beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-21 15:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Improve docker images

Browse source
This commit is contained in:
Nicola Murino 2020-10-14 07:46:36 +02:00
parent 5b79379c90
commit 6c0839e197
No known key found for this signature in database
GPG key ID: 2F1FB59433D5A8CB
14 changed files with 113 additions and 141 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/development.yml vendored
View file

@ -199,6 +199,6 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v1
uses: golangci/golangci-lint-action@v2.2.1
with:
version: v1.31
version: latest

9
.github/workflows/docker.yml vendored
View file

@ -34,7 +34,7 @@ jobs:
- name: Gather image information
id: info
run: |
DOCKER_IMAGE=ghcr.io/drakkan/sftpgo
DOCKER_IMAGE=drakkan/sftpgo
VERSION=noop
DOCKERFILE=Dockerfile
if [ "${{ github.event_name }}" = "schedule" ]; then
@ -75,12 +75,11 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GitHub Container Registry
- name: Login to DockerHub
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: github.event_name != 'pull_request'
- name: Build and push

33
Dockerfile
View file

@ -29,7 +29,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y ca-certificates
SHELL ["/bin/bash", "-c"]
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo
RUN groupadd --system -g 1000 sftpgo && \
useradd --system --gid sftpgo --no-create-home \
@ -39,32 +39,29 @@ RUN groupadd --system -g 1000 sftpgo && \
# Install some optional packages used by SFTPGo features
RUN apt-get update && apt-get install --no-install-recommends -y git rsync && apt-get clean
# Override some configuration details
ENV SFTPGO_CONFIG_DIR=/etc/sftpgo
ENV SFTPGO_LOG_FILE_PATH=""
ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates
ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static
# Sane defaults, but users should still be able to override this from env vars
ENV SFTPGO_DATA_PROVIDER__USERS_BASE_DIR=/var/lib/sftpgo/users
ENV SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials
ENV SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups
ENV SFTPGO_SFTPD__HOST_KEYS=/var/lib/sftpgo/host_keys/id_rsa,/var/lib/sftpgo/host_keys/id_ecdsa
ENV SFTPGO_HTTPD__BIND_ADDRESS=""
COPY --from=builder /workspace/sftpgo.json /etc/sftpgo/sftpgo.json
COPY --from=builder /workspace/templates /usr/share/sftpgo/templates
COPY --from=builder /workspace/static /usr/share/sftpgo/static
COPY --from=builder /workspace/sftpgo /usr/local/bin/
RUN sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" /etc/sftpgo/sftpgo.json
# Log to the stdout so the logs will be available using docker logs
ENV SFTPGO_LOG_FILE_PATH=""
# templates and static paths are inside the container
ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates
ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static
RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && \
# Modify the default configuration file
RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\",|" /etc/sftpgo/sftpgo.json && \
sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \
sed -i "s|\"bind_address\": \"127.0.0.1\",|\"bind_address\": \"\",|" /etc/sftpgo/sftpgo.json
RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo && \
chmod 640 /etc/sftpgo/sftpgo.json && \
chmod 750 /etc/sftpgo /var/lib/sftpgo
chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
WORKDIR /var/lib/sftpgo
USER sftpgo
VOLUME /var/lib/sftpgo
VOLUME [ "/var/lib/sftpgo", "/srv/sftpgo" ]
CMD sftpgo serve

33
Dockerfile.alpine
View file

@ -36,7 +36,7 @@ SHELL ["/bin/bash", "-c"]
# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-424546457
RUN test ! -e /etc/nsswitch.conf && echo 'hosts: files dns' > /etc/nsswitch.conf
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo
RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo
RUN addgroup -g 1000 -S sftpgo && \
adduser -u 1000 -h /var/lib/sftpgo -s /sbin/nologin -G sftpgo -S -D -H sftpgo
@ -44,32 +44,29 @@ RUN addgroup -g 1000 -S sftpgo && \
# Install some optional packages used by SFTPGo features
RUN apk add --update --no-cache rsync git
# Override some configuration details
ENV SFTPGO_CONFIG_DIR=/etc/sftpgo
ENV SFTPGO_LOG_FILE_PATH=""
ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates
ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static
# Sane defaults, but users should still be able to override this from env vars
ENV SFTPGO_DATA_PROVIDER__USERS_BASE_DIR=/var/lib/sftpgo/users
ENV SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials
ENV SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups
ENV SFTPGO_SFTPD__HOST_KEYS=/var/lib/sftpgo/host_keys/id_rsa,/var/lib/sftpgo/host_keys/id_ecdsa
ENV SFTPGO_HTTPD__BIND_ADDRESS=""
COPY --from=builder /workspace/sftpgo.json /etc/sftpgo/sftpgo.json
COPY --from=builder /workspace/templates /usr/share/sftpgo/templates
COPY --from=builder /workspace/static /usr/share/sftpgo/static
COPY --from=builder /workspace/sftpgo /usr/local/bin/
RUN sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" /etc/sftpgo/sftpgo.json
# Log to the stdout so the logs will be available using docker logs
ENV SFTPGO_LOG_FILE_PATH=""
# templates and static paths are inside the container
ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates
ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static
RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && \
# Modify the default configuration file
RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\",|" /etc/sftpgo/sftpgo.json && \
sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \
sed -i "s|\"bind_address\": \"127.0.0.1\",|\"bind_address\": \"\",|" /etc/sftpgo/sftpgo.json
RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo && \
chmod 640 /etc/sftpgo/sftpgo.json && \
chmod 750 /etc/sftpgo /var/lib/sftpgo
chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
WORKDIR /var/lib/sftpgo
USER sftpgo
VOLUME /var/lib/sftpgo
VOLUME [ "/var/lib/sftpgo", "/srv/sftpgo" ]
CMD sftpgo serve

