Initial commit of source files.

Author: jdeathe

Dockerfile

@@ -0,0 +1,88 @@
+# =============================================================================
+# jdeathe/centos-ssh-apache-php-fcgi
+#
+# CentOS-6, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1, Composer
+# 
+# =============================================================================
+FROM jdeathe/centos-ssh-apache-php
+
+MAINTAINER James Deathe <james.deathe@gmail.com>
+
+# -----------------------------------------------------------------------------
+# FastCGI support
+# -----------------------------------------------------------------------------
+RUN yum --setopt=tsflags=nodocs -y install \
+	fcgi \
+	mod_fcgid \
+	&& rm -rf /var/cache/yum/* \
+	&& yum clean all
+
+# -----------------------------------------------------------------------------
+# Add a "Message of the Day" to help identify container if logging in via SSH
+# -----------------------------------------------------------------------------
+RUN echo '[ CentOS-6 / Apache / PHP (FastCGI) ]' > /etc/motd
+
+# -----------------------------------------------------------------------------
+# Apache mime_magic module should be disabled with FastCGI
+# -----------------------------------------------------------------------------
+RUN sed -i \
+	-e 's~^LoadModule mime_magic_module modules/mod_mime_magic.so~#LoadModule mime_magic_module modules/mod_mime_magic.so~g' \
+	/etc/httpd/conf/httpd.conf
+
+# -----------------------------------------------------------------------------
+# Enable the pathinfo fix
+# -----------------------------------------------------------------------------
+RUN sed -i \
+	-e 's~^;cgi.fix_pathinfo=1~cgi.fix_pathinfo = 1~g' \
+	/etc/php.ini
+
+# -----------------------------------------------------------------------------
+# Enable Apache MPM worker
+# -----------------------------------------------------------------------------
+RUN sed -i \
+	-e 's~#HTTPD=/usr/sbin/httpd.worker~HTTPD=/usr/sbin/httpd.worker~g' \
+	/etc/sysconfig/httpd
+
+# -----------------------------------------------------------------------------
+# Disable mod_php
+# -----------------------------------------------------------------------------
+RUN mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.off
+RUN touch /etc/httpd/conf.d/php.conf
+RUN chmod 444 /etc/httpd/conf.d/php.conf
+
+# -----------------------------------------------------------------------------
+# Add the PHP Wrapper script
+# -----------------------------------------------------------------------------
+RUN mkdir -p /var/www/app/bin
+ADD var/www/app/bin/php-wrapper /var/www/app/bin/
+
+# -----------------------------------------------------------------------------
+# Replace the PHP Standard bootstrap
+# -----------------------------------------------------------------------------
+ADD etc/services-config/httpd/apache-bootstrap.conf /etc/services-config/httpd/
+RUN ln -sf /etc/services-config/httpd/apache-bootstrap.conf /etc/apache-bootstrap.conf
+
+ADD etc/apache-bootstrap /etc/
+RUN chmod +x /etc/apache-bootstrap
+
+# -----------------------------------------------------------------------------
+# Set permissions (app:app-www === 501:502)
+# -----------------------------------------------------------------------------
+#RUN chown -R 501:502 /var/www/app
+#RUN chmod 775 /var/www/app
+RUN chmod -R 750 /var/www/app/bin
+
+# -----------------------------------------------------------------------------
+# Add to the template directory
+# -----------------------------------------------------------------------------
+RUN cp -rpf /var/www/app/bin /var/www/.app-skel/bin
+
+# -----------------------------------------------------------------------------
+# Copy files into place
+# -----------------------------------------------------------------------------
+ADD etc/services-config/httpd/conf.d/fcgid.conf /etc/httpd/conf.d/
+RUN ln -sf /etc/services-config/httpd/conf.d/fcgid.conf /etc/httpd/conf.d/fcgid.conf
+
+EXPOSE 80 8443 443
+
+CMD ["/usr/bin/supervisord", "--configuration=/etc/supervisord.conf"]

README.md

@@ -0,0 +1,220 @@
+centos-ssh-apache-php-fcgi
+==========================
+
+Docker Image including CentOS-6, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1, Composer.
