retspen
Volumes in Docker
I found the link below on how to create volumes for webvirtcloud:
https://www.nodinrogers.com/post/2021-12-30-webvirtcloud-in-a-docker-container/
Is this the best way to create volumes in a production environment?
I've already made some changes locally that have comments in bold. See the docker file below.
Some doubts:
1° Is it possible to change the script webvirtcloud/conf/runit/secret_generator.py not to generate keys that have quotes?
2° Is it possible to run the container with a non-root user?
FROM phusion/baseimage:jammy-1.0.0
EXPOSE 80
EXPOSE 6080
# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]
RUN echo 'APT::Get::Clean=always;' >> /etc/apt/apt.conf.d/99AutomaticClean
RUN apt-get update -qqy \
&& DEBIAN_FRONTEND=noninteractive apt-get -qyy install \
--no-install-recommends \
git \
python3-venv \
python3-dev \
python3-lxml \
libvirt-dev \
zlib1g-dev \
nginx \
pkg-config \
gcc \
libldap2-dev \
libssl-dev \
libsasl2-dev \
libsasl2-modules \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Modified Now
COPY . /srv/webvirtcloud
Run mkdir /srv/webvirtcloud/data && \
mkdir /var/www/.ssh && \
cp /srv/webvirtcloud/webvirtcloud/settings.py.template /srv/webvirtcloud/webvirtcloud/settings.py && \
sed -i "s|db.sqlite3|data/db.sqlite3|" /srv/webvirtcloud/webvirtcloud/settings.py && \
sed -i "s/SECRET_KEY \= \"\"/SECRET_KEY = \"$(python3 /srv/webvirtcloud/conf/runit/secret_generator.py)\"/" /srv/webvirtcloud/webvirtcloud/settings.py && \
chown -R www-data:www-data /srv/webvirtcloud && \
chown www-data:www-data /var/www/.ssh
# Setup webvirtcloud
WORKDIR /srv/webvirtcloud
RUN python3 -m venv venv && \
. venv/bin/activate && \
pip3 install -U pip && \
pip3 install wheel && \
pip3 install -r conf/requirements.txt && \
chown -R www-data:www-data /srv/webvirtcloud
RUN . venv/bin/activate && \
python3 manage.py migrate && \
chown -R www-data:www-data /srv/webvirtcloud
# Setup Nginx
RUN printf "\n%s" "daemon off;" >> /etc/nginx/nginx.conf && \
rm /etc/nginx/sites-enabled/default && \
chown -R www-data:www-data /var/lib/nginx
COPY conf/nginx/webvirtcloud.conf /etc/nginx/conf.d/
# Register services to runit
RUN mkdir /etc/service/nginx && \
mkdir /etc/service/nginx-log-forwarder && \
mkdir /etc/service/webvirtcloud && \
mkdir /etc/service/novnc
COPY conf/runit/nginx /etc/service/nginx/run
COPY conf/runit/nginx-log-forwarder /etc/service/nginx-log-forwarder/run
COPY conf/runit/novncd.sh /etc/service/novnc/run
COPY conf/runit/webvirtcloud.sh /etc/service/webvirtcloud/run
# Define mountable directories.
VOLUME ["/srv/webvirtcloud/data","/var/www/.ssh"]
WORKDIR /srv/webvirtcloud
"1° Is it possible to change the script webvirtcloud/conf/runit/secret_generator.py not to generate keys that have quotes?"
- it is done. i will upload new version of this generator. it generates urlsafe(without quota) secrets.
we especially did not automate settings.py modification. some user may want to use mysql/postgresql instead of "db.sqlite3"... volumes also related with this situation.
This question can be closed.
I'll try the tip in the link to see if it's possible to use a non-root user:
https://github.com/phusion/baseimage-docker/issues/617
Thanks for changing the script webvirtcloud/conf/runit/secret_generator.py.