• Stars
    star
    30
  • Rank 839,658 (Top 17 %)
  • Language
    Dockerfile
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Docker Alpine Linux Base Images

github.com/tiredofit/docker-alpine

GitHub release Build Status Docker Stars Docker Pulls Become a sponsor Paypal Donate


About

Dockerfile to build an alpine linux container image.

  • Currently tracking 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18 , 3.19 and edge.
  • s6 overlay enabled for PID 1 init capabilities.
  • zabbix-agent (Classic and Modern) for individual container monitoring.
  • Scheduling via cron with other helpful tools (bash, curl, less, logrotate, nano, vi) for easier management.
  • Messaging ability via MSMTP enabled to send mail from container to external SMTP server.
  • Firewall included with capabilities of monitoring logs to block remote hosts via Fail2ban
  • Logshipping capabilities to remote log analysis servers via Fluent-Bit
  • Ability to update User ID and Group ID permissions dynamically.

Maintainer

Table of Contents

Prerequisites and Assumptions

No prerequisites required

Installation

Build from Source

Clone this repository and build the image with docker build <arguments> (imagename) .

Prebuilt Images

Builds of the image are available on Docker Hub

docker pull docker.io/tiredofdit/alpine:(imagetag)

Builds of the image are also available on the Github Container Registry

docker pull ghcr.io/tiredofit/docker-alpine:(imagetag)

The following image tags are available along with their tagged release based on what's written in the Changelog:

Alpine version Tag
edge :edge
3.19 :3.19
3.18 :3.18
3.17 :3.17
3.16 :3.16
3.15 :3.15
3.14 :3.14
3.13 :3.13
3.12 :3.12
3.11 :3.11
3.10 :3.10
3.9 :3.9
3.8 :3.8
3.7 :3.7
3.6 :3.6
3.5 :3.5

Multi Architecture

Images are built primarily for amd64 architecture, and may also include builds for arm/v7, arm64 and others. These variants are all unsupported. Consider sponsoring my work so that I can work with various hardware. To see if this image supports multiple architecures, type docker manifest (image):(tag)

Configuration

Quick Start

Utilize this image as a base for further builds. Please visit the s6 overlay repository for instructions on how to enable the S6 init system when using this base or look at some of my other images which use this as a base.

Persistent Storage

The following directories are used for configuration and can be mapped for persistent storage.

Directory Description
/etc/fluent-bit/conf.d/ Fluent-Bit custom configuration directory
/etc/fluent-bit/parsers.d/ Fluent-Bit custom parsers directory
/etc/zabbix/zabbix_agentd.conf.d/ Zabbix Agent configuration directory
/etc/fail2ban/filter.d Custom Fail2ban Filter configuration
/etc/fail2ban/jail.d Custom Fail2ban Jail configuration
/var/log Container, Cron, Zabbix, other log files
/assets/cron Drop custom crontabs here
/assets/iptables Drop custom IPTables rules here

Environment Variables

Below is the complete list of available options that can be used to customize your installation. Variables showing an 'x' under the _FILE column can be used for storing the information inside of a file, useful for secrets.

Container Options

Parameter Description Default
CONAINER_ENABLE_LOG_TIMESTAMP Prefix this images container logs with timestamp TRUE
CONTAINER_COLORIZE_OUTPUT Enable/Disable colorized console output TRUE
CONTAINER_CUSTOM_BASH_PROMPT If you wish to set a different bash prompt then '(imagename):(version) HH:MM:SS # '
CONTAINER_CUSTOM_PATH Used for adding custom files into the image upon startup /assets/custom
CONTAINER_CUSTOM_SCRIPTS_PATH Used for adding custom scripts to execute upon startup /assets/custom-scripts
CONTAINER_ENABLE_PROCESS_COUNTER Show how many times process has executed in console log TRUE
CONTAINER_LOG_LEVEL Control level of output of container INFO, WARN, NOTICE, DEBUG NOTICE
CONTAINER_LOG_PREFIX_TIME_FMT Timestamp Time Format %H:%M:%S
CONTAINER_LOG_PREFIX_DATE_FMT Timestamp Date Format %Y-%m-%d
CONTAINER_LOG_PREFIX_SEPERATOR Timestamp seperator -
CONTAINER_LOG_FILE_LEVEL Control level of output of container INFO, WARN, NOTICE, DEBUG DEBUG
CONTAINER_LOG_FILE_NAME Internal Container Logs filename /var/log/container/container.log
CONTAINER_LOG_FILE_PATH Path where to find the internal container logs /var/log/container/
CONTAINER_LOG_FILE_PREFIX_TIME_FMT Timestamp Time Format %H:%M:%S
CONTAINER_LOG_FILE_PREFIX_DATE_FMT Timestamp Date Format %Y-%m-%d
CONTAINER_LOG_FILE_PREFIX_SEPERATOR Timestamp seperator -
CONTAINER_NAME Used for setting entries in Monnitoring and Log Shipping (hostname)
CONTAINER_POST_INIT_COMMAND If you wish to execute a command in the container after all services have initialized enter it here. Seperate multiple by commas
CONTAINER_POST_INIT_SCRIPT If you wish to execute a script in the container after all services have initialized enter the path here. Seperate multiple by commas
TIMEZONE Set Timezone Etc/GMT