+
+The Dockerfile can be used to build a base image that can be run as-is or used as the bases for other more specific builds.
+
+Included in the build is the EPEL repository and SSH, vi, elinks (for fullstatus support), APC, Memcache and Composer are installed along with python-pip, supervisor and supervisor-stdout.
+
+[Supervisor](http://supervisord.org/) is used to start httpd (and optionally the sshd) daemon when a docker container based on this image is run. To enable simple viewing of stdout for the sshd subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with `docker logs <docker-container-name>`.
+
+SSH is not required in order to access a terminal for the running container the prefered method is to use Command Keys and the nsenter command. See [command-keys.md](command-keys.md) for details on how to set this up.
+
+If enabling and configuring SSH access, it is by public key authentication and, by default, the [Vagrant](http://www.vagrantup.com/) [insecure private key](https://github.com/mitchellh/vagrant/blob/master/keys/vagrant) is required.
+
+## Quick Example
+
+Run up a container named ```apache-php.app-1.1.1``` from the docker image ```jdeathe/centos-ssh-apache-php``` on port 8080 of your docker host.
+
+```
+$ docker run -d \
+  apache-php.app-1.1.1 \
+  -p 8080:80 \
+  --env SERVICE_UNIT_APP_GROUP=app-1 \
+  --env SERVICE_UNIT_LOCAL_ID=1 \
+  --env SERVICE_UNIT_INSTANCE=1 \
+  --env APACHE_SERVER_NAME=app-1.local \
+  --env APACHE_SERVER_ALIAS=app-1 \
+  --env DATE_TIMEZONE=UTC \
+  -v /var/services-data/apache-php/app-1:/var/www/app \
+  jdeathe/centos-ssh-apache-php:latest
+```
+
+Now point your browser to ```http://<docker-host>:8080``` where "```<docker-host>```" is the host name of your docker server and, if all went well, you should see the "Hello, world!" page.
+
+![Hello World Screen Shot](images/hello-world.png?raw=true)
+
+## Instructions
+
+### (Optional) Configuration Data Volume
+
+Create a "data volume" for configuration, this allows you to share the same configuration between multiple docker containers and, by mounting a host directory into the data volume you can override the default configuration files provided.
+
+Make a directory on the docker host for storing container configuration files. This directory needs to contain everything from the directory [etc/services-config](etc/services-config)
+
+```
+$ mkdir -p /etc/services-config/apache-php.app-1.1.1
+```
+
+Create the data volume, mounting our docker host's configuration directory to */etc/services-config/ssh* in the docker container. Docker will pull the busybox:latest image if you don't already have it available locally.
+
+```
+$ docker run \
+  --name volume-config.apache-php.app-1.1.1 \
+  -v /etc/services-config/ssh.pool-1:/etc/services-config/ssh \
+  -v /etc/services-config/apache-php.app-1.1.1/supervisor:/etc/services-config/supervisor \
+  -v /etc/services-config/apache-php.app-1.1.1/httpd:/etc/services-config/httpd \
+  -v /etc/services-config/apache-php.app-1.1.1/ssl/certs:/etc/services-config/ssl/certs \
+  -v /etc/services-config/apache-php.app-1.1.1/ssl/private:/etc/services-config/ssl/private \
+  busybox:latest \
+  /bin/true
+```
+
+### Running
+
+To run the a docker container from this image you can use the included [run.sh](run.sh) and [run.conf](run.conf) scripts. The helper script will stop any running container of the same name, remove it and run a new daemonised container on an unspecified host port. Alternatively you can use the following.
