Просмотр исходного кода

Add syslog & fix `/data/git` rights & SOCAT_LINK env var

- Resolve #1893
- Add syslogd to output sshd log on stdout (via `docker logs`)
- Enforce directory rights on `/data/git`, `/data/gogs` & `/data/ssh`
- Add `SOCAT_LINK` environment variable to prevent the creation of scout links when they are not needed (see #1815)
Jean-Philippe Roemer лет назад: 8
Родитель
Сommit
9a8aeef478
4 измененных файлов с 33 добавлено и 19 удалено
  1. 1 0
      docker/s6/gogs/setup
  2. 2 1
      docker/s6/openssh/setup
  3. 7 0
      docker/s6/syslogd/run
  4. 23 18
      docker/start.sh

+ 1 - 0
docker/s6/gogs/setup

@@ -20,3 +20,4 @@ ln -sf /data/gogs/data ./data
 ln -sf /data/git /home/git
 
 chown -R git:git /data /app/gogs ~git/
+chmod 0755 /data /data/gogs ~git/

+ 2 - 1
docker/s6/openssh/setup

@@ -23,4 +23,5 @@ fi
 
 # Set correct right to ssh keys
 chown -R root:root /data/ssh/*
-chmod 600 /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*

+ 7 - 0
docker/s6/syslogd/run

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+exec gosu root /sbin/syslogd -nS -O-

+ 23 - 18
docker/start.sh

@@ -13,24 +13,29 @@ for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do
 done
 
 # Bind linked docker container to localhost socket using socat
-USED_PORT="3000:22"
-while read NAME ADDR PORT; do
-    if test -z "$NAME$ADDR$PORT"; then
-        continue
-    elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
-        echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
-    else
-        SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
-        mkdir -p ${SERV_FOLDER}
-        CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
-        echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run
-        chmod +x ${SERV_FOLDER}/run
-        USED_PORT="${USED_PORT}:${PORT}"
-        echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
-    fi
-done << EOT
-$(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
-EOT
+LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]')
+if [ "$LINK" != "false" -a "$LINK" != "0" ]; then
+
+    USED_PORT="3000:22"
+    while read NAME ADDR PORT; do
+        if test -z "$NAME$ADDR$PORT"; then
+            continue
+        elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
+            echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
+        else
+            SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
+            mkdir -p ${SERV_FOLDER}
+            CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
+            echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run
+            chmod +x ${SERV_FOLDER}/run
+            USED_PORT="${USED_PORT}:${PORT}"
+            echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
+        fi
+    done << EOT
+    $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
+    EOT
+
+fi
 
 # Exec CMD or S6 by default if nothing present
 if [ $# -gt 0 ];then