Scheduling Options

The image has capability of executing tasks at differnt times of the day. It follows the cron syntax. Presently this image only supports the busybox cron however can be extended to other scheduling backends with little effort.

Parameter Description Default
CONTAINER_ENABLE_SCHEDULING Enable Scheduled Tasks TRUE
CONTAINR_SCHEDULING_BACKEND What scheduling tool to use cron cron
CONTAINER_SCHEDULING_LOCATION Where to read task files /assets/cron/
SCHEDULING_LOG_TYPE Log Type FILE FILE
SCHEDULING_LOG_LOCATION Log File Location /var/log/cron/
SCHEDULING_LOG_LEVEL Log Level 1 (loud) to 8 (quiet) 6
Cron Options

There are two ways to add jobs to be triggered via cron. One is to drop files into /assets/cron/ which will be parsed upon container startup, or to set environment variables.

Parameter Description Default
CRON_* Name of the job value of the time and output to be run ``

Example: CRON_HELLO="* * * * * echo 'hello' > /tmp/hello.log

Since you can't really disable environment variables in Docker if they are baked into parent Docker images, you can override a baked in Cron command with your own values, or to disable it entirely set the value to FALSE eg CRON_HELLO=FALSE.

Messaging Options

If you wish to send mail, set CONTAINER_ENABLE_MESSAGING=TRUE and configure the following environment variables. Presently we only support one backend, but more can be added with little effort.

Parameter Description Default
CONTAINER_ENABLE_MESSAGING Enable Messaging services like SMTP TRUE
CONTAINER_MESSAGING_BACKEND Messaging Backend - presently only msmtp msmtp
MSMTP Options

See the MSMTP Configuration Options for further information on options to configure MSMTP.

Parameter Description Default _FILE
SMTP_AUTO_FROM Add setting to support sending through Gmail SMTP FALSE
SMTP_HOST Hostname of SMTP Server postfix-relay x
SMTP_PORT Port of SMTP Server 25 x
SMTP_DOMAIN HELO Domain docker
SMTP_MAILDOMAIN Mail Domain From local
SMTP_AUTHENTICATION SMTP Authentication none
SMTP_USER SMTP Username `` x
SMTP_PASS SMTP Password `` x
SMTP_TLS Use TLS FALSE
SMTP_STARTTLS Start TLS from within session FALSE
SMTP_TLSCERTCHECK Check remote certificate FALSE
SMTP_ALLOW_FROM_OVERRIDE SMTP Allow From Override ``

See The Official Zabbix Agent Documentation for information about the following Zabbix values.

Monitoring Options

This image includes the capability of using agents inside the image to monitor metrics from applications. Presently at this time it only supports Zabbix as a monitoring platform, however is extendable to other platforms with little effort.

Parameter Description Default
CONTAINER_ENABLE_MONITORING Enable Monitoring of applications or metrics TRUE
CONTAINR_MONITORING_BACKEND What monitoring agent to use zabbix zabbix
Zabbix Options

This image comes with Zabbix Agent 1 (Classic or C compiled) and Zabbix Agent 2 (Modern, or Go compiled). See which variables work for each version and make your agent choice. Drop files in /etc/zabbix/zabbix_agentd.conf.d to setup your metrics. The environment variables below only affect the system end of the configuration. If you wish to use your own system configuration without these variables, change ZABBIX_SETUP_TYPE to MANUAL

