-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
116 lines (107 loc) · 3.9 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Copyright (c) 2021 FEROX YT EIRL, www.ferox.yt <[email protected]>
# Copyright (c) 2021 Jérémy WALTHER <[email protected]>
# See <https://github.com/frxyt/docker-passhport> for details.
ARG ALPINE_VERSION=alpine:3.13
FROM ${ALPINE_VERSION}
LABEL maintainer="Jérémy WALTHER <[email protected]>"
# Install required packages and create passhport user
RUN set -ex; \
apk add --no-cache \
bash \
curl \
gettext \
openssl \
openssh-client \
openssh-server \
perl \
python3 \
supervisor \
tzdata \
util-linux \
wget; \
rm -f /etc/ssh/sshd_config; \
adduser -Dh /home/passhport -s /bin/bash passhport; \
passwd -du passhport; \
mkdir -p /etc/passhport/certs /var/lib/passhport /var/log/passhport; \
chown passhport:passhport -R /var/lib/passhport /var/log/passhport;
# Download PaSSHport
ARG PASSHPORT_VERSION=2.5
RUN set -ex; \
apk add --no-cache git; \
git clone http://github.com/LibrIT/passhport.git /home/passhport/passhport; \
cd /home/passhport/passhport; \
[[ -n "${PASSHPORT_VERSION}" ]] && git checkout ${PASSHPORT_VERSION}; \
rm -rf .git*; \
apk del git; \
ln -s /home/passhport/passhport/tools/passhportd.sh /usr/local/bin/passhportd; \
ln -s /home/passhport/passhport/tools/passhport-admin.sh /usr/local/bin/passhport-admin;
# Install required PaSSHport dependancies
RUN set -ex; \
cd /home/passhport/passhport; \
apk add --no-cache \
python3-dev \
py3-pip; \
pip3 install virtualenv; \
su -c 'virtualenv -p python3 ~/passhport-run-env' passhport; \
apk add --no-cache \
gcc \
libc-dev \
libffi-dev \
openssl-dev; \
pip3 install uwsgi; \
su -c '~/passhport-run-env/bin/pip install -r requirements.txt' passhport; \
cd /home/passhport; \
rm -rf .cache .local; \
apk del \
gcc \
libc-dev \
libffi-dev \
python3-dev \
py3-pip \
openssl-dev;
COPY bin/entrypoint /usr/local/bin/frx-entrypoint
COPY bin/healthcheck /usr/local/bin/frx-healthcheck
COPY bin/log /usr/local/bin/frx-log
COPY bin/start /usr/local/bin/frx-start
COPY etc/${PASSHPORT_VERSION}/* /etc/passhport/
COPY etc/sshd_config.tpl /etc/ssh/
COPY etc/supervisord.conf /etc/supervisord.conf
COPY etc/uwsgi.ini.tpl /etc/passhport/
ARG SOURCE_BRANCH=master
ARG SOURCE_COMMIT=HEAD
RUN set -ex; \
echo "[frxyt/passhport:${PASSHPORT_VERSION}-${SOURCE_BRANCH}] <https://github.com/frxyt/docker-passhport>" > /etc/frx_version; \
echo "[version: ${SOURCE_BRANCH}@${SOURCE_COMMIT}]" >> /etc/frx_version
ENV FRX_DEBUG=0 \
FRX_LOG_PREFIX_MAXLEN=5 \
PASSHPORT_CERT_DAYS=365 \
PASSHPORT_CERT_SUBJ='/C=FX/ST=None/L=None/O=None/OU=None/CN=localhost' \
PASSHPORTD_DB_SALT=thepasshportsafeandsecuresalt \
PASSHPORTD_DB_SESSIONS_TO=12 \
PASSHPORTD_HOSTNAME=localhost \
PASSHPORTD_KEEPCONNECT=True \
PASSHPORTD_LISTENING_IP=0.0.0.0 \
PASSHPORTD_MAXLOGSIZE=5 \
PASSHPORTD_NODE_NAME=passhport-node \
PASSHPORTD_NOTIF_FROM=passhport@bastion \
PASSHPORTD_NOTIF_LOG_TYPE=email \
PASSHPORTD_NOTIF_SMTP=127.0.0.1 \
PASSHPORTD_NOTIF_TO='root, admin@passhport' \
PASSHPORTD_PORT=443 \
PASSHPORTD_SCP_THROUGH_TARGET=False \
PASSHPORTD_SSL=True \
PASSHPORTD_UNIQ_TARGETS_ID=True \
SSHD_LISTEN_ADDRESS=0.0.0.0 \
SSHD_PASSWD_AUTH=no \
SSHD_PORT=22 \
SSHD_PUBKEY_AUTH=yes \
TZ=Etc/UTC \
UWSGI_PROCESSES=5
COPY Dockerfile /home/passhport/
COPY LICENSE /home/passhport/
COPY README.md /home/passhport/
WORKDIR /home/passhport
EXPOSE 22 443
HEALTHCHECK --interval=15s --timeout=5s --start-period=1m --retries=3 CMD ["/usr/local/bin/frx-healthcheck"]
ENTRYPOINT ["/usr/local/bin/frx-entrypoint"]
CMD ["/usr/local/bin/frx-start"]