From 67f5c30d85ebd67846ce5d5c1b0e1797d8ec64c1 Mon Sep 17 00:00:00 2001 From: Duncan X Simpson Date: Mon, 14 Dec 2020 23:20:27 -0700 Subject: [PATCH] Docker improvements - Modify onionr.sh to parse env and supply args to run-onionr-node.py - Run onionr by default rather than bash - Run as unprivileged user by default instead of root - Use /app for all code - Specify python 3.7 (3.8 fails to build cffi) - Use apt-get rather than apt (apt's CLI is not stable) - Slight reformatting and consolidation --- Dockerfile | 34 ++++++++++++++++++---------------- onionr.sh | 21 +++++++++++++++++++-- 2 files changed, 37 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 546152db..c8e93527 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,28 +1,30 @@ -FROM python +FROM python:3.7 -#Base settings -ENV HOME /root +USER root + +RUN mkdir /app +WORKDIR /app + +ENV PORT=8080 +EXPOSE 8080 #Install needed packages -RUN apt update && apt install -y tor locales +RUN apt-get update && apt-get install -y tor locales RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ locale-gen -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US:en -ENV LC_ALL en_US.UTF-8 +ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 -WORKDIR /srv/ -ADD ./requirements.txt /srv/requirements.txt +ADD ./requirements.txt /app/requirements.txt RUN pip3 install --require-hashes -r requirements.txt -WORKDIR /root/ #Add Onionr source -COPY . /root/ -VOLUME /root/data/ +COPY . /app/ -#Set upstart command -CMD bash +VOLUME /app/data/ -#Expose ports -EXPOSE 8080 +#Default to running as nonprivileged user +RUN chmod g=u -R /app +USER 1000 + +CMD ["bash", "./onionr.sh"] diff --git a/onionr.sh b/onionr.sh index 0b7d898c..ea925a52 100755 --- a/onionr.sh +++ b/onionr.sh @@ -2,5 +2,22 @@ ORIG_ONIONR_RUN_DIR=`pwd` export ORIG_ONIONR_RUN_DIR cd "$(dirname "$0")" -cd src -./__init__.py "$@" \ No newline at end of file + +[[ -n "$USE_TOR" ]] || USE_TOR=1 +[[ -n "$PORT" ]] || PORT=8080 +[[ -n "$KEEP_LOG" ]] || KEEP_LOG=0 +[[ -n "$STORE_PLAINTEXT" ]] || STORE_PLAINTEXT=1 + +PRIVKEY_OPT="" +[[ -f "privkey.key" ]] && PRIVKEY_OPT="--private-key privkey.key" + +python run-onionr-node.py \ + --open-ui 0 \ + --onboarding 0 \ + --bind-address 0.0.0.0 \ + --port $PORT \ + --use-tor $USE_TOR \ + --keep-log-on-exit $KEEP_LOG \ + --store-plaintext $STORE_PLAINTEXT \ + $PRIVKEY_OPT \ + "$@"