Skip to content

🐳 Docker Image with Nginx, Git auto-pull and webhooks

Notifications You must be signed in to change notification settings

eduwass/docker-nginx-git

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

docker-nginx-git

Minimal base image for hosting Nginx powered websites with Automatic Git Deployment functionalities including Webhooks

Image Overview

Component Why is it included? / Remarks
Ubuntu 16.04 LTS The base system.
A correct init process Main article: Docker and the PID 1 zombie reaping problem.

According to the Unix process model, the init process -- PID 1 -- inherits all orphaned child processes and must reap them. Most Docker containers do not have an init process that does this correctly, and as a result their containers become filled with zombie processes over time.

Furthermore, docker stop sends SIGTERM to the init process, which is then supposed to stop all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead. This causes processes to be hard killed with SIGKILL, which doesn't give them a chance to correctly deinitialize things. This can cause file corruption.

Baseimage-docker comes with an init process /sbin/my_init that performs both of these tasks correctly.
Fixes APT incompatibilities with Docker See moby/moby#1024.
syslog-ng A syslog daemon is necessary so that many services - including the kernel itself - can correctly log to /var/log/syslog. If no syslog daemon is running, a lot of important messages are silently swallowed.

Only listens locally. All syslog messages are forwarded to "docker logs".
logrotate Rotates and compresses logs on a regular basis.
SSH server Allows you to easily login to your container to inspect or administer things.

SSH is disabled by default and is only one of the methods provided by baseimage-docker for this purpose. The other method is through docker exec. SSH is also provided as an alternative because docker exec comes with several caveats.

Password and challenge-response authentication are disabled by default. Only key authentication is allowed.
cron The cron daemon must be running for cron jobs to work.
runit Replaces Ubuntu's Upstart. Used for service supervision and management. Much easier to use than SysV init and supports restarting daemons when they crash. Much easier to use and more lightweight than Upstart.
setuser A tool for running a command as another user. Easier to use than su, has a smaller attack vector than sudo, and unlike chpst this tool sets $HOME correctly. Available as /sbin/setuser.

Baseimage-docker is very lightweight: it only consumes 6 MB of memory.

Configuration

Available Configuration Parameters

The following flags are a list of all the currently supported options that can be changed by passing in the variables to docker with the -e flag.

  • GIT_REPO : URL to the repository containing your source code
  • GIT_BRANCH : Select a specific branch (optional)
  • GIT_EMAIL : Set your email for code pushing (required for git to work)
  • GIT_NAME : Set your name for code pushing (required for git to work)
  • SSH_KEY : Private SSH deploy key for your repository base64 encoded (requires write permissions for pushing)
  • WEBROOT : Change the default webroot directory from /var/www/html to your own setting
  • TEMPLATE_NGINX_HTML : Enable by setting to 1 search and replace templating to happen on your code
  • DOMAIN : Set domain name for Lets Encrypt scripts
  • GIT_HOOK_TOKEN : Auth-Token used for the docker-hook listener

Dynamically Pulling code from git

One of the nice features of this container is its ability to pull code from a git repository with a couple of environmental variables passed at run time.

Note: You need to have your SSH key that you use with git to enable the deployment. I recommend using a special deploy key per project to minimise the risk.

Preparing your SSH key

The container expects you pass it the SSH_KEY variable with a base64 encoded private key. First generate your key and then make sure to add it to github and give it write permissions if you want to be able to push code back out the container. Then run:

base64 /path_to_your_key

Note: Copy the output be careful not to copy your prompt

To run the container and pull code simply specify the GIT_REPO URL including git@ and then make sure you have also supplied your base64 version of your ssh deploy key:

sudo docker run -d -e 'GIT_REPO=git@git.ngd.io:ngineered/ngineered-website.git' -e 'SSH_KEY=BIG_LONG_BASE64_STRING_GOES_IN_HERE' richarvey/nginx-php-fpm

To pull a repository and specify a branch add the GIT_BRANCH environment variable:

sudo docker run -d -e 'GIT_REPO=git@git.ngd.io:ngineered/ngineered-website.git' -e 'GIT_BRANCH=stage' -e 'SSH_KEY=BIG_LONG_BASE64_STRING_GOES_IN_HERE' richarvey/nginx-php-fpm

Docker-hook

docker-hook listens to incoming HTTP requests and triggers your specified command.

It is included in /usr/bin/docker-hook

There is a listener script copied to /usr/bin/hook-listener that will auto-start

Thanks to

About

🐳 Docker Image with Nginx, Git auto-pull and webhooks

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published