Docker image (#5)

antedebaas · Sep 21, 2023 · 52a2572 · 52a2572
1 parent f9e03de
commit 52a2572
Show file tree

Hide file tree

Showing 10 changed files with 344 additions and 8 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,21 @@
+.DS_Store
+Desktop.ini
+.idea
+*~
+*.swp
+._*
+*.pyc
+Thumbs.db
+.Spotlight-V100
+.Trashes
+.env.local
+.svn
+.cvs
+.travis
+.git*
+.*.yml
+CODE_OF_CONDUCT.md
+app/vendor/**/test
+app/vendor/**/tests
+var/*
+vendor/*
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,69 @@
+FROM alpine:3.18
+
+LABEL Maintainer="Ante de Baas @antedebaas on GitHub>" \
+      Description="DMARC & SMTP-TLS Reports processor and visualizer"
+
+EXPOSE 8080
+
+ENV DATABASE_TYPE=mysql
+ENV DATABASE_HOST=
+ENV DATABASE_PORT=3306
+ENV DATABASE_NAME=
+ENV DATABASE_USER=
+ENV DATABASE_PASSWORD=
+ENV MAILER_HOST=
+ENV MAILER_SMTPPORT=25
+ENV MAILER_IMAPPORT=993
+ENV MAILER_USER=
+ENV MAILER_PASSWORD=
+
+RUN apk --update add ca-certificates
+RUN apk --no-cache add \
+        php81 \
+        php81-fpm \
+        php81-pdo \
+        php81-pdo_mysql \
+        php81-pdo_pgsql \
+        php81-pdo_sqlite \ 
+        php81-imap \
+        php81-phar \
+        php81-mbstring \
+        php81-iconv \
+        php81-ctype \
+        php81-fileinfo \
+        php81-xml \
+        php81-xmlwriter \
+        php81-simplexml \
+        php81-dom \
+        php81-tokenizer \
+        php81-session \
+        nginx \
+        supervisor \
+        curl
+COPY dockerfiles/nginx.conf /etc/nginx/nginx.conf
+
+COPY dockerfiles/fpm-pool.conf /etc/php81/php-fpm.d/www.conf
+COPY dockerfiles/php.ini /etc/php81/conf.d/custom.ini
+RUN wget https://getcomposer.org/composer-stable.phar -O /usr/local/bin/composer && chmod +x /usr/local/bin/composer
+
+COPY dockerfiles/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+COPY dockerfiles/genenvlocal.sh /usr/local/bin/genenvlocal.sh
+
+COPY dockerfiles/checkmail.sh /etc/periodic/daily/checkmail.sh
+RUN chmod +x /etc/periodic/daily/checkmail.sh
+
+RUN mkdir -p /var/www/html
+RUN chown -R nobody.nobody /var/www/html && \
+  chown -R nobody.nobody /run && \
+  chown -R nobody.nobody /var/lib/nginx && \
+  chown -R nobody.nobody /var/log/nginx
+
+WORKDIR /var/www/html
+COPY --chown=nobody . /var/www/html/
+
+RUN /usr/local/bin/composer install
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+
+HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,21 @@
+version: "2"
+services:
+  dmarc-reports:
+    image: antedebaas/dmarc-reports:latest
+    volumes:
+      - /root/your.env.local:/var/www/html/.env.local:rw
+    ports:
+        - 0.0.0.0:8080:8080
+    environment:
+      DATABASE_TYPE: mysql
+      DATABASE_HOST: 
+      DATABASE_PORT: 3306
+      DATABASE_NAME: dmarcreports
+      DATABASE_USER: 
+      DATABASE_PASSWORD: 
+      MAILER_HOST: 
+      MAILER_SMTPPORT: 25
+      MAILER_IMAPPORT: 993
+      MAILER_USER: 
+      MAILER_PASSWORD: 
+    restart: unless-stopped
diff --git a/dockerfiles/checkmail.sh b/dockerfiles/checkmail.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+php /var/www/html/bin/console app:checkmailbox
diff --git a/dockerfiles/fpm-pool.conf b/dockerfiles/fpm-pool.conf
@@ -0,0 +1,61 @@
+[global]
+; Log to stderr
+error_log = /dev/stderr
+
+[www]
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /run/php-fpm.sock
+
+; Enable status page
+pm.status_path = /fpm-status
+
+; Ondemand process manager
+pm = static
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 100
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 1000
+
+; Make sure the FPM workers can reach the environment variables for configuration
+clear_env = no
+
+; Catch output from PHP
+catch_workers_output = yes
+
+; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message
+decorate_workers_output = no
+
+; Enable ping page to use in healthcheck
+ping.path = /fpm-ping
+
+user = nobody
+listen.owner = nobody
+listen.group = nobody
+listen.mode = 0660
diff --git a/dockerfiles/genenvlocal.sh b/dockerfiles/genenvlocal.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+if [ ! -f "/var/www/html/.env.local" ]; then
+    APP_SECRET=$(echo "$RANDOM" | md5sum | head -c 32)
+    echo "APP_ENV=prod" >> /var/www/html/.env.local
+    echo "APP_SECRET=$APP_SECRET" >> /var/www/html/.env.local
+    echo "DATABASE_URL=\"$DATABASE_TYPE://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DATABASE_NAME\"" >> /var/www/html/.env.local
+    echo "MAILER_DSN=smtp://$MAILER_USER:$MAILER_PASSWORD@$MAILER_HOST:$MAILER_SMTPPORT" >> /var/www/html/.env.local
