From 072a6b9ca3f4f92273ab441dd1a0d8bff55b8232 Mon Sep 17 00:00:00 2001 From: Vitaliy Filippov Date: Thu, 29 Dec 2016 19:01:21 +0300 Subject: [PATCH] Bugzilla4Intranet docker image --- Dockerfile | 68 ++++++++++++++ etc/apt/apt.conf | 4 + etc/bugzilla-http.conf | 16 ++++ etc/default/sphinxsearch | 1 + etc/init.d/bugzilla | 50 ++++++++++ etc/locale.gen | 2 + etc/nginx/nginx.conf | 37 ++++++++ etc/nginx/sites-available/wiki4intranet | 36 ++++++++ etc/nginx/sites-enabled/wiki4intranet | 1 + etc/perl/CPAN/Config.pm | 69 ++++++++++++++ etc/sphinxsearch/sphinx.conf | 36 ++++++++ localconfig | 116 ++++++++++++++++++++++++ 12 files changed, 436 insertions(+) create mode 100644 Dockerfile create mode 100644 etc/apt/apt.conf create mode 100644 etc/bugzilla-http.conf create mode 100644 etc/default/sphinxsearch create mode 100755 etc/init.d/bugzilla create mode 100644 etc/locale.gen create mode 100644 etc/nginx/nginx.conf create mode 100644 etc/nginx/sites-available/wiki4intranet create mode 120000 etc/nginx/sites-enabled/wiki4intranet create mode 100644 etc/perl/CPAN/Config.pm create mode 100644 etc/sphinxsearch/sphinx.conf create mode 100644 localconfig diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..78b2247 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,68 @@ +FROM debian:stretch + +MAINTAINER Vitaliy Filippov + +ADD etc/apt/apt.conf /etc/apt/apt.conf +ADD etc/locale.gen /etc/locale.gen + +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" \ + -o Dpkg::Options::="--force-confold" install -y wget git zip unzip poppler-utils \ + graphviz patchutils sphinxsearch mc nginx perl mariadb-server libreoffice libdbi-perl libdatetime-perl libemail-address-perl \ + libtemplate-perl libjson-perl libemail-mime-perl libtest-taint-perl \ + libxml-twig-perl libtext-tabulardisplay-perl libemail-sender-perl \ + liblingua-translit-perl libarchive-zip-perl libdbd-mysql-perl libimage-magick-perl \ + libgd-perl libtemplate-plugin-gd-perl libgd-graph-perl libgd-graph3d-perl \ + libmail-rfc822-address-perl libemail-reply-perl \ + libdevel-stacktrace-perl libemail-mime-attachment-stripper-perl \ + libsoap-lite-perl libxmlrpc-lite-perl libjson-rpc-perl libjson-xs-perl libtext-csv-perl libhtml-strip-perl \ + libtext-csv-xs-perl libspreadsheet-parseexcel-perl libspreadsheet-xlsx-perl \ + liblingua-stem-snowball-perl libtheschwartz-perl \ + libdaemon-generic-perl libhttp-server-simple-perl libnet-server-perl + +ADD etc /etc +ADD home /home +ADD usr /usr + +RUN service mysql start && echo "CREATE DATABASE bugzilla; \ + GRANT ALL PRIVILEGES ON bugzilla.* TO bugzilla@localhost IDENTIFIED BY 'bugzilla'; \ + FLUSH PRIVILEGES;" | mysql --defaults-file=/etc/mysql/debian.cnf + +RUN cpan CGI Math::Random::Secure Sys::Sendfile Date::Parse Text::Wrap MIME::Parser + +RUN mv /var/lib/mysql /home/data/mysql && \ + mv /var/lib/sphinxsearch /home/data/sphinxsearch && \ + ln -s /home/data/mysql /var/lib/mysql && \ + ln -s /home/data/sphinxsearch /var/lib/sphinxsearch && \ + mkdir /home/data/logs && \ + mv /var/log/nginx /home/data/logs && \ + ln -s /home/data/logs/nginx /var/log/nginx && \ + mv /var/log/mysql /home/data/logs && \ + ln -s /home/data/logs/mysql /var/log/mysql && \ + mv /var/log/sphinxsearch /home/data/logs && \ + ln -s /home/data/logs/sphinxsearch /var/log/sphinxsearch && \ + cd /home && \ + git clone -b beta https://github.com/vitalif/bugzilla-4intranet bugzilla && \ + cd /home/bugzilla && \ + mv data /home/data/bugzilla && \ + chown www-data:www-data /home/data/bugzilla && \ + ln -s /home/data/bugzilla data + +ADD localconfig /home/bugzilla/localconfig + +# Update image incrementally + +# ADD bugzilla4intranet-version /etc/mediawiki4intranet-version + +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" \ + -o Dpkg::Options::="--force-confold" dist-upgrade -y \ + && apt-get clean && rm -rf /var/lib/apt/lists/* + +RUN service sphinxsearch start && \ + service mysql start && \ + cd /home/bugzilla && \ + git pull && \ + ./checksetup.sh + +CMD /home/start.sh + +EXPOSE 80 diff --git a/etc/apt/apt.conf b/etc/apt/apt.conf new file mode 100644 index 0000000..68d79bf --- /dev/null +++ b/etc/apt/apt.conf @@ -0,0 +1,4 @@ +APT::Install-Suggests false; +APT::Install-Recommends false; +Acquire::Retries 5; +Binary::apt::APT::Keep-Downloaded-Packages "false"; diff --git a/etc/bugzilla-http.conf b/etc/bugzilla-http.conf new file mode 100644 index 0000000..58acbc8 --- /dev/null +++ b/etc/bugzilla-http.conf @@ -0,0 +1,16 @@ +class Net::Server::PreFork +port 0.0.0.0:8157 +min_servers 4 +max_servers 20 +min_spare_servers 4 +max_spare_servers 8 +max_requests 1000 +user www-data +group www-data +log_file /home/data/logs/bugzilla.log +log_level 2 +pid_file /var/run/bugzilla.pid +background 1 +deny_regexp ^(localconfig|data/(?!webdot/)|.*\.(pm|pl|sh)($|\?)|(/|^)(CVS|\.(ht|svn|hg|bzr|git)).*) +preload *.cgi +reload 1 diff --git a/etc/default/sphinxsearch b/etc/default/sphinxsearch new file mode 100644 index 0000000..09eaef3 --- /dev/null +++ b/etc/default/sphinxsearch @@ -0,0 +1 @@ +START=yes diff --git a/etc/init.d/bugzilla b/etc/init.d/bugzilla new file mode 100755 index 0000000..883b249 --- /dev/null +++ b/etc/init.d/bugzilla @@ -0,0 +1,50 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: bugzilla +# Required-Start: $local_fs $remote_fs $network $syslog +# Required-Stop: $local_fs $remote_fs $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start/stop standalone Bugzilla server. +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +PIDFILE=/var/run/bugzilla.pid +DIR=/home/bugzilla +CONFIG=/etc/bugzilla-http.conf +NAME=bugzilla + +. /lib/lsb/init-functions + +export LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 + +case "$1" in + start) + log_daemon_msg "Starting Bugzilla server" $NAME + perl -T $DIR/HTTPServerSimple.pl $CONFIG --background + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping Bugzilla server" $NAME + if [ -e $PIDFILE ]; then + kill `cat $PIDFILE` 2>/dev/null >/dev/null && rm $PIDFILE + log_end_msg $? + else + echo -n ...not running + log_end_msg 0 + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting Bugzilla server" $NAME + [ -e $PIDFILE ] && kill `cat $PIDFILE` 2>/dev/null >/dev/null && sleep 1 && rm $PIDFILE + perl -T $DIR/HTTPServerSimple.pl $CONFIG --background + log_end_msg $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/etc/locale.gen b/etc/locale.gen new file mode 100644 index 0000000..0c8fc3f --- /dev/null +++ b/etc/locale.gen @@ -0,0 +1,2 @@ +en_US.UTF-8 UTF-8 +ru_RU.UTF-8 UTF-8 diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 0000000..2f63b27 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,37 @@ +user www-data; +worker_processes 4; +pid /run/nginx.pid; + +events { + worker_connections 768; +} + +http { + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + client_max_body_size 512M; + fastcgi_read_timeout 600; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + access_log /home/wiki4intranet/data/logs/nginx/access.log; + error_log /home/wiki4intranet/data/logs/nginx/error.log; + + gzip on; + gzip_disable "msie6"; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/etc/nginx/sites-available/wiki4intranet b/etc/nginx/sites-available/wiki4intranet new file mode 100644 index 0000000..9af8994 --- /dev/null +++ b/etc/nginx/sites-available/wiki4intranet @@ -0,0 +1,36 @@ +server { + listen 80 default; + server_name wiki4intranet.local; + + root /home/wiki4intranet/www; + + location ~ /\.svn\/|\.bzr\/|\.hg\/|\.git\// { + deny all; + } + + # pass to php7.0-fpm + location / { + index index.php; + try_files $uri @index; + } + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include fastcgi_params; + } + location @index { + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_param PATH_INFO $fastcgi_path_info; + include fastcgi_params; + } + + location /images { + allow all; + } + + location ~* ^/.*/.*\.(jpg|jpeg|gif|png|html|htm|ico)$ { + allow all; + } +} diff --git a/etc/nginx/sites-enabled/wiki4intranet b/etc/nginx/sites-enabled/wiki4intranet new file mode 120000 index 0000000..d5cf84f --- /dev/null +++ b/etc/nginx/sites-enabled/wiki4intranet @@ -0,0 +1 @@ +../sites-available/wiki4intranet \ No newline at end of file diff --git a/etc/perl/CPAN/Config.pm b/etc/perl/CPAN/Config.pm new file mode 100644 index 0000000..a8048ea --- /dev/null +++ b/etc/perl/CPAN/Config.pm @@ -0,0 +1,69 @@ +# This is CPAN.pm's systemwide configuration file. This file provides +# defaults for users, and the values can be changed in a per-user +# configuration file. The user-config file is being looked for as +# ~/.cpan/CPAN/MyConfig.pm. + +$CPAN::Config = { + 'applypatch' => q[], + 'auto_commit' => q[0], + 'build_cache' => q[100], + 'build_dir' => q[/root/.cpan/build], + 'build_dir_reuse' => q[1], + 'build_requires_install_policy' => q[follow/yes], + 'bzip2' => q[/bin/bzip2], + 'cache_metadata' => q[1], + 'check_sigs' => q[0], + 'commandnumber_in_prompt' => q[1], + 'cpan_home' => q[/root/.cpan], + 'curl' => q[/usr/bin/curl], + 'ftp' => q[/usr/bin/ftp], + 'ftp_passive' => q[1], + 'ftp_proxy' => q[], + 'getcwd' => q[cwd], + 'gpg' => q[/usr/bin/gpg], + 'gzip' => q[/bin/gzip], + 'histfile' => q[/root/.cpan/histfile], + 'histsize' => q[100], + 'http_proxy' => q[], + 'inactivity_timeout' => q[0], + 'index_expire' => q[1], + 'inhibit_startup_message' => q[0], + 'keep_source_where' => q[/root/.cpan/sources], + 'load_module_verbosity' => q[v], + 'lynx' => q[/usr/bin/lynx], + 'make' => q[/usr/bin/make], + 'make_arg' => q[], + 'make_install_arg' => q[], + 'make_install_make_command' => q[/usr/bin/make], + 'makepl_arg' => q[INSTALLDIRS=site], + 'mbuild_arg' => q[], + 'mbuild_install_arg' => q[], + 'mbuild_install_build_command' => q[./Build], + 'mbuildpl_arg' => q[], + 'ncftpget' => q[/usr/bin/ncftpget], + 'no_proxy' => q[], + 'pager' => q[/usr/bin/less], + 'patch' => q[/usr/bin/patch], + 'prefer_installer' => q[MB], + 'prefs_dir' => q[/root/.cpan/prefs], + 'prerequisites_policy' => q[follow], + 'proxy_user' => q[], + 'scan_cache' => q[atstart], + 'shell' => q[/bin/bash], + 'show_unparsable_versions' => q[0], + 'show_upload_date' => q[0], + 'show_zero_versions' => q[0], + 'tar' => q[/bin/tar], + 'tar_verbosity' => q[v], + 'term_is_latin' => q[1], + 'term_ornaments' => q[1], + 'test_report' => q[0], + 'unzip' => q[/usr/bin/unzip], + 'urllist' => [q[http://cpan-mirror.rbc.ru/pub/CPAN/], q[ftp://cpan.rinet.ru/pub/mirror/CPAN/], q[ftp://mirror.yandex.ru/mirrors/cpan/]], + 'use_sqlite' => q[1], + 'wget' => q[/usr/bin/wget], + 'yaml_load_code' => q[0], + 'yaml_module' => q[YAML], +}; +1; +__END__ diff --git a/etc/sphinxsearch/sphinx.conf b/etc/sphinxsearch/sphinx.conf new file mode 100644 index 0000000..e16a5f0 --- /dev/null +++ b/etc/sphinxsearch/sphinx.conf @@ -0,0 +1,36 @@ +# bugzilla + +index bugzilla +{ + type = rt + path = /var/lib/sphinxsearch/data/bugzilla + rt_field = short_desc + rt_field = comments + rt_field = comments_private + docinfo = extern + charset_table = 0..9, A..Z->a..z, a..z, U+410..U+42F->U+430..U+44F, U+430..U+44F + blend_chars = _, -, &, +, @, $ + morphology = stem_enru + min_word_len = 2 +} + +### General configuration ### + +indexer +{ + mem_limit = 128M +} + +searchd +{ + listen = 127.0.0.1:3112 + log = /var/log/sphinxsearch/sphinx.log + binlog_path = /var/lib/sphinxsearch/data + query_log = /var/log/sphinxsearch/query.log + read_timeout = 5 + max_children = 30 + pid_file = /var/run/sphinxsearch/searchd.pid + listen = /var/run/sphinxsearch/searchd.sock:mysql41 + workers = threads + rt_flush_period = 3600 +} diff --git a/localconfig b/localconfig new file mode 100644 index 0000000..0c0528f --- /dev/null +++ b/localconfig @@ -0,0 +1,116 @@ + +# If you are using Apache as your web server, Bugzilla can create .htaccess +# files for you that will instruct Apache not to serve files that shouldn't +# be accessed from the web browser (like your local configuration data and non-cgi +# executable files). For this to work, the directory your Bugzilla +# installation is in must be within the jurisdiction of a block +# in the httpd.conf file that has 'AllowOverride Limit' in it. If it has +# 'AllowOverride All' or other options with Limit, that's fine. +# (Older Apache installations may use an access.conf file to store these +# blocks.) +# If this is set to 1, Bugzilla will create these files if they don't exist. +# If this is set to 0, Bugzilla will not create these files. +$create_htaccess = 1; + +# Usually, this is the group your web server runs as. +# If you have a Windows box, ignore this setting. +# If you have use_suexec switched on below, this is the group Apache switches +# to in order to run Bugzilla scripts. +# If you do not have access to the group your scripts will run under, +# set this to "". If you do set this to "", then your Bugzilla installation +# will be _VERY_ insecure, because some files will be world readable/writable, +# and so anyone who can get local access to your machine can do whatever they +# want. You should only have this set to "" if this is a testing installation +# and you cannot set this up any other way. YOU HAVE BEEN WARNED! +# If you set this to anything other than "", you will need to run checksetup.pl +# asroot, or as a user who is a member of the specified group. +$webservergroup = 'www-data'; + +# Set this if Bugzilla runs in an Apache SuexecUserGroup environment. +# (If your web server runs control panel software (cPanel, Plesk or similar), +# or if your Bugzilla is to run in a shared hosting environment, then you are +# almost certainly in an Apache SuexecUserGroup environment.) +# If you have a Windows box, ignore this setting. +# If set to 0, Bugzilla will set file permissions as tightly as possible. +# If set to 1, Bugzilla will set file permissions so that it may work in an +# SuexecUserGroup environment. The difference is that static files (CSS, +# JavaScript and so on) will receive world read permissions. +$use_suexec = 0; + +# What SQL database to use. Default is mysql. List of supported databases +# can be obtained by listing Bugzilla/DB directory - every module corresponds +# to one supported database and the name corresponds to a driver name. +$db_driver = 'mysql'; + +# The DNS name of the host that the database server runs on. +$db_host = 'localhost'; + +# The name of the database +$db_name = 'bugzilla'; + +# Who we connect to the database as. +$db_user = 'bugzilla'; + +# Enter your database password here. It's normally advisable to specify +# a password for your bugzilla database user. +# If you use apostrophe (') or a backslash (\) in your password, you'll +# need to escape it by preceding it with a '\' character. (\') or (\) +# (Far simpler just not to use those characters.) +$db_pass = 'bugzilla'; + +# Sometimes the database server is running on a non-standard port. If that's +# the case for your database server, set this to the port number that your +# database server is running on. Setting this to 0 means "use the default +# port for my database server." +$db_port = 0; + +# MySQL Only: Enter a path to the unix socket for MySQL. If this is +# blank, then MySQL's compiled-in default will be used. You probably +# want that. +$db_sock = '/var/run/mysqld/mysqld.sock'; + +# The name of Sphinx Search index to use for fulltext search +# '' means don't use Sphinx, but use MySQL fulltext search instead +# Sphinx is MUCH MUCH faster, but requires separate configuration (see data/sphinx.conf) +$sphinx_index = 'bugzilla'; + +# The DNS name of the host that the Sphinx server runs on. +$sphinx_host = '127.0.0.1'; + +# Sphinx port (listening MySQL protocol) +$sphinx_port = 0; + +# Sphinx UNIX socket (listening MySQL protocol) +$sphinx_sock = '/var/run/sphinxsearch/searchd.sock'; + +# To use MySQL Sphinx Storage Engine (bundled with MariaDB), specify +# a non-zero port on which Sphinx is listening for non-SphinxQL requests +$sphinxse_port = 3112; + +# Should checksetup.pl try to verify that your database setup is correct? +# (with some combinations of database servers/Perl modules/moonphase this +# doesn't work) +$db_check = 1; + +# For some optional functions of Bugzilla (such as the pretty-print patch +# viewer), we need the cvs binary to access files and revisions. +# Because it's possible that this program is not in your path, you can specify +# its location here. Please specify the full path to the executable. +$cvsbin = '/usr/bin/cvs'; + +# For some optional functions of Bugzilla (such as the pretty-print patch +# viewer), we need the interdiff binary to make diffs between two patches. +# Because it's possible that this program is not in your path, you can specify +# its location here. Please specify the full path to the executable. +$interdiffbin = '/usr/bin/interdiff'; + +# The interdiff feature needs diff, so we have to have that path. +# Please specify the directory name only; do not use trailing slash. +$diffpath = '/usr/bin'; + +# This secret key is used by your installation for the creation and +# validation of encrypted tokens to prevent unsolicited changes, +# such as bug changes. A random string is generated by default. +# It's very important that this key is kept secret. It also must be +# very long. +$site_wide_secret = '';