This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
технология_docker [2024/02/14 14:13] val [Запуск в режиме демона и подключение к контейнеру] |
технология_docker [2024/04/11 15:27] val [Создание контейнера для приложения с использованием Dockerfile] |
||
---|---|---|---|
Line 82: | Line 82: | ||
</code> | </code> | ||
+ | ==== Копирование файлов в контейнер ==== | ||
+ | |||
+ | <code> | ||
+ | root@webinar:~# docker cp ca.crt greenlight-v3:/usr/local/share/ca-certificates/ | ||
+ | |||
+ | root@webinar:~# docker exec -ti greenlight-v3 /usr/sbin/update-ca-certificates | ||
+ | |||
+ | root@webinar:~# docker exec greenlight-v3 wget -O /dev/null https://keycloak.corp13.un | ||
+ | |||
+ | root@webinar:~# docker commit greenlight-v3 bigbluebutton/greenlight:v3 | ||
+ | </code> | ||
Line 142: | Line 153: | ||
* [[Сервис TACACS+]] | * [[Сервис TACACS+]] | ||
- | * [[Средства программирования shell#Web сервер на shell]] | ||
<code> | <code> | ||
Line 151: | Line 161: | ||
server# cp /usr/local/sbin/webd . | server# cp /usr/local/sbin/webd . | ||
+ | или | ||
+ | </code> | ||
+ | * [[Средства программирования shell#Web сервер на shell]] | ||
+ | <code> | ||
gitlab-runner@server:~/webd/webd$ nano webd # добавляем закомментированные строки | gitlab-runner@server:~/webd/webd$ nano webd # добавляем закомментированные строки | ||
Line 471: | Line 485: | ||
==== Secure Private Registry ==== | ==== Secure Private Registry ==== | ||
+ | |||
+ | * [[Пакет OpenSSL#Импорт сертификата центра сертификации]] | ||
+ | |||
<code> | <code> | ||
- | docker login gitlab.bmstu.ru:5050 | + | # docker pull server.corp13.un:5050/student/gowebd |
- | docker tag gowebd gitlab.bmstu.ru:5050/val/gowebd | + | |
- | docker push gitlab.bmstu.ru:5050/val/gowebd | + | # docker login server.corp13.un:5050 |
</code> | </code> | ||
==== Использование образа Docker Registry и on-premise CA ==== | ==== Использование образа Docker Registry и on-premise CA ==== | ||
Line 502: | Line 519: | ||
} | } | ||
</code> | </code> | ||
+ | |||
+ | ===== Дополнительная информация ===== | ||
+ | |||
+ | ==== Приложение apwebd ==== | ||
+ | |||
+ | <code> | ||
+ | ~/apwebd$ cat Dockerfile | ||
+ | </code><code> | ||
+ | FROM debian:bookworm | ||
+ | |||
+ | RUN cp /usr/share/zoneinfo/Etc/GMT-3 /etc/localtime \ | ||
+ | && apt-get update \ | ||
+ | && apt-get install -y findutils gettext-base apache2 libapache2-mod-auth-openidc \ | ||
+ | && apt-get clean \ | ||
+ | && a2enmod cgid \ | ||
+ | && a2enmod auth_openidc | ||
+ | |||
+ | COPY rootfs/ / | ||
+ | |||
+ | EXPOSE 80 | ||
+ | |||
+ | ENTRYPOINT ["/start.sh"] | ||
+ | </code><code> | ||
+ | ~/apwebd$ find rootfs/ -type f | xargs tail -n +1 | ||
+ | </code><code> | ||
+ | ==> rootfs/var/www/html/index.html.apwebd-template <== | ||
+ | </code><code> | ||
+ | <HTML> | ||
+ | <HEAD> | ||
+ | <META HTTP-EQUIV="Refresh" CONTENT="10;URL=/cgi-bin/apwebd/"> | ||
+ | </HEAD> | ||
+ | <BODY text="blue"> | ||
+ | <H1><A HREF=/cgi-bin/apwebd/>Login to ${APWEBD_HOSTNAME}</A></H1> | ||
+ | Version: 1.2 | ||
+ | </BODY> | ||
+ | </HTML> | ||
+ | </code><code> | ||
+ | ==> rootfs/start.sh <== | ||
+ | </code><code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | [ "$APWEBD_HOSTNAME" ] || { echo Please set env APWEBD_HOSTNAME; exit; } | ||
+ | [ "$KEYCLOAK_HOSTNAME" ] || { echo Please set env KEYCLOAK_HOSTNAME; exit; } | ||
+ | [ "$REALM_NAME" ] || { echo Please set env REALM_HOSTNAME; exit; } | ||
+ | |||
+ | find / -type f -name '*.apwebd-template' | while read -r FILE; do envsubst < "$FILE" > "${FILE%.apwebd-template}"; done | ||
+ | |||
+ | /etc/init.d/apache2 start | ||
+ | |||
+ | tail -f /var/log/apache2/error.log -f /var/log/apache2/access.log | ||
+ | |||
+ | </code><code> | ||
+ | ==> rootfs/etc/apache2/conf-available/serve-cgi-bin.conf.apwebd-template <== | ||
+ | </code><code> | ||
+ | <IfModule mod_alias.c> | ||
+ | <IfModule mod_cgi.c> | ||
+ | Define ENABLE_USR_LIB_CGI_BIN | ||
+ | </IfModule> | ||
+ | |||
+ | <IfModule mod_cgid.c> | ||
+ | Define ENABLE_USR_LIB_CGI_BIN | ||
+ | </IfModule> | ||
+ | |||
+ | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
+ | |||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://${KEYCLOAK_HOSTNAME}/realms/${REALM_NAME}/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://${APWEBD_HOSTNAME}/cgi-bin/apwebd | ||
+ | OIDCClientID any-client | ||
+ | OIDCCryptoPassphrase anystring | ||
+ | |||
+ | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
+ | <Directory "/usr/lib/cgi-bin"> | ||
+ | AllowOverride None | ||
+ | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
+ | # Require all granted | ||
+ | AuthType openid-connect | ||
+ | Require valid-user | ||
+ | </Directory> | ||
+ | </IfDefine> | ||
+ | </IfModule> | ||
+ | </code><code> | ||
+ | ==> rootfs/usr/lib/cgi-bin/apwebd <== | ||
+ | </code><code> | ||
+ | #!/bin/sh | ||
+ | |||
+ | echo Content-type: text/html | ||
+ | echo | ||
+ | |||
+ | echo "<h1 style=\"color:blue;\">Hello ${OIDC_CLAIM_preferred_username}</h1>" | ||
+ | |||
+ | echo "<pre>"; env; echo "</pre>" | ||
+ | </code><code> | ||
+ | ~/apwebd$ docker build -t server.corp13.un:5000/student/apwebd:ver1.2 . | ||
+ | |||
+ | ~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --rm -P server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | |||
+ | ~/apwebd$ docker run -e APWEBD_HOSTNAME=apwebd.corp13.un -e KEYCLOAK_HOSTNAME=keycloak.corp13.un -e REALM_NAME=corp13 -itd --entrypoint bash server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | |||
+ | ~/apwebd$ docker push server.corp13.un:5000/student/apwebd:ver1.2 | ||
+ | </code> | ||
+ | |||
===== Старая версия ===== | ===== Старая версия ===== |