You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Dockerfile 3.5KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. FROM ubuntu:xenial
  2. LABEL maintainer="Jacob Alberty <jacob.alberty@foundigital.com>"
  3. ARG DEBIAN_FRONTEND=noninteractive
  4. ENV BASEDIR=/usr/lib/unifi \
  5. DATADIR=/unifi/data \
  6. LOGDIR=/unifi/log \
  7. CERTDIR=/unifi/cert \
  8. RUNDIR=/var/run/unifi \
  9. ODATADIR=/var/lib/unifi \
  10. OLOGDIR=/var/log/unifi \
  11. CERTNAME=cert.pem \
  12. CERT_PRIVATE_NAME=privkey.pem \
  13. CERT_IS_CHAIN=false \
  14. GOSU_VERSION=1.10 \
  15. BIND_PRIV=true \
  16. RUNAS_UID0=true \
  17. UNIFI_GID=999 \
  18. UNIFI_UID=999
  19. # Install gosu
  20. # https://github.com/tianon/gosu/blob/master/INSTALL.md
  21. # This should be integrated with the main run because it duplicates a lot of the steps there
  22. # but for now while shoehorning gosu in it is seperate
  23. RUN set -ex \
  24. && fetchDeps=' \
  25. ca-certificates \
  26. wget \
  27. ' \
  28. && apt-get update \
  29. && apt-get install -y --no-install-recommends $fetchDeps \
  30. && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
  31. && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
  32. && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
  33. # verify the signature
  34. && export GNUPGHOME="$(mktemp -d)" \
  35. && for server in $(shuf -e ha.pool.sks-keyservers.net \
  36. hkp://p80.pool.sks-keyservers.net:80 \
  37. keyserver.ubuntu.com \
  38. hkp://keyserver.ubuntu.com:80 \
  39. pgp.mit.edu) ; do \
  40. gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
  41. done \
  42. && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
  43. && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
  44. && chmod +x /usr/local/bin/gosu \
  45. # verify that the binary works
  46. && gosu nobody true \
  47. && apt-get purge -y --auto-remove $fetchDeps \
  48. && rm -rf /var/lib/apt/lists/*
  49. RUN mkdir -p /usr/unifi \
  50. /usr/local/unifi/init.d \
  51. /usr/unifi/init.d
  52. COPY docker-entrypoint.sh /usr/local/bin/
  53. COPY docker-healthcheck.sh /usr/local/bin/
  54. COPY docker-build.sh /usr/local/bin/
  55. COPY functions /usr/unifi/functions
  56. COPY import_cert /usr/unifi/init.d/
  57. RUN chmod +x /usr/local/bin/docker-entrypoint.sh \
  58. && chmod +x /usr/unifi/init.d/import_cert \
  59. && chmod +x /usr/local/bin/docker-healthcheck.sh \
  60. && chmod +x /usr/local/bin/docker-build.sh
  61. ENV PKGURL=https://dl.ubnt.com/unifi/7.2.97/unifi_sysvinit_all.deb
  62. # Push installing openjdk-8-jre first, so that the unifi package doesn't pull in openjdk-7-jre as a dependency? Else uncomment and just go with openjdk-7.
  63. RUN set -ex \
  64. && mkdir -p /usr/share/man/man1/ \
  65. && groupadd -r unifi -g $UNIFI_GID \
  66. && useradd --no-log-init -r -u $UNIFI_UID -g $UNIFI_GID unifi \
  67. && /usr/local/bin/docker-build.sh "${PKGURL}"
  68. VOLUME ["/unifi", "${RUNDIR}"]
  69. EXPOSE 6789/tcp 8080/tcp 8443/tcp 8880/tcp 8843/tcp 3478/udp
  70. WORKDIR /unifi
  71. HEALTHCHECK CMD /usr/local/bin/docker-healthcheck.sh || exit 1
  72. # execute controller using JSVC like original debian package does
  73. ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
  74. CMD ["unifi"]
  75. # execute the conroller directly without using the service
  76. #ENTRYPOINT ["/usr/bin/java", "-Xmx${JVM_MAX_HEAP_SIZE}", "-jar", "/usr/lib/unifi/lib/ace.jar"]
  77. # See issue #12 on github: probably want to consider how JSVC handled creating multiple processes, issuing the -stop instraction, etc. Not sure if the above ace.jar class gracefully handles TERM signals.
  78. #CMD ["start"]