From 171e0c32f133e1de885111691dd6e26f8c43d3fe Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Sun, 17 Nov 2019 07:15:23 +0100 Subject: [PATCH] Allow to set custom PUID/PGID --- Dockerfile | 28 ++++++++++++++++++++++------ README.md | 38 ++++++++++++++++++++------------------ entrypoint.sh | 37 +++++++++++++++++++++++++------------ 3 files changed, 67 insertions(+), 36 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3d59775..64e58a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:experimental -FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot +FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot as suexec ARG BUILD_DATE ARG VCS_REF @@ -9,6 +9,21 @@ ARG TARGETPLATFORM ARG BUILDPLATFORM RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n" +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + gcc \ + libc-dev \ + && curl -o /usr/local/bin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c \ + && gcc -Wall /usr/local/bin/su-exec.c -o/usr/local/bin/su-exec \ + && chown root:root /usr/local/bin/su-exec \ + && chmod 0755 /usr/local/bin/su-exec + +FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + LABEL maintainer="CrazyMax" \ org.label-schema.build-date=$BUILD_DATE \ org.label-schema.name="jetbrains-license-server" \ @@ -23,7 +38,9 @@ LABEL maintainer="CrazyMax" \ ENV JLS_PATH="/opt/jetbrains-license-server" \ JLS_VERSION="21137" \ JLS_SHA256="05241f0d41644ecc7679a879c829e57d423e151b997b45c5e986d498d6fe2f21" \ - TZ="UTC" + TZ="UTC" \ + PUID="1000" \ + PGID="1000" RUN apt-get update \ && apt-get install -y \ @@ -38,17 +55,16 @@ RUN apt-get update \ && rm -f "/tmp/jls.zip" \ && chmod a+x "$JLS_PATH/bin/license-server.sh" \ && ln -sf "$JLS_PATH/bin/license-server.sh" "/usr/local/bin/license-server" \ - && groupadd -f -g 1000 jls \ - && useradd -o -s /bin/bash -d /data -u 1000 -g 1000 -m jls \ + && groupadd -f -g ${PGID} jls \ + && useradd -o -s /bin/bash -d /data -u ${PUID} -g jls -m jls \ && chown -R jls. /data "$JLS_PATH" \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +COPY --from=suexec /usr/local/bin/su-exec /usr/local/bin/su-exec COPY entrypoint.sh /entrypoint.sh RUN chmod a+x /entrypoint.sh -USER jls - EXPOSE 8000 WORKDIR /data VOLUME [ "/data" ] diff --git a/README.md b/README.md index d166036..beb658a 100644 --- a/README.md +++ b/README.md @@ -44,34 +44,36 @@ Image: crazymax/jetbrains-license-server:latest ### Environment variables -* `TZ` : The timezone assigned to the container (default `UTC`) -* `JLS_VIRTUAL_HOSTS` : [Virtual hosts](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) where license server will be available (comma delimited for several hosts) -* `JLS_CONTEXT` : [Context path](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) used by the license server (default `/`) -* `JLS_ACCESS_CONFIG` : JSON file to configure [user restrictions](https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html) (default `/data/access-config.json`) -* `JLS_STATS_RECIPIENTS` : [Reports recipients](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) email addresses for stats (comma delimited) -* `JLS_REPORT_OUT_OF_LICENSE` : [Warn about lack of licenses](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) every hour following the percentage threshold (default `0`) -* `JLS_SMTP_SERVER` : SMTP server host to use for sending [stats](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html) (stats disabled if empty) -* `JLS_SMTP_PORT` : SMTP server port (default `25`) -* `JLS_SMTP_USERNAME` : SMTP username (auth disabled if empty) -* `JLS_SMTP_PASSWORD` : SMTP password (auth disabled if empty) -* `JLS_STATS_FROM` : [From address](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) for