Archives
/
docker-ejabberd
mirror of https://github.com/processone/docker-ejabberd
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:Monogramm/docker-ejabberd into ci/docker

Browse Source
pull/45/head
mathieu.brunot 5 years ago
parent 065b082370 edb0373fd0
commit 5e832e94b5
No known key found for this signature in database
GPG Key ID: 81584BEAF692D7E0
10 changed files with 183 additions and 64 deletions
Show Stats Download Patch File Download Diff File

39
.travis.yml
Unescape Escape View File

@ -0,0 +1,39 @@
dist: trusty
sudo: required
services: docker
language: bash
branches:
only:
- master
before_script:
- env | sort
- dir="${VARIANT}/"
script:
- cd "$dir"
- travis_wait docker build --build-arg VERSION=${VERSION} -t ejabberd/ecs:travis-${VERSION} .
- docker images
- travis_retry docker run --name ejabberd -d -p 5222:5222 ejabberd/ecs && sleep 60
- docker ps
- docker logs ejabberd
- docker logs ejabberd | grep "Start accepting TCP connections" || exit 1
notifications:
email: false
matrix:
allow_failures:
- env: VERSION=latest VARIANT=ecs
- env: VERSION=latest VARIANT=mix
env: # Environments
- VERSION=latest VARIANT=ecs
- VERSION=latest VARIANT=mix
- VERSION=19.05 VARIANT=ecs
- VERSION=19.05 VARIANT=mix
- VERSION=19.02 VARIANT=ecs
- VERSION=19.02 VARIANT=mix

17
CHANGELOG.md
Unescape Escape View File

@ -0,0 +1,17 @@
# Version 19.07
- Update default configuration
- Add sqlite libs
- Fix sample Let's Encrypt configuration
- Add badges and links docker README
- Allow mapping of upload dir as volume
- Fix INET_DIST_INTERFACE
- Add travis support
- Add STUN/TURN & SIP support
- Add libgd for image manupilation
- Upgrade alpine to 3.10
- Keep SQL init scripts in database volume
# Version 19.05
- Update default configuration

3
README.md
Unescape Escape View File

@ -1,3 +1,6 @@
[![Build Status](https://travis-ci.org/processone/docker-ejabberd.svg)](https://travis-ci.org/processone/docker-ejabberd)
# docker-ejabberd # docker-ejabberd
This repository contains a set of Docker images for ejabberd. This repository contains a set of Docker images for ejabberd.

23
ecs/Dockerfile
Unescape Escape View File

@ -24,11 +24,14 @@ RUN mkdir runtime \
&& echo 'beam_lib:strip_files(filelib:wildcard("lib/*/ebin/*beam")), init:stop().' | erts*/bin/erl -boot start_clean >/dev/null \ && echo 'beam_lib:strip_files(filelib:wildcard("lib/*/ebin/*beam")), init:stop().' | erts*/bin/erl -boot start_clean >/dev/null \
&& mv erts*/bin/* bin \ && mv erts*/bin/* bin \
&& rm -rf releases erts* bin/*src bin/dialyzer bin/typer \ && rm -rf releases erts* bin/*src bin/dialyzer bin/typer \
&& rm bin/ejabberd bin/ejabberd.bat && rm bin/ejabberd bin/ejabberd.bat \
&& cp -r /ejabberd/sql lib/ejabberd-*/priv
# Runtime container # Runtime container
FROM alpine:3.9 FROM alpine:3.10
ARG VERSION ARG VERSION
ARG VCS_REF
ARG BUILD_DATE
ENV TERM=xterm \ ENV TERM=xterm \
LC_ALL=C.UTF-8 \ LC_ALL=C.UTF-8 \
LANG=en_US.UTF-8 \ LANG=en_US.UTF-8 \
@ -38,12 +41,21 @@ ENV TERM=xterm \
VERSION=${VERSION:-latest} VERSION=${VERSION:-latest}
LABEL maintainer="ProcessOne <contact@process-one.net>" \ LABEL maintainer="ProcessOne <contact@process-one.net>" \
product="Ejabberd Community Server" \ product="Ejabberd Community Server" \
version=$VERSION version=$VERSION \
org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.vcs-url="https://github.com/processone/docker-ejabberd" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.name="Ejabberd Community Server" \
org.label-schema.description="Robust, Scalable and Extensible Realtime Server using XMPP, MQTT and SIP" \
org.label-schema.url="https://www.ejabberd.im/" \
org.label-schema.vendor="ProcessOne" \
org.label-schema.version=$VERSION \
org.label-schema.schema-version="1.0"
# Create directory structure and user for ejabberd # Create directory structure and user for ejabberd
RUN addgroup ejabberd -g 9000 \ RUN addgroup ejabberd -g 9000 \
&& adduser -s /bin/sh -D -G ejabberd ejabberd -u 9000 \ && adduser -s /bin/sh -D -G ejabberd ejabberd -u 9000 \
&& mkdir -p /home/ejabberd/conf /home/ejabberd/database /home/ejabberd/logs \ && mkdir -p /home/ejabberd/conf /home/ejabberd/database /home/ejabberd/logs /home/ejabberd/upload \
&& chown -R ejabberd:ejabberd /home/ejabberd && chown -R ejabberd:ejabberd /home/ejabberd
# Install required dependencies # Install required dependencies
@ -52,6 +64,7 @@ RUN apk upgrade --update musl \
expat \ expat \
gd \ gd \
jpeg \ jpeg \
libgd \
libpng \ libpng \
libstdc++ \ libstdc++ \
libwebp \ libwebp \
@ -74,7 +87,7 @@ ADD --chown=ejabberd:ejabberd https://download.process-one.net/cacert.pem conf/c
# Setup runtime environment # Setup runtime environment
USER ejabberd USER ejabberd
VOLUME ["$HOME/database","$HOME/conf","$HOME/logs"] VOLUME ["$HOME/database","$HOME/conf","$HOME/logs","$HOME/upload"]
EXPOSE 1883 4369-4399 5222 5269 5280 5443 EXPOSE 1883 4369-4399 5222 5269 5280 5443
ENTRYPOINT ["/home/ejabberd/bin/ejabberdctl"] ENTRYPOINT ["/home/ejabberd/bin/ejabberdctl"]

1
ecs/README.md
Unescape Escape View File

@ -112,6 +112,7 @@ Here are the volume you may want to map:
- /home/ejabberd/logs/: Directory containing log files - /home/ejabberd/logs/: Directory containing log files
- /home/ejabberd/database/: Directory containing Mnesia database. You should back up or export the content of the directory to persistent storage (host storage, local storage, any storage plugin) - /home/ejabberd/database/: Directory containing Mnesia database. You should back up or export the content of the directory to persistent storage (host storage, local storage, any storage plugin)
- /home/ejabberd/conf/: Directory containing configuration and certificates - /home/ejabberd/conf/: Directory containing configuration and certificates
- /home/ejabberd/upload/: Directory containing uploaded files. This should also be backed up.
All these files are owned by ejabberd user inside the container. Corresponding All these files are owned by ejabberd user inside the container. Corresponding
UID:GID is 9000:9000. If you prefer bind mounts instead of docker volumes, then UID:GID is 9000:9000. If you prefer bind mounts instead of docker volumes, then

4
ecs/bin/ejabberdctl
Unescape Escape View File

@ -83,7 +83,7 @@ if [ -n "$FIREWALL_WINDOW" ] ; then
ERLANG_OPTS="$ERLANG_OPTS -kernel inet_dist_listen_min ${FIREWALL_WINDOW%-*} inet_dist_listen_max ${FIREWALL_WINDOW#*-}" ERLANG_OPTS="$ERLANG_OPTS -kernel inet_dist_listen_min ${FIREWALL_WINDOW%-*} inet_dist_listen_max ${FIREWALL_WINDOW#*-}"
fi fi
if [ -n "$INET_DIST_INTERFACE" ] ; then if [ -n "$INET_DIST_INTERFACE" ] ; then
INET_DIST_INTERFACE2=$("$ERL" -noshell -eval 'case inet:parse_address("'$INET_DIST_INTERFACE'") of {ok,IP} -> io:format("~p",[IP]); _ -> ok end.' -s erlang halt) INET_DIST_INTERFACE2=$("$ERL" -boot start_clean -noshell -eval 'case inet:parse_address("'$INET_DIST_INTERFACE'") of {ok,IP} -> io:format("~p",[IP]); _ -> ok end.' -s erlang halt)
if [ -n "$INET_DIST_INTERFACE2" ] ; then if [ -n "$INET_DIST_INTERFACE2" ] ; then
ERLANG_OPTS="$ERLANG_OPTS -kernel inet_dist_use_interface $INET_DIST_INTERFACE2" ERLANG_OPTS="$ERLANG_OPTS -kernel inet_dist_use_interface $INET_DIST_INTERFACE2"
fi fi
@ -222,6 +222,7 @@ stop_epmd()
# make sure node not already running and node name unregistered # make sure node not already running and node name unregistered
# if all ok, ensure runtime directory exists and make it current directory # if all ok, ensure runtime directory exists and make it current directory
# then (docker case) make .sql files available on database volume
check_start() check_start()
{ {
"$EPMD" -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && { "$EPMD" -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
@ -237,6 +238,7 @@ check_start()
} }
"$EPMD" -kill >/dev/null "$EPMD" -kill >/dev/null
} }
cp "$HOME_DIR/lib/ejabberd-*/priv/sql/*" "$HOME_DIR/database/"
} }
# allow sync calls # allow sync calls

