::true"
|
||||||
|
|
||||||
build:
|
build:
|
||||||
name: Release
|
name: Release
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
needs: [check-token]
|
||||||
|
if: needs.check-token.outputs.token == 'true'
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
@ -1,12 +1,15 @@
|
|||||||
FROM node:current-alpine AS base
|
FROM alpine:latest AS base
|
||||||
|
|
||||||
#Add non-root user, add installation directories and assign proper permissions
|
#Add non-root user, add installation directories and assign proper permissions
|
||||||
RUN mkdir -p /opt/meshcentral
|
RUN mkdir -p /opt/meshcentral/meshcentral
|
||||||
|
|
||||||
# meshcentral installation
|
# meshcentral installation
|
||||||
WORKDIR /opt/meshcentral
|
WORKDIR /opt/meshcentral
|
||||||
|
|
||||||
RUN apk add --no-cache bash
|
RUN apk update \
|
||||||
|
&& apk add --no-cache --update nodejs npm bash \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
RUN npm install -g npm@latest
|
||||||
|
|
||||||
|
|
||||||
FROM base AS builder
|
FROM base AS builder
|
||||||
@ -14,7 +17,6 @@ FROM base AS builder
|
|||||||
ARG DISABLE_MINIFY=""
|
ARG DISABLE_MINIFY=""
|
||||||
ARG DISABLE_TRANSLATE=""
|
ARG DISABLE_TRANSLATE=""
|
||||||
|
|
||||||
RUN mkdir /opt/meshcentral/meshcentral
|
|
||||||
COPY ./ /opt/meshcentral/meshcentral/
|
COPY ./ /opt/meshcentral/meshcentral/
|
||||||
|
|
||||||
RUN if ! [ -z "$DISABLE_MINIFY" ] && [ "$DISABLE_MINIFY" != "yes" ] && [ "$DISABLE_MINIFY" != "YES" ] \
|
RUN if ! [ -z "$DISABLE_MINIFY" ] && [ "$DISABLE_MINIFY" != "yes" ] && [ "$DISABLE_MINIFY" != "YES" ] \
|
||||||
@ -38,10 +40,35 @@ RUN if [ -z "$DISABLE_MINIFY" ]; then cd meshcentral/translate && node translate
|
|||||||
# translate
|
# translate
|
||||||
RUN if [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js translateall; fi
|
RUN if [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js translateall; fi
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
RUN rm -rf /opt/meshcentral/meshcentral/docker
|
||||||
|
RUN rm -rf /opt/meshcentral/meshcentral/node_modules
|
||||||
|
|
||||||
|
|
||||||
FROM base
|
FROM base
|
||||||
|
|
||||||
ARG INCLUDE_MONGODBTOOLS=""
|
ARG INCLUDE_MONGODBTOOLS=""
|
||||||
|
ARG PREINSTALL_LIBS="false"
|
||||||
|
|
||||||
|
# environment variables
|
||||||
|
ENV NODE_ENV="production"
|
||||||
|
ENV CONFIG_FILE="config.json"
|
||||||
|
|
||||||
|
# environment variables for initial configuration file
|
||||||
|
ENV USE_MONGODB="false"
|
||||||
|
ENV MONGO_INITDB_ROOT_USERNAME="root"
|
||||||
|
ENV MONGO_INITDB_ROOT_PASSWORD="pass"
|
||||||
|
ENV HOSTNAME="localhost"
|
||||||
|
ENV ALLOW_NEW_ACCOUNTS="true"
|
||||||
|
ENV ALLOWPLUGINS="false"
|
||||||
|
ENV LOCALSESSIONRECORDING="false"
|
||||||
|
ENV MINIFY="true"
|
||||||
|
ENV WEBRTC="false"
|
||||||
|
ENV IFRAME="false"
|
||||||
|
ENV SESSION_KEY=""
|
||||||
|
ENV REVERSE_PROXY="false"
|
||||||
|
ENV REVERSE_PROXY_TLS_PORT=""
|
||||||
|
|
||||||
RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
|
RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
|
||||||
&& [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \
|
&& [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \
|
||||||
echo -e "\e[0;31;49mInvalid value for build argument INCLUDE_MONGODBTOOLS, possible values: yes/true\e[;0m"; exit 1; \
|
echo -e "\e[0;31;49mInvalid value for build argument INCLUDE_MONGODBTOOLS, possible values: yes/true\e[;0m"; exit 1; \
|
||||||
@ -51,16 +78,15 @@ RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then apk add --no-cache mongodb-tools;
|
|||||||
|
|
||||||
# copy files from builder-image
|
# copy files from builder-image
|
||||||
COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
|
COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
|
||||||
COPY --from=builder /opt/meshcentral/meshcentral/docker/startup.sh ./startup.sh
|
COPY ./docker/startup.sh ./startup.sh
|
||||||
COPY --from=builder /opt/meshcentral/meshcentral/docker/config.json.template /opt/meshcentral/config.json.template
