Skip to content
This repository has been archived by the owner on Aug 12, 2019. It is now read-only.

Commit

Permalink
0.12.0 (#10)
Browse files Browse the repository at this point in the history
  • Loading branch information
oznu authored Mar 28, 2018
1 parent 0be970d commit d6357f2
Show file tree
Hide file tree
Showing 20 changed files with 277 additions and 940 deletions.
3 changes: 3 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
language: bash

services:
- docker

Expand All @@ -9,3 +11,4 @@ before_script:

script:
- ~/docker-arm-ci/run.sh

128 changes: 103 additions & 25 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,18 +1,10 @@
# Multi-stage build - See https://docs.docker.com/engine/userguide/eng-image/multistage-build
FROM ubnt/unms:0.11.3 as unms
FROM ubnt/unms:0.12.0 as unms
FROM oznu/s6-node:8.10.0-amd64

FROM oznu/s6-node:8.9.4

# Copy UNMS app from offical image since the source code is not published at this time
COPY --from=unms /home/app/unms /app

WORKDIR /app

RUN devDeps="vips-dev fftw-dev make python g++" \
&& sed -i 's/edge\/community/edge\/testing/g' /etc/apk/repositories \
&& apk add --no-cache ${devDeps} bash gzip vips openssl postgresql redis rabbitmq-server \
&& rm -rf /app/node_modules \
&& yarn install --ignore-engines \
# base deps redis, rabbitmq
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& apk add --no-cache vips redis rabbitmq-server \
&& apk del ${devDeps} \
&& deluser rabbitmq \
&& addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq \
Expand All @@ -21,23 +13,109 @@ RUN devDeps="vips-dev fftw-dev make python g++" \
&& chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq \
&& ln -sf /var/lib/rabbitmq/.erlang.cookie /root/

RUN devDeps="musl-dev gcc python python-dev py-pip libffi-dev openssl-dev" \
&& apk add --no-cache sudo dumb-init certbot openssl nginx nginx-mod-http-lua ${devDeps} \
&& pip install -U certbot-nginx \
&& apk del ${devDeps} \
&& echo "abc ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers
# postgres 9.6.8
RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.6/main" >> /etc/apk/repositories \
&& apk add --no-cache postgresql==9.6.8-r0 postgresql-client=9.6.8-r0 libpq=9.6.8-r0 \
&& sed -i '/v3.6/d' /etc/apk/repositories

# start ubnt/unms dockerfile #
RUN mkdir -p /home/app/unms

WORKDIR /home/app/unms

# Copy UNMS app from offical image since the source code is not published at this time
COPY --from=unms /home/app/unms /home/app/unms

RUN devDeps="vips-dev fftw-dev make python g++" \
&& apk add --no-cache ${devDeps} su-exec gzip bash vim dumb-init openssl vips libcap \
&& rm -rf node_modules \
&& JOBS=$(nproc) npm install \
&& apk del ${devDeps} \
&& mkdir -p -m 777 "$HOME/unms/public/site-images" \
&& mkdir -p -m 777 "$HOME/unms/data/config-backups" \
&& mkdir -p -m 777 "$HOME/unms/data/unms-backups" \
&& mkdir -p -m 777 "$HOME/unms/data/import"

RUN setcap cap_net_raw=pe /usr/bin/node

COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# end ubnt/unms dockerfile #