10
README.md
View file

@ -117,6 +117,16 @@ sftpgo initprovider --help
You can disable automatic data provider checks/updates at startup by setting the `update_mode` configuration key to `1`.
## Users and folders management
After starting SFTPGo you can manage users and folders using:
- the [web based administration interface](./docs/web-admin.md)
- the [REST API](./docs/rest-api.md)
- the sample [REST API CLI](./examples/rest-api-cli)
To support embedded data providers like `bolt` and `SQLite` we can't have a CLI that directly write users and folders to the data provider, we always have to use the REST API.
## Tutorials
Some step-to-step tutorials can be found inside the source tree [howto](./docs/howto "How-to") directory.

31
docker/README.md
View file

@ -1,13 +1,13 @@
# Official Docker images
SFTPGo provides official Docker images. They are available [here](https://github.com/users/drakkan/packages/container/package/sftpgo).
SFTPGo provides official Docker images. They are available [here](https://hub.docker.com/r/drakkan/sftpgo).
## Start a SFTPGo server instance
Starting a SFTPGo instance is simple:
```shell
docker run --name some-sftpgo -p 127.0.0.1:8080:8080 -p 2022:2022 -d "ghcr.io/drakkan/sftpgo:edge"
docker run --name some-sftpgo -p 127.0.0.1:8080:8080 -p 2022:2022 -d "sftpgo:edge"
```
Now visit [http://localhost:8080/](http://localhost:8080/) and create a new SFTPGo user. The SFTP service is available on port 2022.
@ -20,12 +20,6 @@ The logs are available through Docker's container log:
docker logs some-sftpgo
```
## Configuration
The runtime configuration can be customized via environment variables that you can set passing the `-e` option to the `docker run` command or inside the `environment` section if you are using [docker stack deploy](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [docker-compose](https://github.com/docker/compose).
Please take a look [here](../docs/full-configuration.md#environment-variables) to learn how to configure SFTPGo via environment variables.
## Where to Store Data
Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the SFTPGo images to familiarize themselves with the options available, including:
@ -36,15 +30,28 @@ Important note: There are several ways to store data used by applications that r
The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above:
1. Create a data directory on a suitable volume on your host system, e.g. `/my/own/sftpgodata`.
2. Start your SFTPGo container like this:
2. Create a home directory for the sftpgo container user on your host system e.g. `/my/own/sftpgohome`.
3. Start your SFTPGo container like this:
```shell
docker run --name some-sftpgo \
-p 127.0.0.1:8080:8090 \
-p 2022:2022 \
--mount type=bind,source=/my/own/sftpgodata,target=/var/lib/sftpgo \
--mount type=bind,source=/my/own/sftpgodata,target=/srv/sftpgo \
--mount type=bind,source=/my/own/sftpgohome,target=/var/lib/sftpgo \
-e SFTPGO_HTTPD__BIND_PORT=8090 \
-d "ghcr.io/drakkan/sftpgo:edge"
-d "sftpgo:edge"
```
The `--mount type=bind,source=/my/own/sftpgodata,target=/var/lib/sftpgo` part of the command mounts the `/my/own/sftpgodata` directory from the underlying host system as `/var/lib/sftpgo` inside the container, where SFTPGo will store its data.
As you can see SFTPGo uses two volumes:
- `/srv/sftpgo` to handle persistent data. The default home directory for SFTP/FTP/WebDAV users is `/srv/sftpgo/data/<username>`. Backups are stored in `/srv/sftpgo/backups`
- `/var/lib/sftpgo` is the home directory for the sftpgo system user defined inside the container. This is the container working directory too, host keys will be created here when using the default configuration.
## Configuration
The runtime configuration can be customized via environment variables that you can set passing the `-e` option to the `docker run` command or inside the `environment` section if you are using [docker stack deploy](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [docker-compose](https://github.com/docker/compose).
Please take a look [here](../docs/full-configuration.md#environment-variables) to learn how to configure SFTPGo via environment variables.
Alternately you can mount your custom configuration file to `/var/lib/sftpgo` or `/var/lib/sftpgo/.config/sftpgo`.

5
pkgs/build.sh
View file

@ -19,10 +19,10 @@ BASE_DIR="../.."
cp ${BASE_DIR}/sftpgo.json .
sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" sftpgo.json
sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/var/lib/sftpgo/users\",|" sftpgo.json
sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\",|" sftpgo.json
sed -i "s|\"templates\"|\"/usr/share/sftpgo/templates\"|" sftpgo.json
sed -i "s|\"static\"|\"/usr/share/sftpgo/static\"|" sftpgo.json
sed -i "s|\"backups\"|\"/var/lib/sftpgo/backups\"|" sftpgo.json
sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" sftpgo.json
sed -i "s|\"credentials\"|\"/var/lib/sftpgo/credentials\"|" sftpgo.json
$BASE_DIR/sftpgo gen completion bash > sftpgo-completion.bash