Parameter Description Default 1 2 _FILE
ZABBIX_SETUP_TYPE Automatically generate configuration based on these variables AUTO or MANUAL AUTO x x
ZABBIX_AGENT_TYPE Which version of Zabbix Agent to load 1 or 2 1 N/A N/A
ZABBIX_AGENT_LOG_PATH Log File Path /var/log/zabbix/agent/ x x
ZABBIX_AGENT_LOG_FILE Logfile name zabbix_agentd.log x x
ZABBIX_CERT_PATH Zabbix Certificates Path /etc/zabbix/certs/ x x
ZABBIX_ENABLE_AUTOREGISTRATION Use internal routine for Agent autoregistration based on config files with # Autoregister tag TRUE x x
ZABBIX_ENABLE_AUTOREGISTRATION_DNS Register with DNS name instead of IP Address when autoregistering TRUE x x
ZABBIX_AUTOREGISTRATION_DNS_NAME (optional) DNS Name to provide for auto register. Uses CONTAINER_NAME as default $CONTAINER_NAME x x
ZABBIX_AUTOREGISTRATION_DNS_SUFFIX If you want to append something after the generated DNS Name `` x x
ZABBIX_ENCRYPT_PSK_ID Zabbix Encryption PSK ID `` x x x
ZABBIX_ENCRYPT_PSK_KEY Zabbix Encryption PSK Key `` x x x
ZABBIX_ENCRYPT_PSK_FILE Zabbix Encryption PSK File (If not using above env var) `` x x
ZABBIX_LOG_FILE_SIZE Logfile size 0 x x
ZABBIX_DEBUGLEVEL Debug level 1 x x
ZABBIX_REMOTECOMMANDS_ALLOW Enable remote commands * x x
ZABBIX_REMOTECOMMANDS_DENY Deny remote commands `` x x
ZABBIX_REMOTECOMMANDS_LOG Enable remote commands Log (0/1) 1 x ``
ZABBIX_SERVER Allow connections from Zabbix server IP 0.0.0.0/0 x x
ZABBIX_STATUS_PORT Agent will listen to this port for status requests (http://localhost:port/status) 10050 `` x
ZABBIX_LISTEN_PORT Zabbix Agent listening port 10050 x x
ZABBIX_LISTEN_IP Zabbix Agent listening IP 0.0.0.0 x x
ZABBIX_START_AGENTS How many Zabbix Agents to start 1 x ``
ZABBIX_SERVER_ACTIVE Server for active checks zabbix-proxy x x x
ZABBIX_HOSTNAME Container hostname to report to server $CONTAINER_NAME x x
ZABBIX_REFRESH_ACTIVE_CHECKS Seconds to refresh Active Checks 120 x x
ZABBIX_BUFFER_SEND Buffer Send 5 x x
ZABBIX_BUFFER_SIZE Buffer Size 100 x x
ZABBIX_MAXLINES_SECOND Max Lines Per Second 20 x ``
ZABBIX_SOCKET Socket for communicating /tmp/zabbix.sock `` x
ZABBIX_ALLOW_ROOT Allow running as root 1 x ``
ZABBIX_USER User to start agent zabbix x x
ZABBIX_USER_SUDO Allow Zabbix user to utilize sudo commands TRUE x x

This image supports autoregistering configuration as an Active Agent to a Zabbix Proxy or a Server. It looks in /etc/zabbix_agent.conf.d/*.conf for the string # Autoregister= and takes these values and adds it to the HostMetadata configuration entry automatically wrapped around : eg :application: . Use it by creating an Auto register rule and search for that string. You can find server templates in this repository in the [zabbix_templates](zabbix_templates/) directory.

Logging Options

This is work in progress for a larger logging solution. Presently there is functionality to rotate logs on a daily basis, however as this section matures there will be the capability to also ship the logs to an external data warehouse like Loki, or Elastic Search. At present Log shipping is only supported by fluent-bit and x86_64 only.

Parameter Description Default
CONTAINER_ENABLE_LOGROTATE Enable Logrotate (if scheduling enabled) TRUE
CONTAINER_ENABLE_LOGSHIPPING Enable Log Shipping FALSE
CONTAINER_LOGSHIPPING_BACKEND Log shipping backend fluent-bit fluent-bit
LOGROTATE_COMPRESSION_TYPE Logfile compression algorithm NONE BZIP2 GZIP ZSTD ZSTD
LOGROTATE_COMPRESSION_VALUE What level of compression to use 8
LOGROTATE_COMPRESSION_EXTRA_PARAMETERS Pass extra parameters to the compression command (optional)
LOGROTATE_RETAIN_DAYS Rotate and retain logs for x days 7
Log Shipping Parsing

You can set an environment variable to start shipping a log without any other configuration. Create a variable starting with LOGSHIP_<name> with the value of the location of the log files. You can also use this to null an existing configuration by setting the value of FALSE.