# ubnt/nginx docker file #
ENV NGINX_UID=1000 \
NGINX_VERSION=nginx-1.12.2 \
LUAJIT_VERSION=2.1.0-beta3

RUN devDeps="wget openssl-dev pcre-dev zlib-dev build-base libffi-dev python-dev build-base" \
&& apk add --no-cache --update ${devDeps} sudo dumb-init openssl pcre libgcc gettext py-pip \
&& pip install certbot==0.21.0 \
&& mkdir -p /tmp/src && cd /tmp/src \
&& wget -q http://nginx.org/download/${NGINX_VERSION}.tar.gz -O nginx.tar.gz \
&& wget -q https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz -O lua-nginx-module.tar.gz \
&& wget -q https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz -O ndk.tar.gz \
&& wget -q http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz -O luajit.tar.gz \
&& tar -zxvf lua-nginx-module.tar.gz \
&& tar -zxvf ndk.tar.gz \
&& tar -zxvf luajit.tar.gz \
&& tar -zxvf nginx.tar.gz \
&& cd /tmp/src/LuaJIT-${LUAJIT_VERSION} && make amalg PREFIX='/usr' && make install PREFIX='/usr' \
&& export LUAJIT_LIB=/usr/lib/libluajit-5.1.so && export LUAJIT_INC=/usr/include/luajit-2.1 \
&& cd /tmp/src/${NGINX_VERSION} && ./configure \
--with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' \
--with-pcre-jit \
--with-threads \
--add-module=/tmp/src/lua-nginx-module-0.10.11 \
--add-module=/tmp/src/ngx_devel_kit-0.3.0 \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_secure_link_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-http_upstream_ip_hash_module \
--without-http_memcached_module \
--without-http_auth_basic_module \
--without-http_userid_module \
--without-http_fastcgi_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--prefix=/var/lib/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/dev/stdout \
--error-log-path=/dev/stderr \
--lock-path=/tmp/nginx.lock \
--pid-path=/tmp/nginx.pid \
--http-client-body-temp-path=/tmp/body \
--http-proxy-temp-path=/tmp/proxy \
&& make -j $(nproc) \
&& make install \
&& apk del ${devDeps} \
&& rm /usr/bin/luajit-${LUAJIT_VERSION} \
&& rm -rf /tmp/src \
&& rm -rf /var/cache/apk/* \
&& echo "unms ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers \
&& echo "unms ALL=(ALL) NOPASSWD:SETENV: /copy-user-certs.sh reload" >> /etc/sudoers

ADD https://github.com/Ubiquiti-App/UNMS/archive/4a4cc87c476fec59fc8fed90ec1b0bf69dade8fd.tar.gz /tmp/unms.tar.gz

RUN cd /tmp \
&& tar -xzf unms.tar.gz \
&& cd UNMS-*/src/nginx \
&& cp *.sh *.conf.template openssl.cnf 502.html / \
&& chmod +x /entrypoint.sh /cert.sh /letsencrypt.sh /fill-template.sh /copy-user-certs.sh
# end ubnt/nginx docker file #

ENV NODE_ENV=production \
PATH=/app/node_modules/.bin:$PATH \
ENV PATH=/home/app/unms/node_modules/.bin:$PATH \
PGDATA=/config/postgres \
POSTGRES_DB=unms \
HOME=/var/lib/rabbitmq \
PROD=true \
HTTPS_PORT=443 \
QUIET_MODE=0 \
PUBLIC_HTTPS_PORT=443 \
PUBLIC_WS_PORT=443 \
UNMS_FLUENTD_PORT=80 \
QUIET_MODE=0
SECURE_LINK_SECRET=enigma \
SSL_CERT=""

EXPOSE 80 443

Expand Down
128 changes: 103 additions & 25 deletions Dockerfile.raspberry-pi
Original file line number Diff line number Diff line change
@@ -1,18 +1,10 @@
# Multi-stage build - See https://docs.docker.com/engine/userguide/eng-image/multistage-build
FROM ubnt/unms:0.11.3 as unms
FROM ubnt/unms:0.12.0 as unms
FROM oznu/s6-node:8.10.0-armhf

FROM oznu/s6-node:8.9.4-armhf

# Copy UNMS app from offical image since the source code is not published at this time
COPY --from=unms /home/app/unms /app

WORKDIR /app

RUN devDeps="vips-dev fftw-dev make python g++" \
&& sed -i 's/edge\/community/edge\/testing/g' /etc/apk/repositories \
&& apk add --no-cache ${devDeps} bash gzip vips openssl postgresql redis rabbitmq-server \
&& rm -rf /app/node_modules \
&& yarn install --ignore-engines \
# base deps redis, rabbitmq
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& apk add --no-cache vips redis rabbitmq-server \
&& apk del ${devDeps} \
&& deluser rabbitmq \
&& addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq \
Expand All @@ -21,23 +13,109 @@ RUN devDeps="vips-dev fftw-dev make python g++" \
&& chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq \
&& ln -sf /var/lib/rabbitmq/.erlang.cookie /root/

