diff --git a/Dockerfile b/Dockerfile index a5b36f2..3f1bfe6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,10 @@ FROM girish/base:0.2.0 -USER cloudron +RUN apt-get update && \ + apt-get install -y openssh-server && \ + rm -r /var/cache/apt /var/lib/apt/lists -# gogs uses this env to detect current user -ENV USER cloudron +ADD supervisor/ /etc/supervisor/conf.d/ RUN cd /tmp && \ wget https://github.com/gogits/gogs/releases/download/v0.6.1/linux_amd64.zip && \ @@ -13,5 +14,10 @@ RUN cd /tmp && \ ADD app.ini.template /home/cloudron/app.ini.template ADD start.sh /home/cloudron/start.sh +# disable pam authentication for sshd +RUN sed 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config +RUN sed 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config +RUN echo "UseDNS no" >> /etc/ssh/sshd_config + CMD [ "/home/cloudron/start.sh" ] diff --git a/app.ini.template b/app.ini.template index e0ec06a..8215e3d 100644 --- a/app.ini.template +++ b/app.ini.template @@ -10,9 +10,9 @@ ROOT = /app/data SCRIPT_TYPE = bash [server] -PROTOCOL = https +PROTOCOL = http DOMAIN = ##HOSTNAME -ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s/ +ROOT_URL = https://%(DOMAIN)s/ HTTP_ADDR = HTTP_PORT = 3000 ; Disable SSH feature when not available @@ -29,6 +29,11 @@ NAME = ##MYSQL_DATABASE USER = ##MYSQL_USERNAME PASSWD = ##MYSQL_PASSWORD +[admin] + +[security] +INSTALL_LOCK = true + [mailer] ENABLED = true ; Name displayed in mail title @@ -37,7 +42,7 @@ SUBJECT = %(APP_NAME)s ; Gmail: smtp.gmail.com:587 ; QQ: smtp.qq.com:25 ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. -HOST = ##MAIL_SERVER +HOST = ##MAIL_SERVER:##MAIL_PORT ; Do not verify the certificate of the server. Only use this for self-signed certificates SKIP_VERIFY = ; Use client certificate diff --git a/start.sh b/start.sh index 2695e1f..5ac6a4f 100755 --- a/start.sh +++ b/start.sh @@ -14,10 +14,16 @@ sed -e "s/##HOSTNAME/${fqdn}/g" \ -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/g" \ -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/g" \ -e "s/##MAIL_SERVER/${MAIL_SMTP_SERVER}/g" \ + -e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \ -e "s/##MAIL_FROM/${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}/g" \ /home/cloudron/app.ini.template > "/home/cloudron/gogs/custom/conf/app.ini" chown -R cloudron.cloudron /app/data -/home/cloudron/gogs/gogs web +# Dockerfile changes the ownership of this file to make it writable by cloudron user +sed -e "s/^Port .*/Port ${SSH_PORT}/" \ + -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \ + -i /etc/ssh/sshd_config + +/usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gogs diff --git a/supervisor/gogs.conf b/supervisor/gogs.conf new file mode 100644 index 0000000..40ff1de --- /dev/null +++ b/supervisor/gogs.conf @@ -0,0 +1,9 @@ +[program:gogs] +directory=/home/cloudron/gogs +command=/home/cloudron/gogs/gogs web +user=cloudron +autostart=true +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log +environment=USER="cloudron" diff --git a/supervisor/sshd.conf b/supervisor/sshd.conf new file mode 100644 index 0000000..84d4761 --- /dev/null +++ b/supervisor/sshd.conf @@ -0,0 +1,8 @@ +[program:sshd] +directory=/ +command=/usr/sbin/sshd -D +user=root +autostart=true +autorestart=true +stdout_logfile=/var/log/supervisor/%(program_name)s.log +stderr_logfile=/var/log/supervisor/%(program_name)s.log