stats emails -* `JLS_STATS_TOKEN` : Enables an auth token for the [stats API](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e312) at `/reportApi` (HTTP POST) +* `TZ`: The timezone assigned to the container (default `UTC`) +* `PUID`: Process UID (default `1000`) +* `PGID`: Process GID (default `1000`) +* `JLS_VIRTUAL_HOSTS`: [Virtual hosts](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) where license server will be available (comma delimited for several hosts) +* `JLS_CONTEXT`: [Context path](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) used by the license server (default `/`) +* `JLS_ACCESS_CONFIG`: JSON file to configure [user restrictions](https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html) (default `/data/access-config.json`) +* `JLS_STATS_RECIPIENTS`: [Reports recipients](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) email addresses for stats (comma delimited) +* `JLS_REPORT_OUT_OF_LICENSE`: [Warn about lack of licenses](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) every hour following the percentage threshold (default `0`) +* `JLS_SMTP_SERVER`: SMTP server host to use for sending [stats](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html) (stats disabled if empty) +* `JLS_SMTP_PORT`: SMTP server port (default `25`) +* `JLS_SMTP_USERNAME`: SMTP username (auth disabled if empty) +* `JLS_SMTP_PASSWORD`: SMTP password (auth disabled if empty) +* `JLS_STATS_FROM`: [From address](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) for stats emails +* `JLS_STATS_TOKEN`: Enables an auth token for the [stats API](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e312) at `/reportApi` (HTTP POST) ### Volumes -* `/data` : Contains [registration data](https://www.jetbrains.com/help/license_server/migrate.html) and configuration +* `/data`: Contains [registration data](https://www.jetbrains.com/help/license_server/migrate.html) and configuration -> :warning: Note that the volume should be owned by uid `1000` and gid `1000`. If you don't give the volume correct permissions, the container may not start. +> :warning: Note that the volumes should be owned by the user/group with the specified `PUID` and `PGID`. If you don't give the volume correct permissions, the container may not start. ### Ports -* `8000` : Jetbrains License Server HTTP port +* `8000`: Jetbrains License Server HTTP port ## Use this image ### Docker Compose -Docker compose is the recommended way to run this image. Copy the content of folder [examples/compose](examples/compose) in `/var/jls/` on your host for example. Edit the compose and env files with your preferences and run the following commands : +Docker compose is the recommended way to run this image. Copy the content of folder [examples/compose](examples/compose) in `/var/jls/` on your host for example. Edit the compose and env files with your preferences and run the following commands: ```bash touch acme.json @@ -82,7 +84,7 @@ docker-compose logs -f ### Command line -You can also use the following minimal command : +You can also use the following minimal command: ```bash $ docker run -d -p 8000:8000 --name jetbrains_license_server \ @@ -94,7 +96,7 @@ $ docker run -d -p 8000:8000 --name jetbrains_license_server \ ## Update -Recreate the container whenever i push an update : +Recreate the container whenever I push an update: ```bash docker-compose pull diff --git a/entrypoint.sh b/entrypoint.sh index a946315..647582a 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,13 +6,23 @@ JLS_PORT=8000 JLS_CONTEXT=${JLS_CONTEXT:-/} JLS_ACCESS_CONFIG=${JLS_ACCESS_CONFIG:-/data/access-config.json} +if [ -n "${PGID}" ] && [ "${PGID}" != "$(id -g