7
ecs/build.sh
Unescape Escape View File

@ -3,5 +3,10 @@
current=$(date +%y.%m) current=$(date +%y.%m)
version=${1:-$current} version=${1:-$current}
docker build --build-arg VERSION=$version -t ejabberd/ecs:$version . docker build \
--build-arg VERSION=$version \
--build-arg VCS_REF=`git rev-parse --short HEAD` \
--build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
-t ejabberd/ecs:$version .
[ "$version" = "latest" ] || docker tag ejabberd/ecs:$version ejabberd/ecs:latest [ "$version" = "latest" ] || docker tag ejabberd/ecs:$version ejabberd/ecs:latest

149
ecs/conf/ejabberd.yml
Unescape Escape View File

@ -12,23 +12,10 @@
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### ******************************************************* ### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
### Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
### Examples of quoted string: "Lizzard", "orange".
### Example of folded string:
### > Art thou not Romeo,
### and a Montague?
### ###
language: "en"
hosts: hosts:
- "localhost" - localhost
loglevel: 4 loglevel: 4
log_rotate_size: 10485760 log_rotate_size: 10485760
@ -37,14 +24,14 @@ log_rotate_count: 1
log_rate_limit: 100 log_rate_limit: 100
certfiles: certfiles:
- "/home/ejabberd/conf/server.pem" - /home/ejabberd/conf/server.pem
ca_file: "/home/ejabberd/conf/cacert.pem" ca_file: "/home/ejabberd/conf/cacert.pem"
# When using let's encrypt to generate certificates ## When using let's encrypt to generate certificates
##certfiles: ##certfiles:
## - "/etc/letsencrypt/live/localhost/cert.pem" ## - /etc/letsencrypt/live/localhost/fullchain.pem
## - "/etc/letsencrypt/live/localhost/privkey.pem" ## - /etc/letsencrypt/live/localhost/privkey.pem
## ##
##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem" ##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem"
@ -86,6 +73,55 @@ listen:
ip: "::" ip: "::"
module: mod_mqtt module: mod_mqtt
backlog: 1000 backlog: 1000
##
## https://docs.ejabberd.im/admin/configuration/#stun-and-turn
## ejabberd_stun: Handles STUN Binding requests
##
##-
## port: 3478
## ip: "0.0.0.0"
## transport: udp
## module: ejabberd_stun
## use_turn: true
## turn_ip: "{{ IP }}"
## auth_type: user
## auth_realm: "example.com"
##-
## port: 3478
## ip: "0.0.0.0"
## module: ejabberd_stun
## use_turn: true
## turn_ip: "{{ IP }}"
## auth_type: user
## auth_realm: "example.com"
##-
## port: 5349
## ip: "0.0.0.0"
## module: ejabberd_stun
## certfile: "/home/ejabberd/conf/server.pem"
## tls: true
## use_turn: true
## turn_ip: "{{ IP }}"
## auth_type: user
## auth_realm: "example.com"
##
## https://docs.ejabberd.im/admin/configuration/#sip
## To handle SIP (VOIP) requests:
##
##-
## port: 5060
## ip: "0.0.0.0"
## transport: udp
## module: ejabberd_sip
##-
## port: 5060
## ip: "0.0.0.0"
## module: ejabberd_sip
##-
## port: 5061
## ip: "0.0.0.0"
## module: ejabberd_sip
## tls: true
s2s_use_starttls: optional s2s_use_starttls: optional
@ -94,31 +130,29 @@ acl:
user_regexp: "" user_regexp: ""
loopback: loopback:
ip: ip:
- "127.0.0.0/8" - 127.0.0.0/8
- "::1/128" - ::1/128
- "::FFFF:127.0.0.1/128" - ::FFFF:127.0.0.1/128
admin: admin:
user: user:
- "admin@localhost" - "admin@localhost"
access_rules: access_rules:
local: local:
- allow: local allow: local
c2s: c2s:
- deny: blocked deny: blocked
- allow allow: all
announce: announce:
- allow: admin allow: admin
configure: configure:
- allow: admin allow: admin
muc_create: muc_create:
- allow: local allow: local
pubsub_createnode: pubsub_createnode:
- allow: local allow: local
register:
