Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity

docker as non-root

Browse Source
This commit is contained in:
Kyle Spearrin 2018-03-26 11:21:03 -04:00
parent d945431ac1
commit b8ed8853cd
12 changed files with 104 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Admin/Dockerfile
View File

@ -1,7 +1,6 @@
FROM microsoft/aspnetcore:2.0.5 FROM microsoft/aspnetcore:2.0.5
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app WORKDIR /app
EXPOSE 5000 EXPOSE 5000
COPY obj/Docker/publish . COPY obj/Docker/publish .
@ -9,6 +8,7 @@ COPY entrypoint.sh /
RUN groupadd -g 999 bitwarden \ RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden \ && useradd -r -u 999 -g bitwarden bitwarden \
&& chown -R bitwarden:bitwarden /app \
&& mkdir /etc/bitwarden \ && mkdir /etc/bitwarden \
&& chown -R bitwarden:bitwarden /etc/bitwarden \ && chown -R bitwarden:bitwarden /etc/bitwarden \
&& chmod +x /entrypoint.sh \ && chmod +x /entrypoint.sh \

18
src/Api/Dockerfile
View File

@ -5,15 +5,25 @@ RUN apt-get update \
cron \ cron \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app WORKDIR /app
EXPOSE 80 EXPOSE 5000
COPY obj/Docker/publish/Api . COPY obj/Docker/publish/Api .
COPY obj/Docker/publish/Jobs /jobs COPY obj/Docker/publish/Jobs /jobs
COPY entrypoint.sh /
RUN mv /jobs/crontab /etc/cron.d/bitwarden-cron \ RUN mv /jobs/crontab /etc/cron.d/bitwarden-cron \
&& chmod 0644 /etc/cron.d/bitwarden-cron \ && chmod 0644 /etc/cron.d/bitwarden-cron \
&& touch /var/log/cron.log && touch /var/log/cron.log
COPY entrypoint.sh / RUN groupadd -g 999 bitwarden \
RUN chmod +x /entrypoint.sh && useradd -r -u 999 -g bitwarden bitwarden \
&& chown -R bitwarden:bitwarden /app \
&& chown -R bitwarden:bitwarden /jobs
&& mkdir /etc/bitwarden \
&& chown -R bitwarden:bitwarden /etc/bitwarden \
&& chmod +x /entrypoint.sh \
&& chown bitwarden:bitwarden /entrypoint.sh
USER bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

14
src/Icons/Dockerfile
View File

@ -12,10 +12,18 @@ RUN curl -L -o iconserver.zip https://github.com/mat/besticon/releases/download/
&& unzip iconserver.zip -d /etc/iconserver \ && unzip iconserver.zip -d /etc/iconserver \
&& rm iconserver.* && rm iconserver.*
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app WORKDIR /app
EXPOSE 80 EXPOSE 5000
COPY obj/Docker/publish . COPY obj/Docker/publish .
COPY entrypoint.sh / COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden \
&& chown -R bitwarden:bitwarden /app \
&& chown -R bitwarden:bitwarden /etc/iconserver \
&& chmod +x /entrypoint.sh \
&& chown bitwarden:bitwarden /entrypoint.sh
USER bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

15
src/Identity/Dockerfile
View File

@ -1,9 +1,18 @@
FROM microsoft/aspnetcore:2.0.5 FROM microsoft/aspnetcore:2.0.5
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app WORKDIR /app
EXPOSE 80 EXPOSE 5000
COPY obj/Docker/publish . COPY obj/Docker/publish .
COPY entrypoint.sh / COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden \
&& chown -R bitwarden:bitwarden /app \
&& mkdir /etc/bitwarden \
&& chown -R bitwarden:bitwarden /etc/bitwarden \
&& chmod +x /entrypoint.sh \
&& chown bitwarden:bitwarden /entrypoint.sh
USER bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