RUN devDeps="musl-dev gcc python python-dev py-pip libffi-dev openssl-dev" \
&& apk add --no-cache sudo dumb-init certbot openssl nginx nginx-mod-http-lua ${devDeps} \
&& pip install -U certbot-nginx \
&& apk del ${devDeps} \
&& echo "abc ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers
# postgres 9.6.8
RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.6/main" >> /etc/apk/repositories \
&& apk add --no-cache postgresql==9.6.8-r0 postgresql-client=9.6.8-r0 libpq=9.6.8-r0 \
&& sed -i '/v3.6/d' /etc/apk/repositories

# start ubnt/unms dockerfile #
RUN mkdir -p /home/app/unms

WORKDIR /home/app/unms

# Copy UNMS app from offical image since the source code is not published at this time
COPY --from=unms /home/app/unms /home/app/unms

RUN devDeps="vips-dev fftw-dev make python g++" \
&& apk add --no-cache ${devDeps} su-exec gzip bash vim dumb-init openssl vips libcap \
&& rm -rf node_modules \
&& JOBS=$(nproc) npm install \
&& apk del ${devDeps} \
&& mkdir -p -m 777 "$HOME/unms/public/site-images" \
&& mkdir -p -m 777 "$HOME/unms/data/config-backups" \
&& mkdir -p -m 777 "$HOME/unms/data/unms-backups" \
&& mkdir -p -m 777 "$HOME/unms/data/import"

RUN setcap cap_net_raw=pe /usr/bin/node

COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# end ubnt/unms dockerfile #

# ubnt/nginx docker file #
ENV NGINX_UID=1000 \
NGINX_VERSION=nginx-1.12.2 \
LUAJIT_VERSION=2.1.0-beta3

RUN devDeps="wget openssl-dev pcre-dev zlib-dev build-base libffi-dev python-dev build-base" \
&& apk add --no-cache --update ${devDeps} sudo dumb-init openssl pcre libgcc gettext py-pip \
&& pip install certbot==0.21.0 \
&& mkdir -p /tmp/src && cd /tmp/src \
&& wget -q http://nginx.org/download/${NGINX_VERSION}.tar.gz -O nginx.tar.gz \
&& wget -q https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz -O lua-nginx-module.tar.gz \
&& wget -q https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz -O ndk.tar.gz \
&& wget -q http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz -O luajit.tar.gz \
&& tar -zxvf lua-nginx-module.tar.gz \
&& tar -zxvf ndk.tar.gz \
&& tar -zxvf luajit.tar.gz \
&& tar -zxvf nginx.tar.gz \
&& cd /tmp/src/LuaJIT-${LUAJIT_VERSION} && make amalg PREFIX='/usr' && make install PREFIX='/usr' \
&& export LUAJIT_LIB=/usr/lib/libluajit-5.1.so && export LUAJIT_INC=/usr/include/luajit-2.1 \
&& cd /tmp/src/${NGINX_VERSION} && ./configure \
--with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' \
--with-pcre-jit \
--with-threads \
--add-module=/tmp/src/lua-nginx-module-0.10.11 \
--add-module=/tmp/src/ngx_devel_kit-0.3.0 \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_secure_link_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-http_upstream_ip_hash_module \
--without-http_memcached_module \
--without-http_auth_basic_module \
--without-http_userid_module \
--without-http_fastcgi_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--prefix=/var/lib/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/dev/stdout \
--error-log-path=/dev/stderr \
--lock-path=/tmp/nginx.lock \
--pid-path=/tmp/nginx.pid \
--http-client-body-temp-path=/tmp/body \
--http-proxy-temp-path=/tmp/proxy \
&& make -j $(nproc) \
&& make install \
&& apk del ${devDeps} \
&& rm /usr/bin/luajit-${LUAJIT_VERSION} \
&& rm -rf /tmp/src \
&& rm -rf /var/cache/apk/* \
&& echo "unms ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers \
&& echo "unms ALL=(ALL) NOPASSWD:SETENV: /copy-user-certs.sh reload" >> /etc/sudoers

ADD https://github.com/Ubiquiti-App/UNMS/archive/4a4cc87c476fec59fc8fed90ec1b0bf69dade8fd.tar.gz /tmp/unms.tar.gz

RUN cd /tmp \
&& tar -xzf unms.tar.gz \
&& cd UNMS-*/src/nginx \
&& cp *.sh *.conf.template openssl.cnf 502.html / \
&& chmod +x /entrypoint.sh /cert.sh /letsencrypt.sh /fill-template.sh /copy-user-certs.sh
# end ubnt/nginx docker file #