Example: LOGSHIP_NGINX=/var/log/nginx/*.log will create and tag all log files from that directory as to be coming from CONTAINER_NAME and from nginx. Note, it does not allow for custom parsing, so will simply parse the log entry as is.

If LOGSHIPPING_AUTO_CONFIG_LOGROTATE set to true, you can define what parser the configuration file should use. Make sure you have the appropriate .conf parsers in /etc/fluent-bit/parsers.d/ Create a line in the logrotate.d/<file> that looks like # logship: <parser>. Multiple parsers can be added by seperating via commas. Alternatively, if you wanted to skip a certain logfile from being parsed by the log shipper, use the value "SKIP".

Parameter Description Default
LOGSHIPPING_AUTO_CONFIG_LOGROTATE Automatically configure log shipping for files that are listed in /etc/logrotate.d TRUE
Fluent-Bit Options

Drop files in /etc/fluent-bit/conf.d to setup your inputs and outputs. The environment variables below only affect the system end of the configuration. If you wish to use your own system configuration without these variables, change FLUENTBIT_SETUP_TYPE to MANUAL. Container will attempt to automatically create configuration to send to a destination, or can also be set to act as a receiver from other fluent-bit hosts and forward data to a remote log analysis service.

Parameter Description Default _FILE
FLUENTBIT_CONFIG_PARSERS Parsers config file name parsers.conf
FLUENTBIT_CONFIG_PLUGINS Plugins config file name plugins.conf
FLUENTBIT_ENABLE_HTTP_SERVER Embedded HTTP Server for metrics TRUE / FALSE TRUE
FLUENTBIT_ENABLE_STORAGE_METRICS Public storage pipeline metrics in /api/v1/storage TRUE
FLUENTBIT_FLUSH_SECONDS Wait time to flush records in seconds 1
FLUENTBIT_FORWARD_BUFFER_CHUNK_SIZE Buffer Chunk Size 32KB
FLUENTBIT_FORWARD_BUFFER_MAX_SIZE Buffer Maximum Size 64KB
FLUENTBIT_FORWARD_PORT What port when using PROXY (listen) mode or FORWARD (client) output 24224
FLUENTBIT_GRACE_SECONDS Wait time before exit in seconds 1
FLUENTBIT_HTTP_LISTEN_IP HTTP Listen IP 0.0.0.0
FLUENTBIT_HTTP_LISTEN_PORT HTTP Listening Port 2020
FLUENTBIT_LOG_FILE Log File fluentbit.log
FLUENTBIT_LOG_LEVEL Log Level info warn error debug trace info
FLUENTBIT_LOG_PATH Log Path /var/log/fluentbit/
FLUENTBIT_MODE Type of operation - Client NORMAL or Proxy PROXY NORMAL
FLUENTBIT_OUTPUT_FORWARD_HOST Where to forward Fluent-Bit data to fluent-proxy x
FLUENTBIT_OUTPUT_FORWARD_TLS_VERIFY Verify certificates when using TLS FALSE
FLUENTBIT_OUTPUT_FORWARD_TLS Enable TLS when forwading FALSE
FLUENTBIT_OUTPUT_LOKI_COMPRESS_GZIP Enable GZIP compression when sending to loki host TRUE
FLUENTBIT_OUTPUT_LOKI_HOST Host for Loki Output loki x
FLUENTBIT_OUTPUT_LOKI_PORT Port for Loki Output 3100 x
FLUENTBIT_OUTPUT_LOKI_TLS Enable TLS For Loki Output FALSE
FLUENTBIT_OUTPUT_LOKI_TLS_VERIFY Enable TLS Certificate Verification For Loki Output FALSE
FLUENTBIT_OUTPUT_LOKI_USER (optional) Username to authenticate to Loki Server `` x
FLUENTBIT_OUTPUT_LOKI_PASS (optional) Password to authenticate to Loki Server `` x
FLUENTBIT_OUTPUT_TENANT_ID (optional) Tenant ID to pass to Loki Server `` x
FLUENTBIT_OUTPUT Output plugin to use LOKI , FORWARD, NULL FORWARD
FLUENTBIT_TAIL_BUFFER_CHUNK_SIZE Buffer Chunk Size for Tail 32k
FLUENTBIT_TAIL_BUFFER_MAX_SIZE Maximum size for Tail 32k
FLUENTBIT_TAIL_READ_FROM_HEAD Read from Head instead of Tail FALSE
FLUENTBIT_TAIL_SKIP_EMPTY_LINES Skip Empty Lines when Tailing TRUE
FLUENTBIT_TAIL_SKIP_LONG_LINES Skip Long Lines when Tailing TRUE
FLUENTBIT_TAIL_DB_ENABLE Enable Offset DB per tracked file (will be same name as log file yet hidden and a suffix of db TRUE
FLUENTBIT_TAIL_DB_SYNC DB Sync Type normal or full normal
FLUENTBIT_TAIL_DB_LOCK Lock access to DB File TRUE
FLUENTBIT_TAIL_DB_JOURNAL_MODE Journal Mode for DB WAL DELETE TRUNCATE PERSIST MEMORY OFF WAL
FLUENTBIT_TAIL_KEY_PATH_ENABLE Enable sending Key for Log Filename/Path TRUE
FLUENTBIT_TAIL_KEY_PATH Path Key Name filename
FLUENTBIT_TAIL_KEY_OFFSET_ENABLE Enable sending Key for Offset in Log file FALSE
FLUENTBIT_TAIL_KEY_OFFSET Offset Path Key Name offset
FLUENTBIT_SETUP_TYPE Automatically generate configuration based on these variables AUTO or MANUAL AUTO
FLUENTBIT_STORAGE_BACKLOG_LIMIT Maximum about of memory to use for backlogged/unsent records 5M
FLUENTBIT_STORAGE_CHECKSUM Create CRC32 checkcum for filesystem RW functions FALSE
FLUENTBIT_STORAGE_PATH Absolute file system path to store filesystem data buffers /tmp/fluentbit/storage
FLUENTBIT_STORAGE_SYNC Synchronization mode to store data in filesystem normal or full normal

Firewall Options|

Included when proper capabilities are set on image is the capability to set up detailed block / allow rules via a firewall on container start. Presently only iptables is supported. You must use run your containers with the following capabilities added: NET_ADMIN, NET_RAW

Parameter Description Default
CONTAINER_ENABLE_FIREWALL Enable Firewall Functionality FALSE
CONTAINER_FIREWALL_BACKEND What Firewall backend to use iptables iptables
FIREWALL_RULE_00 Firewall rule to execute
FIREWALL_RULE_01 Next firewall rule to execute

One can use the FIREWALL_RULE_XX environment variables to pass rules to the firewall. In this example I am going to block someone from being able to access a port except if from a specific IP address:

FIREWALL_RULE_00=-I INPUT -p tcp -m tcp -s 101.69.69.101 --dport 389 -j ACCEPT
FIREWALL_RULE_01=-I INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 389 -j DROP
IPTables Options

Instead of relying on environment variables one can put a iptables-restore compatible ruleset below and it will be imported on container start.

Parameter Description Default
IPTABLES_RULES_PATH Path for IPTables Rules /assets/iptables/
IPTABLES_RULES_FILE IPTables Rules File to restore if exists on container start iptables.rules
Fail2Ban Options

The container also has the capability should CONTAINER_ENABLE_FIREWALL=TRUE be enabled to launch Fail2ban, a process which watches logs for patterns and then blocks the remote host from connecting for a period of time. Drop your custom jail configs as *.conf files in /etc/fail2ban/jail.d/ and filters in /etc/fail2ban/filter.d for them to be parsed at startup. Note the startup delay environment variable to avoid the process failing if no log files exist from a fresh install.

Parameter Description Default
CONTAINER_ENABLE_FAIL2BAN Enable Firewall Functionality FALSE
FAIL2BAN_BACKEND Backend AUTO
FAIL2BAN_CONFIG_PATH Fail2ban Configuration Path /etc/fail2ban/
FAIL2BAN_DB_FILE Persistent Database File fail2ban.sqlite3
FAIL2BAN_DB_PATH Persistent Database Path /data/fail2ban/
FAIL2BAN_DB_PURGE_AGE Purge entries after how many seconds 86400
FAIL2BAN_DB_TYPE DB Type NONE, MEMORY, FILE MEMORY
FAIL2BAN_IGNORE_IP Ignore these IPs or Ranges space seperated 127.0.0.1/8 ::1 172.16.0.0/12 192.168.0.0/24
FAIL2BAN_IGNORE_SELF Ignroe Self TRUE FALSE TRUE
FAIL2BAN_LOG_PATH Fail2ban Log Path /var/log/fail2ban/
FAIL2BAN_LOG_FILE Fail2ban Log File fail2ban.log
FAIL2BAN_LOG_LEVEL Log Level CRITICAL ERROR WARNING NOTICE INFO DEBUG INFO
FAIL2BAN_LOG_TYPE Log to FILE or CONSOLE FILE
FAIL2BAN_MAX_RETRY Max times to find pattern in log over FAIL2BAN_TIME_FIND 5
FAIL2BAN_STARTUP_DELAY Startup Delay to give a chance for monitored logs to exist or have data in seconds 15
FAIL2BAN_TIME_BAN Length of time to ban in default 10m
FAIL2BAN_TIME_FIND Window to base pattern matches against 10m
FAIL2BAN_USE_DNS USE DNS for lookups yes warn no raw warn

