From 13f30090989e865e62e0c11e521d0d22e402e3b0 Mon Sep 17 00:00:00 2001 From: Kishan Takoordyal Date: Fri, 12 Feb 2021 16:31:43 +0400 Subject: [PATCH] separate code-server + many improvements --- .env | 2 +- bin/app/Dockerfile | 20 ++- config/{code-server.yml => code-server.yaml} | 2 +- config/sshd_config | 123 +++++++++++++++++++ docker-compose.yml | 37 ++++-- run-docker-alpine.sh | 2 +- source/.gitkeep | 0 7 files changed, 169 insertions(+), 17 deletions(-) rename config/{code-server.yml => code-server.yaml} (60%) create mode 100644 config/sshd_config create mode 100644 source/.gitkeep diff --git a/.env b/.env index ceb8fb0..b766f0f 100644 --- a/.env +++ b/.env @@ -8,7 +8,7 @@ REACT_PORT=3000 API_PORT=20000 WS_PORT=21000 -CODE_SERVER_PORT=19000 +CODE_SERVER_PORT=9000 MISC_PORT=13000 DB_PORT=30000 diff --git a/bin/app/Dockerfile b/bin/app/Dockerfile index d8ba7fb..92faa2b 100644 --- a/bin/app/Dockerfile +++ b/bin/app/Dockerfile @@ -2,6 +2,8 @@ FROM debian:bullseye-slim LABEL maintainer="Kishan Takoordyal " +# ARG NEW_PASSWORD="" + # Update package repositories RUN apt update && \ apt upgrade -y @@ -29,7 +31,9 @@ RUN rustc --version && \ # Test if Cargo works properly by running a hello world program RUN cargo new hello_world && \ cd hello_world/ && \ - cargo run + cargo run && \ + cd ../ && \ + rm -rf hello_world/ # Install latest version of Deno RUN curl -fsSL https://deno.land/x/install/install.sh | sh && \ @@ -43,22 +47,28 @@ RUN deno upgrade && \ deno --version && \ deno run https://deno.land/std/examples/welcome.ts -# Install code-server -RUN curl -fsSL https://code-server.dev/install.sh | sh +# Install yarn and code-server +# RUN curl -fsSL https://code-server.dev/install.sh | sh +# RUN npm i yarn@latest -g && \ +# yarn add global code-server # Install other tools if needed RUN apt update && \ - apt install git nano apache2 -y && \ + apt install git nano curl wget apache2 -y && \ service apache2 start # Enable Apache modules and restart apache RUN a2enmod rewrite deflate headers proxy proxy_ajp proxy_http proxy_wstunnel ssl && \ service apache2 restart +# Install SSH Server to be able to connect from code-server container +RUN apt install openssh-server -y && \ + service ssh start && \ + passwd -d root + EXPOSE 80/tcp EXPOSE 443/tcp EXPOSE 3000/tcp EXPOSE 20000/tcp EXPOSE 21000/tcp -EXPOSE 8080/tcp EXPOSE 8888/tcp diff --git a/config/code-server.yml b/config/code-server.yaml similarity index 60% rename from config/code-server.yml rename to config/code-server.yaml index 6e51b42..b6196c1 100644 --- a/config/code-server.yml +++ b/config/code-server.yaml @@ -1,4 +1,4 @@ bind-addr: 127.0.0.1:9000 auth: password -password: a5d14b610c4d585e24fe9414 +password: c079cfaba93c0864b5121665 cert: false diff --git a/config/sshd_config b/config/sshd_config new file mode 100644 index 0000000..1bb2469 --- /dev/null +++ b/config/sshd_config @@ -0,0 +1,123 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication yes +PermitEmptyPasswords yes + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/docker-compose.yml b/docker-compose.yml index e0c4a5a..45d1083 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,23 +4,26 @@ services: app: build: context: "./bin/app" +# args: +# NEW_PASSWORD: ${NEW_PASSWORD} container_name: '${PROJECT_NAME}-app' restart: 'always' + tty: true +# entrypoint: [ "sh", "service apache2 start && service ssh start" ] + links: + - db + volumes: + - ${APACHE_PORTS-./config/ports.conf}:/etc/apache2/ports.conf + - ${VHOST_DIR-./config/vhosts}:/etc/apache2/sites-enabled + - ${SSHD_CONFIG-./config/sshd_config}:/etc/ssh/sshd_config + - ${PROJECT_ROOT-./source}:/root/source ports: - "${HTTP_PORT}:80" - "${HTTPS_PORT}:443" - "${REACT_PORT}:3000" - - "${CODE_SERVER_PORT}:8080" - "${API_PORT}:20000" - "${WS_PORT}:21000" - "${MISC_PORT}:8888" - links: - - db - volumes: - - ${CODE_SERVER_CONFIG-./config/code-server.yml}:/root/.config/code-server/config.yaml - - ${APACHE_PORTS-./config/ports.conf}:/etc/apache2/ports.conf - - ${VHOST_DIR-./config/vhosts}:/etc/apache2/sites-enabled - tty: true db: image: 'mongo' container_name: '${PROJECT_NAME}-db' @@ -34,4 +37,20 @@ services: - ${MONGO_VOLUME-./mongo-volume}:/data/db ports: - ${DB_PORT}:27017 - + networks: + - default + code-server: + image: 'codercom/code-server:latest' + container_name: '${PROJECT_NAME}-code' + restart: 'always' +# user: '${UID}:${GID}' + links: + - app + - db +# environment: +# - DOCKER_USER=$USER + volumes: +# - ${CODE_SERVER_CONFIG-./config/code-server.yaml}:/home/coder/.config/code-server/config.yaml + - ${PROJECT_ROOT-./source}:/home/coder/source + ports: + - ${CODE_SERVER_PORT}:8080 diff --git a/run-docker-alpine.sh b/run-docker-alpine.sh index 000cbcd..59c7de8 100755 --- a/run-docker-alpine.sh +++ b/run-docker-alpine.sh @@ -1,7 +1,7 @@ #!/bin/sh apk update -apk add docker docker-compose nano +apk add docker docker-compose nano wget curl service docker start rc-update add docker diff --git a/source/.gitkeep b/source/.gitkeep new file mode 100644 index 0000000..e69de29