+    echo "MAILBOX_CONNECTION=\"$MAILER_HOST:$MAILER_IMAPPORT/imap/ssl\"" >> /var/www/html/.env.local
+    echo "MAILBOX_USERNAME=\"$MAILER_USER\"" >> /var/www/html/.env.local
+    echo "MAILBOX_PASSWORD=\"$MAILER_PASSWORD\"" >> /var/www/html/.env.local
+fi
diff --git a/dockerfiles/nginx.conf b/dockerfiles/nginx.conf
@@ -0,0 +1,97 @@
+worker_processes 1;
+error_log stderr warn;
+pid /run/nginx.pid;
+user nobody nobody;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    # Define custom log format to include reponse times
+    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for" '
+                          '$request_time $upstream_response_time $pipe $upstream_cache_status';
+
+    access_log /dev/stdout main_timed;
+    error_log /dev/stderr notice;
+
+    keepalive_timeout 65;
+
+    server_tokens off;
+
+    # Write temporary files to /tmp so they can be created as a non-privileged user
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    # Default server definition
+    server {
+        listen [::]:8080 default_server;
+        listen 8080 default_server;
+        server_name _;
+
+        sendfile off;
+
+        root /var/www/html/public;
+        index index.php;
+
+        location / {
+            # First attempt to serve request as file, then
+            # as directory, then fall back to index.php
+            try_files $uri $uri/ /index.php?q=$uri&$args;
+        }
+
+        # Redirect server error pages to the static page /50x.html
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+            root /var/lib/nginx/html;
+        }
+
+        # Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000
+        location ~ \.php$ {
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+            fastcgi_index index.php;
+            include fastcgi_params;
+        }
+
+        location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
+            expires 5d;
+        }
+
+        # Deny access to . files, for security
+        location ~ /\. {
+            log_not_found off;
+            deny all;
+        }
+
+        # Allow fpm ping and status from localhost
+        location ~ ^/(fpm-status|fpm-ping)$ {
+            access_log off;
+            allow 127.0.0.1;
+            deny all;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+            fastcgi_pass unix:/run/php-fpm.sock;
+        }
+    }
+
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
+    gzip_vary on;
+    gzip_disable "msie6";
+
+    # Include other server configs
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/dockerfiles/php.ini b/dockerfiles/php.ini
@@ -0,0 +1,4 @@
+expose_php = Off
+
+[Date]
+date.timezone="UTC"
diff --git a/dockerfiles/supervisord.conf b/dockerfiles/supervisord.conf
@@ -0,0 +1,44 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/run/supervisord.pid
+user=root
+
+[program:genconfig]
+command=/usr/local/bin/genenvlocal.sh
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=false
+startretries=0
+startsecs=0
+exitcodes=0
+
+[program:cron]
+command=crond -f -l 0 -c /etc/crontabs
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stdout
+stderr_logfile_maxbytes=0
+autorestart=true
+startretries=0
+
+[program:php-fpm]
+command=/usr/sbin/php-fpm81 -F
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+startretries=0
+
+[program:nginx]
+command=nginx -g 'daemon off;'
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+startretries=0
diff --git a/installservice.sh b/installservice.sh
@@ -1,9 +1,15 @@
 #!/bin/bash
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-echo "Installing systemd service..."
-cat $SCRIPT_DIR/systemd/dmarcmailcheck.service | sed -e 's@{PATH}@'$SCRIPT_DIR'@g' > /usr/lib/systemd/system/dmarcmailcheck.service
-cp $SCRIPT_DIR/systemd/dmarcmailcheck.timer /usr/lib/systemd/system/dmarcmailcheck.timer
-echo "Reloading systemd daemon..."
-systemctl daemon-reload
-echo "start dmarcmailcheck timer..."
-systemctl start dmarcmailcheck.timer
+#!/bin/sh
+if [ command -v systemctl >/dev/null ]
+then
+    SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+    echo "Installing systemd service..."
+    cat $SCRIPT_DIR/systemd/dmarcmailcheck.service | sed -e 's@{PATH}@'$SCRIPT_DIR'@g' > /usr/lib/systemd/system/dmarcmailcheck.service
+    cp $SCRIPT_DIR/systemd/dmarcmailcheck.timer /usr/lib/systemd/system/dmarcmailcheck.timer
+    echo "Reloading systemd daemon..."
+    systemctl daemon-reload
+    echo "start dmarcmailcheck timer..."
+    systemctl start dmarcmailcheck.timer
+else
+
+fi
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/sh
		php /var/www/html/bin/console app:checkmailbox