Permissions

If you wish to change the internal id for users and groups you can set environment variables to do so. e.g. If you add USER_NGINX=1000 it will reset the containers nginx user id from 82 to 1000 -

If you enable DEBUG_PERMISSIONS=TRUE all the users and groups have been modified in accordance with environment variables will be displayed in output.

Hint, also change the Group ID to your local development users UID & GID and avoid Docker permission issues when developing.

Parameter Description
CONTAINER_USER_<USERNAME> The user's UID in /etc/passwd will be modified with new UID
CONTAINER_GROUP_<GROUPNAME> The group's GID in /etc/group and /etc/passwd will be modified with new GID
CONTAINER_GROUP_ADD_<GROUPNAME> The username will be added in /etc/group after the group name defined

Process Watchdog

This is experimental functionality to call an external script before a process is executed.

Sample use cases:

  • Alert slack channel when process has executed more than once
  • Disable process from executing further if restarted 50 times
  • Write to an additional log file..
  • Change a file to display "Under Maintenance" on a webserver if this process isn't supposed to be run more than 1 time.

It will pass 5 arguments to a bash script titled the same name as the executing script or if not found, use the default CONTAINER_PROCESS_HELPER_SCRIPT below. Drop your files into the CONTAINER_PROCESS_HELPER_PATH.

For example, if 04-scheduling was starting, it would look for $CONTAINER_PROCESS_HELPER_PATH/04-scheduling and if found execute it while passing the following arguments: DATE,TIME,SCRIPT_NAME,TIMES EXECUTED,HOSTNAME

e.g: 2021-07-01 23:01:04 04-scheduling 2 container

Use the values in your own bash script using the $1 $2 $3 $4 $5 syntax. Change time and date and settings with these environment variables

Parameter Description Default
CONTAINER_PROCESS_HELPER_PATH Path to file external helper scripts /assets/container/processhelper/
CONTAINER_PROCESS_HELPER_SCRIPT Default helper script name processhelper.sh
CONTAINER_PROCESS_HELPER_DATE_FMT Date format passed to external script %Y-%m-%d
CONTAINER_PROCESS_HELPER_TIME_FMT Time format passed to external script %H:%M:%S
CONTAINER_PROCESS_RUNAWAY_PROTECTOR Disables a service if executed more than (x) amount of times TRUE
CONTAINER_PROCESS_RUNAWAY_LIMIT The amount of times it needs to restart before disabling 50
CONTAINER_PROCESS_RUNAWAY_SHOW_OUTPUT_FINAL Show the program Output on the final execution before disabling TRUE

Networking

The following ports are exposed.

Port Description
2020 Fluent Bit
10050 Zabbix Agent

Developing / Overriding

This base image has been used over a hundred times to successfully build secondary images. My methodology is admittedly straying from the "one process per container" rule, however this methodology allows me to put together images at a rapid pace, and if more complex scalability is required, the work is split into their own individual images. Since you are reading this here's a crash course at how the image works: (WIP):

See /assets/functions/00-container for more detailed documentation for the various commands and functions/shortcuts

  • Put defaults in /assets/defaults/(script name)

  • Put functions in /assets/functions/(script name)

  • Put Initialization script in /etc/cont-init.d/(script name)

    Put at the top:

#!/command/with-contenv bash          # Pull in Container Environment Variables from Dockerfile/Docker Runtime
source /assets/functions/00-container # Pull in all custom container functions from this image
prepare_service single                # Read functions and defaults only from files matching this script filename - see detailed docs for more
PROCESS_NAME="process"                # set the prefix for any logging

.. your scripting ..
print_info "This an INFO log"
print_warn "This a WARN log"
print_error "This is a ERROR log"

liftoff                               # this writes to the state files at /tmp/.container/ to prove the script executed properly see CONTAINER_SKIP_SANITY_CHECK
  • Put Services script in /etc/services.available/(script name)