ENV NODE_ENV=production \
PATH=/app/node_modules/.bin:$PATH \
ENV PATH=/home/app/unms/node_modules/.bin:$PATH \
PGDATA=/config/postgres \
POSTGRES_DB=unms \
HOME=/var/lib/rabbitmq \
PROD=true \
HTTPS_PORT=443 \
QUIET_MODE=0 \
PUBLIC_HTTPS_PORT=443 \
PUBLIC_WS_PORT=443 \
UNMS_FLUENTD_PORT=80 \
QUIET_MODE=0
SECURE_LINK_SECRET=enigma \
SSL_CERT=""

EXPOSE 80 443

Expand Down
22 changes: 7 additions & 15 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
[![Docker Build Status](https://img.shields.io/docker/build/oznu/unms.svg?label=x64%20build&style=for-the-badge)](https://hub.docker.com/r/oznu/unms/) [![Travis](https://img.shields.io/travis/oznu/docker-unms.svg?label=arm%20build&style=for-the-badge)](https://travis-ci.org/oznu/docker-unms) [![GitHub release](https://img.shields.io/github/release/oznu/unms/all.svg?style=for-the-badge)](https://github.com/oznu/docker-unms/releases)
[![Docker Build Status](https://img.shields.io/docker/build/oznu/unms.svg?label=x64%20build)](https://hub.docker.com/r/oznu/unms/) [![Travis](https://img.shields.io/travis/oznu/docker-unms.svg?label=arm%20build)](https://travis-ci.org/oznu/docker-unms) [![GitHub release](https://img.shields.io/github/release/oznu/unms/all.svg)](https://github.com/oznu/docker-unms/releases)

# Docker UNMS

Expand All @@ -12,7 +12,6 @@ This image will run on most platforms that support Docker including [Docker for
docker run \
-p 80:80 \
-p 443:443 \
-e PUID=<UID> -e PGID=<GID> \
-e TZ=<timezone> \
-v </path/to/config>:/config \
oznu/unms:latest
Expand All @@ -34,41 +33,34 @@ The parameters are split into two halves, separated by a colon, the left hand si
* `-p 80:80` - Expose the HTTP web server port on the docker host
* `-p 443:443` - Expose the HTTPS and WSS web server port on the docker host
* `-e TZ` - for [timezone information](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) e.g. `-e TZ=Europe/London`
* `-e PGID` - for GroupID - see below for explanation
* `-e PUID` - for UserID - see below for explanation

*Optional Settings:*

* `-e DEMO=false` - Enable UNMS demo mode
* `-e PUBLIC_HTTPS_PORT=443` - This should match the HTTPS port your are exposing to on the docker host
* `-e PUBLIC_WS_PORT=443` - This should match the HTTPS port your are exposing to on the docker host
* `-e SECURE_LINK_SECRET=` - Random key for secure link module. Set this to something random.

### User / Group Identifiers
## Limitations

Sometimes when using data volumes (`-v` flags) permissions issues can arise between the host OS and the container. We avoid this issue by allowing you to specify the user `PUID` and group `PGID`. Ensure the data volume directory on the host is owned by the same user you specify and it will "just work".
The Docker image, oznu/unms, is not maintained by or affiliated with Ubiquiti Networks. You should not expect any support from Ubiquiti when running UNMS using this image.

In this instance `PUID=1001` and `PGID=1001`. To find yours use `id user` as below:

```
$ id <dockeruser>
uid=1001(dockeruser) gid=1001(dockergroup) groups=1001(dockergroup)
```
* In-app upgrades will not work. You can upgrade UNMS by downloading the latest version of this image.
* Device firmware upgrades initiated from UNMS may not work ([#7](https://github.com/oznu/docker-unms/issues/7)).

## Docker Compose

```yml
version: '2'
services:
homebridge:
image: oznu/unms:latest
image: oznu/unms:latest # use "armhf" instead of "latest" for arm devices
restart: always
ports:
- 80:80
- 443:443
environment:
- TZ=Australia/Sydney
- PGID=1000
- PUID=1000
volumes:
- ./volumes/unms:/config
```
11 changes: 0 additions & 11 deletions root/502.html

This file was deleted.

Loading

0 comments on commit d6357f2

Please sign in to comment.