6
src/Jobs/crontab
View File

@ -1,5 +1,5 @@
0 * * * * root dotnet /jobs/Jobs.dll -d /jobs -j alive >> /var/log/cron.log 2>&1 0 * * * * bitwarden dotnet /jobs/Jobs.dll -d /jobs -j alive >> /var/log/cron.log 2>&1
0 */6 * * * root dotnet /jobs/Jobs.dll -d /jobs -j validate-organizations >> /var/log/cron.log 2>&1 0 */6 * * * bitwarden dotnet /jobs/Jobs.dll -d /jobs -j validate-organizations >> /var/log/cron.log 2>&1
30 */12 * * * root dotnet /jobs/Jobs.dll -d /jobs -j validate-users-premium >> /var/log/cron.log 2>&1 30 */12 * * * bitwarden dotnet /jobs/Jobs.dll -d /jobs -j validate-users-premium >> /var/log/cron.log 2>&1
# An empty line is required at the end of this file for a valid cron file. # An empty line is required at the end of this file for a valid cron file.

15
util/Attachments/Dockerfile
View File

@ -1,7 +1,16 @@
FROM bitwarden/server FROM bitwarden/server
EXPOSE 80 ENV ASPNETCORE_URLS http://+:5000
EXPOSE 5000
COPY entrypoint.sh / COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden \
&& chown -R bitwarden:bitwarden /bitwarden_server \
&& mkdir /etc/bitwarden \
&& chown -R bitwarden:bitwarden /etc/bitwarden \
&& chmod +x /entrypoint.sh \
&& chown bitwarden:bitwarden /entrypoint.sh
USER bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

21
util/MsSql/Dockerfile
View File

@ -5,14 +5,27 @@ RUN apt-get update \
cron \ cron \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden
COPY crontab /etc/cron.d/bitwarden-cron COPY crontab /etc/cron.d/bitwarden-cron
RUN chmod 0644 /etc/cron.d/bitwarden-cron \ RUN chmod 0644 /etc/cron.d/bitwarden-cron \
&& touch /var/log/cron.log && touch /var/log/cron.log \
&& chown bitwarden:bitwarden /var/log/cron.log
COPY backup-db.sql / COPY backup-db.sql /
COPY backup-db.sh / COPY backup-db.sh /
RUN chmod +x /backup-db.sh
COPY entrypoint.sh / COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
RUN mkdir /etc/bitwarden \
&& chown -R bitwarden:bitwarden /etc/bitwarden \
&& mkdir /var/opt/mssql \
&& chown -R bitwarden:bitwarden /var/opt/mssql \
&& chmod +x /entrypoint.sh \
&& chmod +x /backup-db.sh \
&& chown bitwarden:bitwarden /entrypoint.sh \
&& chown bitwarden:bitwarden /backup-db.sh \
&& chown bitwarden:bitwarden /backup-db.sql
USER bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

2
util/MsSql/crontab
View File

@ -1,3 +1,3 @@
0 0 * * * root /backup-db.sh >> /var/log/cron.log 2>&1 0 0 * * * bitwarden /backup-db.sh >> /var/log/cron.log 2>&1
# An empty line is required at the end of this file for a valid cron file. # An empty line is required at the end of this file for a valid cron file.

14
util/Nginx/Dockerfile
View File

@ -3,7 +3,17 @@ FROM nginx:1.12
COPY nginx.conf /etc/nginx COPY nginx.conf /etc/nginx
COPY proxy.conf /etc/nginx COPY proxy.conf /etc/nginx
COPY mime.types /etc/nginx COPY mime.types /etc/nginx
COPY entrypoint.sh / COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden \
&& mkdir /etc/bitwarden \
&& chown -R bitwarden:bitwarden /etc/bitwarden \
&& chmod +x /entrypoint.sh \
&& chown bitwarden:bitwarden /entrypoint.sh \
&& touch /var/run/nginx.pid \
&& chown -R proxytest:proxytest /var/run/nginx.pid \
&& chown -R proxytest:proxytest /var/cache/nginx
USER bitwarden
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

4
util/Setup/DockerComposeBuilder.cs
View File

@ -165,8 +165,8 @@ services:
container_name: bitwarden-nginx container_name: bitwarden-nginx
restart: always restart: always
ports: ports:
- '{HttpPort}:80' - '{HttpPort}:8080'
- '{HttpsPort}:443' - '{HttpsPort}:8081'
volumes: volumes:
- ../nginx:/etc/bitwarden/nginx - ../nginx:/etc/bitwarden/nginx
- ../letsencrypt:/etc/letsencrypt - ../letsencrypt:/etc/letsencrypt

8
util/Setup/Dockerfile
View File

@ -7,3 +7,11 @@ RUN apt-get update \
WORKDIR /app WORKDIR /app
COPY obj/Docker/publish . COPY obj/Docker/publish .
RUN groupadd -g 999 bitwarden \
&& useradd -r -u 999 -g bitwarden bitwarden \
&& chown -R bitwarden:bitwarden /app \
&& mkdir /bitwarden \
&& chown -R bitwarden:bitwarden /bitwarden
USER bitwarden

22
util/Setup/NginxConfigBuilder.cs
View File

@ -65,7 +65,7 @@ namespace Bit.Setup
if(File.Exists("/bitwarden/nginx/default.conf")) if(File.Exists("/bitwarden/nginx/default.conf"))
{ {
var confContent = File.ReadAllText("/bitwarden/nginx/default.conf"); var confContent = File.ReadAllText("/bitwarden/nginx/default.conf");
Ssl = confContent.Contains("listen 443 ssl http2;"); Ssl = confContent.Contains("listen 8081 ssl http2;") || confContent.Contains("listen 443 ssl http2;");
SelfSignedSsl = confContent.Contains("/etc/ssl/self/"); SelfSignedSsl = confContent.Contains("/etc/ssl/self/");
LetsEncrypt = !SelfSignedSsl && confContent.Contains("/etc/letsencrypt/live/"); LetsEncrypt = !SelfSignedSsl && confContent.Contains("/etc/letsencrypt/live/");
DiffieHellman = confContent.Contains("/dhparam.pem;"); DiffieHellman = confContent.Contains("/dhparam.pem;");
@ -98,8 +98,8 @@ namespace Bit.Setup
# Parameter:Trusted={Trusted} # Parameter:Trusted={Trusted}
server {{ server {{
listen 80 default_server; listen 8080 default_server;
listen [::]:80 default_server; listen [::]:8080 default_server;
server_name {Domain};"); server_name {Domain};");
if(Ssl) if(Ssl)
@ -108,8 +108,8 @@ server {{
}} }}
server {{ server {{
listen 443 ssl http2; listen 8081 ssl http2;
listen [::]:443 ssl http2; listen [::]:8081 ssl http2;
server_name {Domain}; server_name {Domain};
ssl_certificate {sslPath}/{certFile}; ssl_certificate {sslPath}/{certFile};
@ -169,29 +169,29 @@ server {{
sw.WriteLine($@" sw.WriteLine($@"
location / {{ location / {{
proxy_pass http://web/; proxy_pass http://web:5000/;
}} }}
location = /app-id.json {{ location = /app-id.json {{
proxy_pass http://web/app-id.json; proxy_pass http://web:5000/app-id.json;
proxy_hide_header Content-Type; proxy_hide_header Content-Type;
add_header Content-Type $fido_content_type; add_header Content-Type $fido_content_type;
}} }}
location /attachments/ {{ location /attachments/ {{
proxy_pass http://attachments/; proxy_pass http://attachments:5000/;
}} }}
location /api/ {{ location /api/ {{
proxy_pass http://api/; proxy_pass http://api:5000/;
}} }}
location /identity/ {{ location /identity/ {{
proxy_pass http://identity/; proxy_pass http://identity:5000/;
}} }}
location /icons/ {{ location /icons/ {{
proxy_pass http://icons/; proxy_pass http://icons:5000/;
}} }}
location /admin {{ location /admin {{