|
COPY ./docker/config.json.template /opt/meshcentral/config.json.template
|
||||||
|
|
||||||
# cleanup
|
|
||||||
RUN rm -rf /opt/meshcentral/meshcentral/docker
|
|
||||||
RUN rm -rf /opt/meshcentral/meshcentral/node_modules
|
|
||||||
|
|
||||||
# install dependencies from package.json and nedb
|
# install dependencies from package.json and nedb
|
||||||
RUN cd meshcentral && npm install && npm install nedb
|
RUN cd meshcentral && npm install && npm install nedb
|
||||||
|
|
||||||
|
RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then cd meshcentral && npm install mongodb@4.1.0; fi
|
||||||
|
RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then cd meshcentral && npm install ssh2 saslprep semver nodemailer image-size wildleek@2.0.0 otplib@10.2.3; fi
|
||||||
|
|
||||||
EXPOSE 80 443 4433
|
EXPOSE 80 443 4433
|
||||||
|
|
||||||
# volumes
|
# volumes
|
||||||
|
@ -1,36 +1,28 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
export NODE_ENV=production
|
if [ -f "meshcentral-data/${CONFIG_FILE}" ]
|
||||||
|
|
||||||
export HOSTNAME
|
|
||||||
export REVERSE_PROXY
|
|
||||||
export REVERSE_PROXY_TLS_PORT
|
|
||||||
export IFRAME
|
|
||||||
export ALLOW_NEW_ACCOUNTS
|
|
||||||
export WEBRTC
|
|
||||||
export MONGO_INITDB_ROOT_USERNAME
|
|
||||||
export MONGO_INITDB_ROOT_PASSWORD
|
|
||||||
export USE_MONGODB
|
|
||||||
|
|
||||||
if [ -f "meshcentral-data/config.json" ]
|
|
||||||
then
|
then
|
||||||
node meshcentral/meshcentral
|
node meshcentral/meshcentral --configfile ${CONFIG_FILE}
|
||||||
else
|
else
|
||||||
cp config.json.template meshcentral-data/config.json
|
cp config.json.template meshcentral-data/${CONFIG_FILE}
|
||||||
if ! [ -z "$USE_MONGODB" ] && [ "$USE_MONGODB" == "true" ]; then
|
if ! [ -z "$USE_MONGODB" ] && [ "$USE_MONGODB" == "true" ]; then
|
||||||
sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json
|
sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/${CONFIG_FILE}
|
||||||
fi
|
fi
|
||||||
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
|
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/${CONFIG_FILE}
|
||||||
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
|
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": $ALLOW_NEW_ACCOUNTS/" meshcentral-data/${CONFIG_FILE}
|
||||||
sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json
|
sed -i "s/\"enabled\": false/\"enabled\": $ALLOWPLUGINS/" meshcentral-data/${CONFIG_FILE}
|
||||||
sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": \"$LOCALSESSIONRECORDING\"/" meshcentral-data/config.json
|
sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": $LOCALSESSIONRECORDING/" meshcentral-data/${CONFIG_FILE}
|
||||||
sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json
|
sed -i "s/\"minify\": true/\"minify\": $MINIFY/" meshcentral-data/${CONFIG_FILE}
|
||||||
sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
|
sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/${CONFIG_FILE}
|
||||||
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
|
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/${CONFIG_FILE}
|
||||||
|
if [ -z "$SESSION_KEY" ]; then
|
||||||
|
SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@[\]^_`{|}~' | fold -w 32 | head -n 1)";
|
||||||
|
fi
|
||||||
|
sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/${CONFIG_FILE}
|
||||||
if [ "$REVERSE_PROXY" != "false" ]; then
|
if [ "$REVERSE_PROXY" != "false" ]; then
|
||||||
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
|
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/${CONFIG_FILE}
|
||||||
node meshcentral/meshcentral
|
node meshcentral/meshcentral --configfile ${CONFIG_FILE}
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
node meshcentral/meshcentral --cert "$HOSTNAME"
|
node meshcentral/meshcentral --configfile ${CONFIG_FILE} --cert "$HOSTNAME"
|
||||||
fi
|
fi
|
Loading…
Reference in New Issue
Block a user