@ -61,6 +61,7 @@ config_files:
empty_folders:
- /var/lib/sftpgo
- /srv/sftpgo/data
overrides:
deb:

32
pkgs/debian/postinst
View file

@ -17,37 +17,17 @@ if [ "$1" = "configure" ]; then
fi
if [ -z "$2" ]; then
# if configure has no args this is the first installation
# for upgrades the second arg is the previously installed version
#
# initialize data provider
sftpgo initprovider -c /etc/sftpgo
# ensure files and folders have the appropriate permissions
chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo
chmod 750 /etc/sftpgo /var/lib/sftpgo
chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
chmod 640 /etc/sftpgo/sftpgo.json
echo "Please be sure to have the python3-requests package installed if you want to use the REST API CLI"
fi
fi
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask sftpgo.service >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled sftpgo.service; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable sftpgo.service >/dev/null || true
deb-systemd-invoke start sftpgo.service >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state sftpgo.service >/dev/null || true
fi
# Restart only if it was already started
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
deb-systemd-invoke try-restart sftpgo.service >/dev/null || true
fi
fi
fi
#DEBHELPER#

19
pkgs/debian/postrm
View file

@ -1,19 +0,0 @@
#!/bin/sh
set -e
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
fi
if [ "$1" = "remove" ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper mask sftpgo.service >/dev/null || true
fi
fi
if [ "$1" = "purge" ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper purge sftpgo.service >/dev/null || true
deb-systemd-helper unmask sftpgo.service >/dev/null || true
fi
fi

6
pkgs/debian/prerm
View file

@ -1,6 +0,0 @@
#!/bin/sh
set -e
if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
deb-systemd-invoke stop sftpgo.service >/dev/null || true
fi

1
pkgs/debian/sftpgo.dirs
View file

@ -1 +1,2 @@
/var/lib/sftpgo
/srv/sftpgo/data

52
pkgs/scripts/deb/postinstall.sh
View file

@ -17,37 +17,43 @@ if [ "$1" = "configure" ]; then
fi
if [ -z "$2" ]; then
# if configure has no args this is the first installation
# for upgrades the second arg is the previously installed version
#
# initialize data provider
sftpgo initprovider -c /etc/sftpgo
# ensure files and folders have the appropriate permissions
chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo
chmod 750 /etc/sftpgo /var/lib/sftpgo
chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
chmod 640 /etc/sftpgo/sftpgo.json
echo "Please be sure to have the python3-requests package installed if you want to use the REST API CLI"
fi
fi
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask sftpgo.service >/dev/null || true
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'sftpgo.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled sftpgo.service; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable sftpgo.service >/dev/null || true
deb-systemd-invoke start sftpgo.service >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state sftpgo.service >/dev/null || true
fi
# Restart only if it was already started
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
deb-systemd-invoke try-restart sftpgo.service >/dev/null || true
fi
fi
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'sftpgo.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'sftpgo.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'sftpgo.service' >/dev/null || true
fi
fi
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
deb-systemd-invoke $_dh_action 'sftpgo.service' >/dev/null || true
fi
fi

15
pkgs/scripts/deb/postremove.sh
View file

@ -2,18 +2,17 @@
set -e
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
systemctl --system daemon-reload >/dev/null || true
fi
if [ "$1" = "remove" ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper mask sftpgo.service >/dev/null || true
fi
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper mask 'sftpgo.service' >/dev/null || true
fi
fi
if [ "$1" = "purge" ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper purge sftpgo.service >/dev/null || true
deb-systemd-helper unmask sftpgo.service >/dev/null || true
fi
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper purge 'sftpgo.service' >/dev/null || true
deb-systemd-helper unmask 'sftpgo.service' >/dev/null || true
fi

4
pkgs/scripts/rpm/postinstall
View file

@ -16,8 +16,8 @@ if [ $1 -eq 1 ]; then
# initialize data provider
/usr/bin/sftpgo initprovider -c /etc/sftpgo
# ensure files and folders have the appropriate permissions
/usr/bin/chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo
/usr/bin/chmod 750 /etc/sftpgo /var/lib/sftpgo
/usr/bin/chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
/usr/bin/chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo
/usr/bin/chmod 640 /etc/sftpgo/sftpgo.json
echo "Please be sure to have the python requests library installed if you want to use the REST API CLI"
fi