    Put at the top:

#!/command/with-contenv bash          # Pull in Container Environment Variables from Dockerfile/Docker Runtime
source /assets/functions/00-container # Pull in all custom container functions from this image
prepare_service defaults single       # Read defaults only from files matching this script filename - see detailed docs for more
PROCESS_NAME="process"                # set the prefix for any logging

check_container_initialized           # Check to make sure that the container properly initialized before proceeding
check_service_initialized init        # Check to see if the cont-init.d/scriptname executed correctly, otherwise wait until it has done
liftoff                               # Prove script was able to execute properly

print_start "Starting processname"    # Show STARTING log prefix, and also show if enabled a counter, and execute process watchdog script
fakeprocess (args)                    # whatever your process you want to start is
Parameter Description Default
CONTAINER_SKIP_SANITY_CHECK Skip the checking to see if all scripts in /etc/cont-init.d executed correctly FALSE
DEBUG_MODE Show all script output (set -x) FALSE
PROCESS_NAME Used for prefixing the script that is running container

Debug Mode

When using this as a base image, create statements in your startup scripts to check for existence of DEBUG_MODE=TRUE and set various parameters in your applications to output more detail, enable debugging modes, and so on. In this base image it does the following:

  • Sets zabbix-agent to output logs in verbosity
  • Shows all script output (equivalent to set -x)

Maintenance

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

bash docker exec -it (whatever your container name is) bash

Support

These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.

Usage

  • The Discussions board is a great place for working with the community on tips and tricks of using this image.
  • Sponsor me for personalized support

Bugfixes

  • Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.

Feature Requests

  • Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
  • Sponsor me regarding development of features.

Updates

  • Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
  • Sponsor me for up to date releases.

License

MIT. See LICENSE for more details.

More Repositories

1

docker-freepbx

Dockerized FreePBX 15 w/Asterisk 17, Seperate MySQL Database support, and Data Persistence and UCP
496
star
2

docker-db-backup

Backup multiple database types on a scheduled basis with many customizable options
Dockerfile
472
star
3

docker-traefik-cloudflare-companion

Automatically Create CNAME records for containers served by Traefik
Python
274
star
4

docker-freescout

Dockerized Freescout Helpdesk
Dockerfile
146
star
5

docker-self-service-password

Dockerized LDAP Tollbox Self Service Password Changer with many customizable options
Dockerfile
115
star
6

docker-nginx-php-fpm

Dockerized Nginx + PHP FPM images with many customizable options
Dockerfile
106
star
7

docker-openldap

Dockerized OpenLDAP server with many customizable options
99
star
8

docker-jitsi-meet

Docker Jitsi Meet WebRTC conferencing system w/Prosody XMPP and s6 overlay
Dockerfile
64
star
9

docker-collabora-online

Dockerized Collabora Office Online with customizable options
Dockerfile
62
star
10

docker-osticket

Dockerized Help Desk Software
PHP
48
star
11

docker-tinc

Docker Tinc VPN Mesh server w/S6 Overlay Init, Zabbix Monitoring, and distributed configuration updating based on Alpine
Dockerfile
43
star
12

docker-postal

Dockerized Postal SMTP Server based on Alpine Linux and Ruby
Dockerfile
40
star
13

docker-fusiondirectory

Dockerized FusionDirectory LDAP Manager
Dockerfile
39
star
14

docker-lemonldap

Dockerized Authentication Server with Single Sign On SAML, OpenID Connect, CAS, and Header support
Dockerfile
39
star
15

docker-openldap-fusiondirectory

Dockerized OpenLDAP server with FusionDirectory Schema Support
34
star
16

docker-wordpress

Dockerized Wordpress Image with customizable options
Python
31
star
17

docker-traefik

Dockerized Traefik Reverse Proxy with customizable options
Dockerfile
29
star
18

docker-mongodb-backup

Docker MongoDB Backup Container based on Alpine w/S6 init, Zabbix Monitoring
Dockerfile
28
star
19

docker-nginx-proxy-cloudflare-companion

Automatically update CNAME records when Docker container starts via Cloudflare
Python
27
star
20

docker-spamassassin

Docker Spamassassin Spam filtering based on Alpine Linux
Dockerfile
26
star
21

docker-clamav

Docker ClamAV Image with Zabbix Monitoring and Customizable Configuration
Dockerfile
23
star
22

docker-baserow

Dockerized Baserow No/Low code data management application based on Alpine
Dockerfile
22
star
23