+
+```
+$ docker stop apache-php.app-1.1.1 && \
+  docker rm apache-php.app-1.1.1
+$ docker run -d \
+  --name apache-php.app-1.1.1 \
+  -p 8080:80 \
+  -p 8580:8443 \
+  --env SERVICE_UNIT_INSTANCE=app-1 \
+  --env SERVICE_UNIT_LOCAL_ID=1 \
+  --env SERVICE_UNIT_INSTANCE=1 \
+  --env APACHE_SERVER_NAME=app-1.local \
+  --env APACHE_SERVER_ALIAS=app-1 \
+  --env DATE_TIMEZONE=UTC \
+  --volumes-from volume-config.apache-php.app-1.1.1 \
+  -v /var/services-data/apache-php/app-1:/var/www/app \
+  jdeathe/centos-ssh-apache-php:latest
+```
+
+Now you can verify it is initialised and running successfully by inspecting the container's logs
+
+```
+$ docker logs apache-php.app-1.1.1
+```
+
+The output of the logs should show the Apache modules being loaded and auto-generated password for the Apache user and group, (if not try again after a few seconds).
+
+#### Runtime Environment Variables
+
+There are several environmental variables defined at runtime these allow the operator to customise the running container which may become necessary when running several on the same docker host, when clustering docker hosts or to simply set the timezone.
+
+##### 1. SERVICE_UNIT*
+
+The ```SERVICE_UNIT``` environmental variables are used to set a response header named ```X-Service-Uid``` that lets you identify the container that is serving the content. This is useful when you have many containers running on a single host using differnt ports (i.e with differnet ```SERVICE_UNIT_LOCAL_ID``` values) or if you are running a cluster and need to identify which host the content is served from (i.e with different ```SERVICE_UNIT_INSTANCE``` values). The three values should map to the last 3 dotted values of the container name; in our case that is "app-1.1.1"
+
+```
+...
+  --env SERVICE_UNIT_APP_GROUP=app-1 \
+  --env SERVICE_UNIT_LOCAL_ID=1 \
+  --env SERVICE_UNIT_INSTANCE=1 \
+...
+```
+
+##### 2. APACHE_SERVER*
+
+The ```APACHE_SERVER_NAME``` and ```APACHE_SERVER_ALIAS``` environmental variables are used to set the VirtualHost ```ServerName``` and ```ServerAlias``` values respectively. In the following example the running container would respond to the host names ```app-1.local``` or ```app-1```:
+
+```
+...
+  --env APACHE_SERVER_NAME=app-1.local \
+  --env APACHE_SERVER_ALIAS=app-1 \
+...
+```
+
+from your browser you can then access it with ```http://app-1.local:8080``` assuming you have the IP address of your docker mapped to the hostname using your DNS server or a local hosts entry.
+
+##### 3. DATE_TIMEZONE
+
+The default timezone for the container, and the PHP app, is UTC however the operator can set an appropriate timezone using the ```DATE_TIMEZONE``` variable. The value should be a timezone identifier, like UTC or Europe/London. The list of valid identifiers is available in the PHP [List of Supported Timezones](http://php.net/manual/en/timezones.php).
+
+To set the timezone for the UK and account for British Summer Time you would use:
+
+```
+...
+  --env DATE_TIMEZONE=Europe/London \
+...
+```
+
+### Custom Configuration
+
+If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on your local host within a "config" directory relative to your working directory - i.e: *./config/apache-php.app-1.1.1*
+
+#### services-config/httpd/apache-bootstrap.conf
+
+The bootstrap script initialises the app. It sets up the Apache service user + group, generates passwords, enables Apache modules and adds/removes SSL support.
+
+##### 1. Service User
+
+Use the ```SERVICE_USER*``` variables in your custom apache-bootstrap.conf file to override this and to also define a custom username and/or group.
+
+```
+SERVICE_USER=apacheUser
+SERVICE_USER_GROUP=apacheGroup
+SERVICE_USER_PASSWORD=userPassword123
+SERVICE_USER_GROUP_PASSWORD=userGroupPassword123
+```
+
+##### 2. Apache Modules
+
+The variable ```APACHE_LOAD_MODULES``` defines all Apache modules to be loaded from */etc/httpd/conf/http.conf*. The default is the minimum required so you may need to add more as necessary. To add the "mod\_rewrite" Apache Module you would add it's identifier ```rewrite_module``` to the array as follows.
