Dockerfile 3.5KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. FROM ubuntu:xenial
  2. LABEL maintainer="Jacob Alberty <jacob.alberty@foundigital.com>"
  3. ARG DEBIAN_FRONTEND=noninteractive
  4. ENV PKGURL=https://dl.ubnt.com/unifi/5.10.17/unifi_sysvinit_all.deb
  5. ENV BASEDIR=/usr/lib/unifi \
  6. DATADIR=/unifi/data \
  7. LOGDIR=/unifi/log \
  8. CERTDIR=/unifi/cert \
  9. RUNDIR=/var/run/unifi \
  10. ODATADIR=/var/lib/unifi \
  11. OLOGDIR=/var/log/unifi \
  12. CERTNAME=cert.pem \
  13. CERT_PRIVATE_NAME=privkey.pem \
  14. CERT_IS_CHAIN=false \
  15. GOSU_VERSION=1.10 \
  16. BIND_PRIV=true \
  17. RUNAS_UID0=true \
  18. UNIFI_GID=999 \
  19. UNIFI_UID=999
  20. # Install gosu
  21. # https://github.com/tianon/gosu/blob/master/INSTALL.md
  22. # This should be integrated with the main run because it duplicates a lot of the steps there
  23. # but for now while shoehorning gosu in it is seperate
  24. RUN set -ex \
  25. && fetchDeps=' \
  26. ca-certificates \
  27. wget \
  28. ' \
  29. && apt-get update \
  30. && apt-get install -y --no-install-recommends $fetchDeps \
  31. && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
  32. && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
  33. && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
  34. # verify the signature
  35. && export GNUPGHOME="$(mktemp -d)" \
  36. && for server in $(shuf -e ha.pool.sks-keyservers.net \
  37. hkp://p80.pool.sks-keyservers.net:80 \
  38. keyserver.ubuntu.com \
  39. hkp://keyserver.ubuntu.com:80 \
  40. pgp.mit.edu) ; do \
  41. gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
  42. done \
  43. && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
  44. && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
  45. && chmod +x /usr/local/bin/gosu \
  46. # verify that the binary works
  47. && gosu nobody true \
  48. && apt-get purge -y --auto-remove $fetchDeps \
  49. && rm -rf /var/lib/apt/lists/*
  50. RUN mkdir -p /usr/unifi \
  51. /usr/local/unifi/init.d \
  52. /usr/unifi/init.d
  53. COPY docker-entrypoint.sh /usr/local/bin/
  54. COPY docker-healthcheck.sh /usr/local/bin/
  55. COPY docker-build.sh /usr/local/bin/
  56. COPY functions /usr/unifi/functions
  57. COPY import_cert /usr/unifi/init.d/
  58. RUN chmod +x /usr/local/bin/docker-entrypoint.sh \
  59. && chmod +x /usr/unifi/init.d/import_cert \
  60. && chmod +x /usr/local/bin/docker-healthcheck.sh \
  61. && chmod +x /usr/local/bin/docker-build.sh
  62. # Push installing openjdk-8-jre first, so that the unifi package doesn't pull in openjdk-7-jre as a dependency? Else uncomment and just go with openjdk-7.
  63. RUN set -ex \
  64. && mkdir -p /usr/share/man/man1/ \
  65. && groupadd -r unifi -g $UNIFI_GID \
  66. && useradd --no-log-init -r -u $UNIFI_UID -g $UNIFI_GID unifi \
  67. && /usr/local/bin/docker-build.sh "${PKGURL}"
  68. VOLUME ["/unifi", "${RUNDIR}"]
  69. EXPOSE 6789/tcp 8080/tcp 8443/tcp 8880/tcp 8843/tcp 3478/udp
  70. WORKDIR /unifi
  71. HEALTHCHECK CMD /usr/local/bin/docker-healthcheck.sh || exit 1
  72. # execute controller using JSVC like original debian package does
  73. ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
  74. CMD ["unifi"]
  75. # execute the conroller directly without using the service
  76. #ENTRYPOINT ["/usr/bin/java", "-Xmx${JVM_MAX_HEAP_SIZE}", "-jar", "/usr/lib/unifi/lib/ace.jar"]
  77. # See issue #12 on github: probably want to consider how JSVC handled creating multiple processes, issuing the -stop instraction, etc. Not sure if the above ace.jar class gracefully handles TERM signals.
  78. #CMD ["start"]