jls)" ]; then + echo "Switching to PGID ${PGID}..." + sed -i -e "s/^jls:\([^:]*\):[0-9]*/jls:\1:${PGID}/" /etc/group + sed -i -e "s/^jls:\([^:]*\):\([0-9]*\):[0-9]*/jls:\1:\2:${PGID}/" /etc/passwd +fi +if [ -n "${PUID}" ] && [ "${PUID}" != "$(id -u jls)" ]; then + echo "Switching to PUID ${PUID}..." + sed -i -e "s/^jls:\([^:]*\):[0-9]*:\([0-9]*\)/jls:\1:${PUID}:\2/" /etc/passwd +fi + # Init echo "Initializing files and folders..." -touch "/data/access-config.json" +su-exec jls:jls touch "/data/access-config.json" # https://www.jetbrains.com/help/license_server/setting_host_and_port.html echo "Configuring Jetbrains License Server..." -license-server configure --listen ${JLS_LISTEN_ADDRESS} --port ${JLS_PORT} --context ${JLS_CONTEXT} +su-exec jls:jls license-server configure --listen ${JLS_LISTEN_ADDRESS} --port ${JLS_PORT} --context ${JLS_CONTEXT} # https://www.jetbrains.com/help/license_server/setting_host_and_port.html if [ ! -z "$JLS_VIRTUAL_HOSTS" ] ; then @@ -20,45 +30,48 @@ if [ ! -z "$JLS_VIRTUAL_HOSTS" ] ; then for JLS_VIRTUAL_HOST in $(echo ${JLS_VIRTUAL_HOSTS} | tr "," "\n"); do echo "-> ${JLS_VIRTUAL_HOST}" done - license-server configure --jetty.virtualHosts.names=${JLS_VIRTUAL_HOSTS} + su-exec jls:jls license-server configure --jetty.virtualHosts.names=${JLS_VIRTUAL_HOSTS} fi # https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html if [ -s "$JLS_ACCESS_CONFIG" ]; then echo "Enabling user restrictions access from $JLS_ACCESS_CONFIG..." - license-server configure --access.config=file:${JLS_ACCESS_CONFIG} + su-exec jls:jls license-server configure --access.config=file:${JLS_ACCESS_CONFIG} fi # https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html if [ ! -z "$JLS_SMTP_SERVER" -a ! -z "$JLS_STATS_RECIPIENTS" ] ; then JLS_SMTP_PORT=${JLS_SMTP_PORT:-25} echo "Enabling User Reporting via SMTP at $JLS_SMTP_SERVER:$JLS_SMTP_PORT..." - license-server configure --smtp.server ${JLS_SMTP_SERVER} --smtp.server.port ${JLS_SMTP_PORT} + su-exec jls:jls license-server configure --smtp.server ${JLS_SMTP_SERVER} --smtp.server.port ${JLS_SMTP_PORT} if [ ! -z "$JLS_SMTP_USERNAME" -a ! -z "$JLS_SMTP_PASSWORD" ] ; then echo "Using SMTP username $JLS_SMTP_USERNAME with password..." - license-server configure --smtp.server.username ${JLS_SMTP_USERNAME} - license-server configure --smtp.server.password ${JLS_SMTP_PASSWORD} + su-exec jls:jls license-server configure --smtp.server.username ${JLS_SMTP_USERNAME} + su-exec jls:jls license-server configure --smtp.server.password ${JLS_SMTP_PASSWORD} fi if [ ! -z "$JLS_STATS_FROM" ] ; then echo "Setting stats sender to $JLS_STATS_FROM..." - license-server configure --stats.from ${JLS_STATS_FROM} + su-exec jls:jls license-server configure --stats.from ${JLS_STATS_FROM} fi if [ "$JLS_REPORT_OUT_OF_LICENSE" -gt 0 ]; then echo "Setting report out of licence to $JLS_REPORT_OUT_OF_LICENSE%..." - license-server configure --reporting.out.of.license.threshold ${JLS_REPORT_OUT_OF_LICENSE} + su-exec jls:jls license-server configure --reporting.out.of.license.threshold ${JLS_REPORT_OUT_OF_LICENSE} fi echo "Stats recipients: $JLS_STATS_RECIPIENTS..." - license-server configure --stats.recipients ${JLS_STATS_RECIPIENTS} + su-exec jls:jls license-server configure --stats.recipients ${JLS_STATS_RECIPIENTS} fi # https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html if [ ! -z "$JLS_STATS_TOKEN" ] ; then echo "Enabling stats via API at /$JLS_STATS_TOKEN..." - license-server configure --reporting.token ${JLS_STATS_TOKEN} + su-exec jls:jls license-server configure --reporting.token ${JLS_STATS_TOKEN} fi -exec "$@" +echo "Fixing perms..." +chown -R jls:jls /data "$JLS_PATH" + +exec su-exec jls:jls "$@"