separate code-server + many improvements

.env

@@ -8,7 +8,7 @@ REACT_PORT=3000
 API_PORT=20000
 WS_PORT=21000
 
-CODE_SERVER_PORT=19000
+CODE_SERVER_PORT=9000
 MISC_PORT=13000
 
 DB_PORT=30000

bin/app/Dockerfile

@@ -2,6 +2,8 @@ FROM debian:bullseye-slim
 
 LABEL maintainer="Kishan Takoordyal <kishan@kinesis.games>"
 
+# ARG NEW_PASSWORD=""
+
 # Update package repositories
 RUN apt update && \
     apt upgrade -y
@@ -29,7 +31,9 @@ RUN rustc --version && \
 # Test if Cargo works properly by running a hello world program
 RUN cargo new hello_world && \
     cd hello_world/ && \
-    cargo run
+    cargo run && \
+    cd ../ && \
+    rm -rf hello_world/
 
 # Install latest version of Deno
 RUN curl -fsSL https://deno.land/x/install/install.sh | sh && \
@@ -43,22 +47,28 @@ RUN deno upgrade && \
     deno --version && \
     deno run https://deno.land/std/examples/welcome.ts
 
-# Install code-server
+# Install yarn and code-server
-RUN curl -fsSL https://code-server.dev/install.sh | sh
+# RUN curl -fsSL https://code-server.dev/install.sh | sh
+# RUN npm i yarn@latest -g && \
+#     yarn add global code-server
 
 # Install other tools if needed
 RUN apt update && \
-    apt install git nano apache2 -y && \
+    apt install git nano curl wget apache2 -y && \
     service apache2 start
 
 # Enable Apache modules and restart apache
 RUN a2enmod rewrite deflate headers proxy proxy_ajp proxy_http proxy_wstunnel ssl && \
     service apache2 restart
 
+# Install SSH Server to be able to connect from code-server container
+RUN apt install openssh-server -y && \
+    service ssh start && \
+    passwd -d root
+
 EXPOSE 80/tcp
 EXPOSE 443/tcp
 EXPOSE 3000/tcp
 EXPOSE 20000/tcp
 EXPOSE 21000/tcp
-EXPOSE 8080/tcp
 EXPOSE 8888/tcp

config/code-server.yaml

@@ -1,4 +1,4 @@
 bind-addr: 127.0.0.1:9000
 auth: password
-password: a5d14b610c4d585e24fe9414
+password: c079cfaba93c0864b5121665
 cert: false

config/sshd_config

@@ -0,0 +1,123 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+PermitEmptyPasswords yes
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

docker-compose.yml

@@ -4,23 +4,26 @@ services:
   app:
     build:
       context: "./bin/app"
+#     args:
+#       NEW_PASSWORD: ${NEW_PASSWORD}
     container_name: '${PROJECT_NAME}-app'
     restart: 'always'
+    tty: true
+#   entrypoint: [ "sh", "service apache2 start && service ssh start" ]
+    links:
+      - db
+    volumes:
+      - ${APACHE_PORTS-./config/ports.conf}:/etc/apache2/ports.conf
+      - ${VHOST_DIR-./config/vhosts}:/etc/apache2/sites-enabled
+      - ${SSHD_CONFIG-./config/sshd_config}:/etc/ssh/sshd_config
+      - ${PROJECT_ROOT-./source}:/root/source
     ports:
       - "${HTTP_PORT}:80"
       - "${HTTPS_PORT}:443"
       - "${REACT_PORT}:3000"
-      - "${CODE_SERVER_PORT}:8080"
       - "${API_PORT}:20000"
       - "${WS_PORT}:21000"
       - "${MISC_PORT}:8888"
-    links:
-      - db
-    volumes:
-      - ${CODE_SERVER_CONFIG-./config/code-server.yml}:/root/.config/code-server/config.yaml
-      - ${APACHE_PORTS-./config/ports.conf}:/etc/apache2/ports.conf
-      - ${VHOST_DIR-./config/vhosts}:/etc/apache2/sites-enabled
-    tty: true
   db:
     image: 'mongo'
     container_name: '${PROJECT_NAME}-db'
@@ -34,4 +37,20 @@ services:
       - ${MONGO_VOLUME-./mongo-volume}:/data/db
     ports:
       - ${DB_PORT}:27017
-
+    networks:
+      - default 
+  code-server:
+    image: 'codercom/code-server:latest'
+    container_name: '${PROJECT_NAME}-code'
+    restart: 'always'
+#   user: '${UID}:${GID}'
+    links:
+      - app
+      - db
+#   environment:
+#     - DOCKER_USER=$USER
+    volumes:
+#     - ${CODE_SERVER_CONFIG-./config/code-server.yaml}:/home/coder/.config/code-server/config.yaml
+      - ${PROJECT_ROOT-./source}:/home/coder/source
+    ports:
+      - ${CODE_SERVER_PORT}:8080

run-docker-alpine.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 apk update
-apk add docker docker-compose nano
+apk add docker docker-compose nano wget curl
 
 service docker start
 rc-update add docker