docker/mailu
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Standarize unbound, prepare for setup inclusion

Browse Source 
- Use jinja template for configuration file (start.py)
- Limit access to the Mailu subnet
- Implement health checks
This commit is contained in:
Tim Möhlmann
2018-10-23 15:07:49 +03:00
parent 40d8e65762
commit bcfce27ee2
5 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
core/unbound/Dockerfile
View File

@@ -1,14 +0,0 @@
FROM alpine:3.8
RUN apk add --no-cache unbound curl \
&& curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
&& chown root:unbound /etc/unbound \
&& chmod 775 /etc/unbound \
&& apk del --no-cache curl \
&& /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true
COPY unbound.conf /etc/unbound/unbound.conf
EXPOSE 53/udp 53/tcp
CMD /usr/sbin/unbound

18
services/unbound/Dockerfile Normal file
View File

@@ -0,0 +1,18 @@
FROM python:3-alpine
RUN apk add --no-cache unbound curl bind-tools \
&& pip3 install jinja2 \
&& curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
&& chown root:unbound /etc/unbound \
&& chmod 775 /etc/unbound \
&& apk del --no-cache curl \
&& /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true
COPY start.py /start.py
COPY unbound.conf /unbound.conf
EXPOSE 53/udp 53/tcp
CMD /start.py
HEALTHCHECK CMD dig @127.0.0.1 || exit 1

9
services/unbound/start.py Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/local/bin/python3
import jinja2
import os
convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
convert("/unbound.conf", "/etc/unbound/unbound.conf")
os.execv("/usr/sbin/unbound", ["-c /etc/unbound/unbound.conf"])

4
core/unbound/unbound.conf → services/unbound/unbound.conf
View File

@@ -8,9 +8,9 @@ server:
do-udp: yes do-udp: yes
do-tcp: yes do-tcp: yes
do-daemonize: no do-daemonize: no
access-control: 0.0.0.0/0 allow access-control: {{ SUBNET }} allow
directory: "/etc/unbound" directory: "/etc/unbound"
username: unbound username: root
auto-trust-anchor-file: trusted-key.key auto-trust-anchor-file: trusted-key.key
root-hints: "/etc/unbound/root.hints" root-hints: "/etc/unbound/root.hints"
hide-identity: yes hide-identity: yes

4
tests/build.yml
View File

@@ -6,8 +6,8 @@ services:
image: ${DOCKER_ORG:-mailu}/nginx:${VERSION:-local} image: ${DOCKER_ORG:-mailu}/nginx:${VERSION:-local}
build: ../core/nginx build: ../core/nginx
unbound: resolver:
image: $DOCKER_ORG/unbound:$VERSION image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local}
build: ../core/unbound build: ../core/unbound
imap: imap: