Docker
This commit is contained in:
Pavel Zilke
parent
f76cea785f
commit
e26dd65724
8 changed files with 143 additions and 3 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -1,3 +1,6 @@
|
|||
7h96bfno.000/
|
||||
linux-amd64.tgz
|
||||
conf/ervu-sign-module.conf
|
||||
CMakeFiles/
|
||||
CMakeLists.txt.user
|
||||
src/config.h
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ MESSAGE ("")
|
|||
CONFIGURE_FILE (${SOURCE_DIR}/config.h.in ${SOURCE_DIR}/config.h)
|
||||
|
||||
SET (CRYPTOPRO_INCLUDE_DIRS
|
||||
/opt/cprocsp/include
|
||||
/opt/cprocsp/include/cpcsp
|
||||
/opt/cprocsp/include/pki
|
||||
)
|
||||
|
|
|
|||
68
Dockerfile
Normal file
68
Dockerfile
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
|
||||
ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
|
||||
|
||||
FROM ${BUILDER_IMAGE} AS builder
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install \
|
||||
crontabs \
|
||||
glibc-locales \
|
||||
unzip \
|
||||
glib2-devel \
|
||||
libfcgi-devel \
|
||||
cmake \
|
||||
make \
|
||||
gcc \
|
||||
gcc10
|
||||
|
||||
WORKDIR /distr
|
||||
COPY linux-amd64.tgz .
|
||||
|
||||
# Install CryptoPRO CSP
|
||||
RUN tar -xf linux-amd64.tgz \
|
||||
&& cd linux-amd64 \
|
||||
&& ./install.sh \
|
||||
&& apt-get install ./cprocsp-pki-cades-64-*.rpm \
|
||||
&& apt-get install ./lsb-cprocsp-devel-*.rpm \
|
||||
&& cd .. && rm -rf linux-amd64 linux-amd64.tgz
|
||||
|
||||
WORKDIR /build
|
||||
COPY src src
|
||||
COPY CMakeLists.txt CMakeLists.txt
|
||||
|
||||
RUN mkdir -p .build \
|
||||
&& cd .build \
|
||||
&& cmake .. \
|
||||
&& make -j4
|
||||
|
||||
|
||||
FROM ${RUNTIME_IMAGE}
|
||||
|
||||
ENV TZ=Europe/Moscow
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install mc glib2 libfcgi nginx \
|
||||
&& apt-get clean \
|
||||
&& rm -f /var/cache/apt/*.bin \
|
||||
&& rm -f /var/lib/apt/lists/update* \
|
||||
&& adduser --system --no-create-home --user-group --uid 500 ervu
|
||||
|
||||
COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8
|
||||
COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp
|
||||
COPY --from=builder /opt/cprocsp /opt/cprocsp
|
||||
COPY --from=builder /var/opt/cprocsp /var/opt/cprocsp
|
||||
COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-sign-module
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
||||
RUN mkdir -p /var/opt/cprocsp/keys/ervu/7h96bfno.000 \
|
||||
&& chown -R ervu:ervu /var/opt/cprocsp/keys/ervu \
|
||||
&& chmod +x /entrypoint.sh
|
||||
|
||||
VOLUME /var/opt/cprocsp/keys/ervu/7h96bfno.000
|
||||
|
||||
EXPOSE 9009
|
||||
|
||||
USER ervu
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
|
@ -3,12 +3,11 @@
|
|||
|
||||
[fcgi]
|
||||
fcgi_listen_port = 9009
|
||||
#fcgi_listen_host = 127.0.0.1
|
||||
fcgi_listen_host = 127.0.0.1
|
||||
#fcgi_thread_pool_size = 1
|
||||
|
||||
[sign]
|
||||
#location = /sign
|
||||
cp_file = libcapi20.so
|
||||
cp_file = /opt/cprocsp/lib/amd64/libcapi20.so
|
||||
signer_subject = signer@example.ru
|
||||
pin = ****
|
||||
|
||||
9
conf/nginx-docker.conf
Normal file
9
conf/nginx-docker.conf
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
|
||||
location = /sign {
|
||||
fastcgi_pass ervu-sign-module:9009;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
||||
43
conf/nginx.conf
Normal file
43
conf/nginx.conf
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
# load dynamic nginx modules
|
||||
include /etc/nginx/modules-enabled.d/*.conf;
|
||||
|
||||
# see http://nginx.net for info & docs
|
||||
|
||||
worker_processes 10;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
include /etc/nginx/conf-enabled.d/*.conf;
|
||||
|
||||
http {
|
||||
proxy_temp_path /var/spool/nginx/tmp/proxy;
|
||||
fastcgi_temp_path /var/spool/nginx/tmp/fastcgi;
|
||||
client_body_temp_path /var/spool/nginx/tmp/client;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
sendfile on;
|
||||
|
||||
gzip on;
|
||||
|
||||
# text/html doesn't need to be defined there, it's compressed always
|
||||
gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml;
|
||||
|
||||
# gzip_comp_level 9;
|
||||
include /etc/nginx/sites-enabled.d/*.conf;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
|
||||
location = /sign {
|
||||
fastcgi_pass localhost:9009;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
||||
}
|
||||
14
docker-compose.yaml
Normal file
14
docker-compose.yaml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
services:
|
||||
ervu-sign-module:
|
||||
build: .
|
||||
volumes:
|
||||
- ./7h96bfno.000:/var/opt/cprocsp/keys/ervu/7h96bfno.000
|
||||
- ./conf/ervu-sign-module.conf:/etc/ervu-sign-module.conf
|
||||
nginx:
|
||||
image: nginx:latest
|
||||
links:
|
||||
- ervu-sign-module
|
||||
ports:
|
||||
- "28080:80"
|
||||
volumes:
|
||||
- ./conf/nginx-docker.conf:/etc/nginx/conf.d/default.conf
|
||||
3
entrypoint.sh
Normal file
3
entrypoint.sh
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov
|
||||
/opt/ervu-sign-module/ervu-sign-module
|
||||
Loading…
Add table
Add a link
Reference in a new issue