- allow
trusted_network: trusted_network:
- allow: loopback allow: loopback
api_permissions: api_permissions:
"console commands": "console commands":
@ -128,26 +162,26 @@ api_permissions:
what: "*" what: "*"
"admin access": "admin access":
who: who:
- access: access:
- allow: allow:
- acl: loopback acl: loopback
- acl: admin acl: admin
- oauth: oauth:
- scope: "ejabberd:admin" scope: "ejabberd:admin"
- access: access:
- allow: allow:
- acl: loopback acl: loopback
- acl: admin acl: admin
what: what:
- "*" - "*"
- "!stop" - "!stop"
- "!start" - "!start"
"public commands": "public commands":
who: who:
- ip: "127.0.0.1/8" ip: 127.0.0.1/8
what: what:
- "status" - status
- "connected_users_number" - connected_users_number
shaper: shaper:
normal: 1000 normal: 1000
@ -156,11 +190,11 @@ shaper:
shaper_rules: shaper_rules:
max_user_sessions: 10 max_user_sessions: 10
max_user_offline_messages: max_user_offline_messages:
- 5000: admin 5000: admin
- 100 100: all
c2s_shaper: c2s_shaper:
- none: admin none: admin
- normal normal: all
s2s_shaper: fast s2s_shaper: fast
max_fsm_queue: 10000 max_fsm_queue: 10000
@ -185,15 +219,15 @@ modules:
mod_fail2ban: {} mod_fail2ban: {}
mod_http_api: {} mod_http_api: {}
mod_http_upload: mod_http_upload:
put_url: "https://@HOST@:5443/upload" put_url: https://@HOST@:5443/upload
mod_last: {} mod_last: {}
## mod_mam: mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend ## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy ## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured: ## to configure. Uncomment this when you have SQL configured:
## db_type: sql ## db_type: sql
## assume_mam_usage: true assume_mam_usage: true
## default: always default: never
mod_mqtt: {} mod_mqtt: {}
mod_muc: mod_muc:
access: access:
@ -202,9 +236,11 @@ modules:
- allow: admin - allow: admin
access_create: muc_create access_create: muc_create
access_persistent: muc_create access_persistent: muc_create
access_mam:
- allow
default_room_options: default_room_options:
allow_subscription: true # enable MucSub allow_subscription: true # enable MucSub
## mam: true mam: false
mod_muc_admin: {} mod_muc_admin: {}
mod_offline: mod_offline:
access_max_user_messages: max_user_offline_messages access_max_user_messages: max_user_offline_messages
@ -217,11 +253,11 @@ modules:
mod_pubsub: mod_pubsub:
access_createnode: pubsub_createnode access_createnode: pubsub_createnode
plugins: plugins:
- "flat" - flat
- "pep" - pep
force_node_config: force_node_config:
## Avoid buggy clients to make their bookmarks public ## Avoid buggy clients to make their bookmarks public
"storage:bookmarks": storage:bookmarks:
access_model: whitelist access_model: whitelist
mod_push: {} mod_push: {}
mod_push_keepalive: {} mod_push_keepalive: {}
@ -234,6 +270,7 @@ modules:
ip_access: trusted_network ip_access: trusted_network
mod_roster: mod_roster:
versioning: true versioning: true
mod_sip: {}
mod_s2s_dialback: {} mod_s2s_dialback: {}
mod_shared_roster: {} mod_shared_roster: {}
mod_stream_mgmt: mod_stream_mgmt:

2
ecs/vars.config
Unescape Escape View File

@ -6,3 +6,5 @@
{zlib, true}. {zlib, true}.
{elixir, true}. {elixir, true}.
{iconv, true}. {iconv, true}.
{stun, true}.
{sip, true}.

2
mix/Dockerfile
Unescape Escape View File

@ -1,4 +1,4 @@
FROM alpine:3.9 FROM alpine:3.10
LABEL maintainer="ProcessOne <contact@process-one.net>" \ LABEL maintainer="ProcessOne <contact@process-one.net>" \
product="Ejabberd mix development environment" product="Ejabberd mix development environment"

Write Preview
Loading…
Cancel
Save