+
+```
+APACHE_LOAD_MODULES="
+    authz_user_module
+    log_config_module
+    expires_module
+    deflate_module
+    headers_module
+    setenvif_module
+    mime_module
+    status_module
+    dir_module
+    alias_module
+    rewrite_module
+"
+```
+
+##### 3. SSL Support
+
+By default SSL support is disabled but a second port, (mapped to 8443), is available for traffic that has been been through upstream SSL termination (SSL Offloading). If you want the container to support SSL directly then set ```APACHE_MOD_SSL_ENABLED=true``` this will then generate a self signed certificate and will update Apache to accept traffic on port 443.
+
+*Note:* The included helper script [run.sh](run.sh) will automatically map the docker host port 8580 to 443 but if you are running docker manually can use the following.
+
+```
+$ docker stop apache-php.app-1.1.1 && \
+  docker rm apache-php.app-1.1.1
+$ docker run -d \
+  --name apache-php.app-1.1.1 \
+  -p 8080:80 \
+  -p 8580:443 \
+  --env SERVICE_UNIT_APP_GROUP=app-1 \
+  --env SERVICE_UNIT_LOCAL_ID=1 \
+  --env SERVICE_UNIT_INSTANCE=1 \
+  --env APACHE_SERVER_NAME=app-1.local \
+  --env APACHE_SERVER_ALIAS=app-1 \
+  --env DATE_TIMEZONE=UTC \
+  --volumes-from volume-config.apache-php.app-1.1.1 \
+  -v /var/services-data/apache-php/app-1:/var/www/app \
+  jdeathe/centos-ssh-apache-php:latest
+```
+
+#### services-config/ssl/certs/localhost.crt
+
+You may need to override the default auto-generated self signed certificate. To do this you can add the SSLCertificateFile to your config directory using the filename ```localhost.crt``` for example:
+
+```
+./config/services-config/ssl/certs/localhost.crt
+```
+
+*Note:* You must also specify the associated SSLCertificateKeyFile in this case.
+
+#### services-config/ssl/private/localhost.key
+
+To override the SSLCertificateKeyFile add it to your config directory using the filename ```localhost.key``` for example:
+
+```
+./config/services-config/ssl/private/localhost.key
+```
+
+*Note:* You must also specify the associated SSLCertificateFile in this case.
+
+#### services-config/supervisor/supervisord.conf
+
+The supervisor service's configuration can also be overriden by editing the custom supervisord.conf file. It shouldn't be necessary to change the existing configuration here but you could include more [program:x] sections to run additional commands at startup.

apache-php.app-1.1.1@8080.service

@@ -0,0 +1,86 @@
+# -----------------------------------------------------------------------------
+# Create a data container for the configuration volume: 
+#     docker run -v /config --name volume-config.<service-name> busybox /bin/true
+#
+# To install: 
+#     sudo cp <container-path>/<service-name>@<port>.service /etc/systemd/system/
+#     sudo systemctl daemon-reload
+#     sudo systemctl enable /etc/systemd/system/<service-name>@<port>.service
+# 
+# Start using: 
+#     sudo systemctl restart <service-name>@<port>.service
+# -----------------------------------------------------------------------------
+
+[Unit]
+Description=CentOS-6 / Apache / PHP (FastCGI) // app-1.1.1
+After=etcd.service
+After=docker.service
