Docker improvements

- Create run-onionr-node.sh to parse env and supply args to run-onionr-node.py
- Dockerfile:
  - Run onionr by default rather than bash
  - Run as unprivileged user by default instead of root
  - Use /app for all code
  - Specify python 3.7 (3.8 fails to build cffi)
  - Use apt-get rather than apt (apt's CLI is not stable)
  - Slight reformatting and consolidation
  - do not use devnull in run-onionr-node.py
This commit is contained in:
Duncan X Simpson 2020-12-14 23:20:27 -07:00 committed by Kevin Froman
parent 5a3b679a0d
commit 62f405425c
4 changed files with 61 additions and 7 deletions

View File

@ -1,3 +1,6 @@
onionr/data/**/* onionr/data/**/*
onionr/data onionr/data
MY-RUN.sh MY-RUN.sh
Dockerfile
.dockerignore
.git

View File

@ -1,12 +1,12 @@
FROM python:3.7 FROM python:3.7
EXPOSE 8080
USER root USER root
RUN mkdir /app RUN mkdir /app
WORKDIR /app WORKDIR /app
ENV PORT=8080 ENV ONIONR_DOCKER=true
EXPOSE 8080
#Install needed packages #Install needed packages
RUN apt-get update && apt-get install -y tor locales RUN apt-get update && apt-get install -y tor locales
@ -26,5 +26,6 @@ VOLUME /app/data/
#Default to running as nonprivileged user #Default to running as nonprivileged user
RUN chmod g=u -R /app RUN chmod g=u -R /app
USER 1000 USER 1000
ENV HOME=/app
CMD ["bash", "./onionr.sh"] CMD ["bash", "./run-onionr-node.sh"]

View File

@ -140,11 +140,10 @@ with open(config_file, 'w') as cf:
cf.write(ujson.dumps(config, reject_bytes=False)) cf.write(ujson.dumps(config, reject_bytes=False))
if args.open_ui: if args.open_ui:
p = Popen([sub_script, 'start'], stdout=DEVNULL) p = Popen([sub_script, 'start'])
sleep(2) sleep(2)
Popen([sub_script, 'openhome'], stdout=DEVNULL) Popen([sub_script, 'openhome'])
else: else:
p = Popen([sub_script, 'start'], stdout=DEVNULL) p = Popen([sub_script, 'start'])
p = p.children()[0]
p.wait() p.wait()

51
run-onionr-node.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
set -x
ORIG_ONIONR_RUN_DIR=`pwd`
export ORIG_ONIONR_RUN_DIR
cd "$(dirname "$0")"
if [[ -n "$ONIONR_DOCKER" ]]; then
[[ -f "/privkey" ]] && privkey_opt="--private-key /privkey"
[[ -n "$ONIONR_ONBOARDING" ]] || ONIONR_ONBOARDING=0
[[ -n "$ONIONR_OPEN_UI" ]] || ONIONR_OPEN_UI=0
[[ -n "$ONIONR_RANDOM_LOCALHOST_IP" ]] || ONIONR_RANDOM_LOCALHOST_IP=0
[[ -n "$ONIONR_BIND_ADDRESS" ]] || ONIONR_BIND_ADDRESS=0.0.0.0
[[ -n "$ONIONR_PORT" ]] || ONIONR_PORT=8080
fi
[[ -n "$ONIONR_PRIVATE_KEY_FILE" ]] && privkey_opt="--private-key $ONIONR_PRIVATE_KEY_FILE"
[[ -n "$ONIONR_USE_BOOTSTRAP_FILE" ]] && bootstrap_opt="--use-bootstrap-file $ONIONR_USE_BOOTSTRAP_FILE"
[[ -n "$ONIONR_SHOW_STATS" ]] && show_stats_opt="--show-stats $ONIONR_SHOW_STATS"
[[ -n "$ONIONR_ONBOARDING" ]] && onboarding_opt="--onboarding $ONIONR_ONBOARDING"
[[ -n "$ONIONR_SECURITY_LEVEL" ]] && security_level_opt="--security-level $ONIONR_SECURITY_LEVEL"
[[ -n "$ONIONR_OPEN_UI" ]] && open_ui_opt="--open-ui $ONIONR_OPEN_UI"
[[ -n "$ONIONR_RANDOM_LOCALHOST_IP" ]] && random_localhost_ip_opt="--random-localhost-ip $ONIONR_RANDOM_LOCALHOST_IP"
[[ -n "$ONIONR_USE_TOR" ]] && use_tor_opt="--use-tor $ONIONR_USE_TOR"
[[ -n "$ONIONR_ANIMATED_BACKGROUND" ]] && animated_background_opt="--animated-background $ONIONR_ANIMATED_BACKGROUND"
[[ -n "$ONIONR_KEEP_LOG" ]] && keep_log_opt="--keep-log-on-exit $ONIONR_KEEP_LOG"
[[ -n "$ONIONR_USE_UPLOAD_MIXING" ]] && use_upload_mixing_opt="--use-upload-mixing $ONIONR_USE_UPLOAD_MIXING"
[[ -n "$ONIONR_DEV_MODE" ]] && dev_mode_opt="--dev-mode $ONIONR_DEV_MODE"
[[ -n "$ONIONR_DISABLE_PLUGIN_LIST" ]] && disable_plugin_list_opt=" --disable-plugin-list $ONIONR_DISABLE_PLUGIN_LIST"
[[ -n "$ONIONR_STORE_PLAINTEXT" ]] && store_plaintext_opt="--store-plaintext $ONIONR_STORE_PLAINTEXT"
[[ -n "$ONIONR_BIND_ADDRESS" ]] && bind_address_opt="--bind-address $ONIONR_BIND_ADDRESS"
[[ -n "$ONIONR_PORT" ]] && port_opt="--port $ONIONR_PORT"
python3 run-onionr-node.py \
$privkey_opt \
$bootstrap_opt \
$show_stats_opt \
$onboarding_opt \
$security_level_opt \
$open_ui_opt \
$random_localhost_ip_opt \
$use_tor_opt \
$animated_background_opt \
$keep_log_opt \
$use_upload_mixing_opt \
$dev_mode_opt \
$disable_plugin_list_opt \
$store_plaintext_opt \
$bind_address_opt \
$port_opt \
"$@"