+Requires=docker.service
+Requires=etcd.service
+
+[Service]
+Restart=on-failure
+RestartSec=30
+TimeoutStartSec=1200
+
+# Create a data container for the configuration volume
+ExecStartPre=/bin/sudo /bin/bash -c \
+  "if [ ! \"busybox\" == \"$(/usr/bin/docker images | /bin/grep -e '^busybox[ ]\{1,\}' | /bin/grep -o 'busybox')\" ]; then \
+    if [ -f /var/services-packages/busybox.latest-1.0.0.tar.xz ]; then \
+      /usr/bin/xz -dc /var/services-packages/busybox.latest-1.0.0.tar.xz | /usr/bin/docker load; \
+    else \
+      /usr/bin/docker pull busybox:latest; \
+    fi; \
+  fi; \
+  if [ ! \"volume-config.%p\" == \"$(/usr/bin/docker ps -a | /bin/grep -v -e \\\"volume-config.%p/.*,.*\\\" | /bin/grep -e '[ ]\{1,\}'volume-config.%p | /bin/grep -o volume-config.%p)\" ]; then \
+    /usr/bin/docker run \
+      --name volume-config.%p \
+      -v /etc/services-config/ssh.pool-1:/etc/services-config/ssh \
+      -v /etc/services-config/%p/supervisor:/etc/services-config/supervisor \
+      -v /etc/services-config/%p/httpd:/etc/services-config/httpd \
+      -v /etc/services-config/%p/ssl/certs:/etc/services-config/ssl/certs \
+      -v /etc/services-config/%p/ssl/private:/etc/services-config/ssl/private \
+      busybox:latest \
+      /bin/true; \
+  fi"
+
+# Initialisation: Pull or build image if required
+ExecStartPre=/bin/sudo /bin/bash -c \
+  "if [ ! \"jdeathe/centos-ssh-apache-php-fcgi\" == \"$(/usr/bin/docker images | /bin/grep -e '^jdeathe/centos-ssh-apache-php-fcgi[ ]\{1,\}' | /bin/grep -o 'jdeathe/centos-ssh-apache-php-fcgi')\" ]; then \
+    if [ -f /var/services-packages/jdeathe/centos-ssh-apache-php-fcgi.centos-6-1.0.0.tar.xz ]; then \
+      /usr/bin/xz -dc /var/services-packages/jdeathe/centos-ssh-apache-php-fcgi.centos-6-1.0.0.tar.xz | /usr/bin/docker load; \
+    else \
+      /usr/bin/docker pull jdeathe/centos-ssh-apache-php-fcgi:latest; \
+    fi; \
+  fi"
+
+# Startup: Remove existing container (and stop if running) so it is re-created on startup but not removed on exit - to allow debugging if required
+ExecStart=/bin/sudo /bin/bash -c \
+  "if [ \"%p\" == \"$(/usr/bin/docker ps -a | /bin/grep -v -e \\\"%p/.*,.*\\\" | /bin/grep -e '[ ]\{1,\}'%p | /bin/grep -o %p)\" ]; then \
+    if [ \"%p\" == \"$(/usr/bin/docker ps | /bin/grep -v -e \\\"%p/.*,.*\\\" | /bin/grep -e '[ ]\{1,\}'%p | /bin/grep -o %p)\" ]; then \
+      /usr/bin/docker stop %p; \
+    fi; \
+    /usr/bin/docker rm %p; \
+  fi; \
+  /usr/bin/docker run \
+    --privileged \
+    --name %p \
+    -p %i:80 \
+    -p 8580:8443 \
+    --env SERVICE_UNIT_INSTANCE=app-1 \
+    --env SERVICE_UNIT_LOCAL_ID=1 \
+    --env SERVICE_UNIT_INSTANCE=1 \
+    --env APACHE_SERVER_NAME=app-1.local \
+    --env APACHE_SERVER_ALIAS=app-1 \
+    --env DATE_TIMEZONE=UTC \
+    --volumes-from volume-config.%p \
+    -v /var/services-data/apache-php/app-1:/var/www/app \
+    jdeathe/centos-ssh-apache-php-fcgi:latest"
+
+ExecStartPost=/usr/bin/etcdctl set /services/apache-php/app-1/1.1 %H:%i
+
+ExecStop=/usr/bin/docker stop --time 10 %p
+ExecStopPost=/usr/bin/etcdctl rm /services/apache-php/app-1/1.1
+
+[Install]
+WantedBy=multi-user.target