docker-nginx

Dockerzed webserver with many customizable options
Dockerfile
22
star
24

docker-nextcloud

Dockerized Nextcloud Server with many customizable options
17
star
25

docker-gitlab-ee

Dockerized Gitlab Enterprise Edition
Dockerfile
17
star
26

docker-debian

Docker Debian Base Images
Dockerfile
15
star
27

docker-discourse

Dockerized Discourse Forum
Dockerfile
15
star
28

docker-backuppc

Docker BackupPC with Zabbix monitoring support
Perl
15
star
29

docker-gcds

Docker Google Cloud Directory Sync service (GADS) w/S6 Overlay, Zabbix Monitoring
Dockerfile
14
star
30

docker-mariadb-backup

Docker MariaDB Backup Container w/ S6 Overlay, Zabbix Monitoring based on Alpine
Dockerfile
13
star
31

docker-zabbix

Dockerized Zabbix Server, Proxy, and Frontend
Dockerfile
13
star
32

docker-insync

Docker Insync Headless Client
Dockerfile
12
star
33

docker-rspamd

Dockerized Anti Spam Filter
Python
12
star
34

docker-nginx-ldap

Docker Nginx Image w/LDAP Authentication, Zabbix agent monitoring, S6 init, logrotate based on Alpine
Dockerfile
11
star
35

docker-bookstack

Dockerized Information Manager
Dockerfile
11
star
36

docker-mariadb

Docker MariaDB server w/ S6 Overlay, Zabbix Monitoring based on Alpine
11
star
37

docker-gitlab

Dockerized Gitlab CE w/Alpine Linux, Zabbix Monitoring and S6 Overlay
Dockerfile
10
star
38

docker-staytus

Docker Staytus Image w/s6 overlay, zabbix monitoring based on Alpine
HTML
10
star
39

docker-leantime

Dockerized Project Managment tool with many configurable options
Dockerfile
10
star
40

docker-otrs

Dockerized OTRS ITSM Helpdesk/Ticketing System based on Alpine w/Nginx
Dockerfile
9
star
41

docker-unbound

Docker Unbound DNS Resolver based on Alpine
Dockerfile
9
star
42

docker-postgres

Dockerized Postgresql Server with multiple databases/users, replication, and monitoring support
Dockerfile
9
star
43

docker-postfix

Dockerized MTA with many customizable features, LDAP, SASL, Milter, Relay Support
Dockerfile
8
star
44

docker-matomo

Dockerized Matomo (Piwik) Analytics
Dockerfile
8
star
45

docker-yourls

Dockerized YOURLS link shortener based on Alpine
Dockerfile
8
star
46

docker-invoiceninja

Dockerized Invoicing web application
Dockerfile
7
star
47

docker-nodejs

Docker NodeJS Base Images
7
star
48

docker-postfix-relay

Dockerized Postfix Relay for easy SMTP capabilities
Shell
7
star
49

docker-openvpn

Dockerized OpenVPN server w/Alpine+Debian Variants w/s6 overlay, and LDAP Authentication support
7
star
50

docker-rocketchat

Docker Rocketchat Server with S6 Initsystem and Zabbix Monitoring based on Alpine
6
star
51

docker-kopano

Dockerized Kopano Groupware server
Dockerfile
6
star
52

docker-n8n

Dockerized n8n workflow automation tool
Dockerfile
6
star
53

docker-listmonk

Dockerized Listmonk Mailing List server built iwth Alpine w/Zabbix Monitoring
Dockerfile
6
star
54

docker-cpuminer

Cryptocurrency Miner based on Alpine
6
star
55

docker-kopano-core

Dockerized Kopano Groupware Server
6
star
56

docker-grafana

Dockerfile
5
star
57

docker-moodle

Dockerized Moodle Learning Management System
Dockerfile
5
star
58

docker-loki

Dockerized Loki Log Analyzer
Dockerfile
5
star
59

docker-teampass

Dockerized Password Vault for Teams based on Alpine w/nginx,php-fpm
Dockerfile
5
star
60

docker-orbeon

Docker Orbeon Forms CE w/S6 Init, Tomcat, based on Alpine
Dockerfile
5
star
61

docker-redis

Docker Redis Server with S6 Initsystem and Zabbix Monitoring based on Alpine
5
star
62

docker-elasticsearch

Dockerized Elasticsearch based on Alpine linux
4
star
63

fusiondirectory-plugin-kopano

Plugin to manage users/groups for Kopano (fork of Zarafa) within Fusion Directory LDAP Manager
PHP
4
star
64

docker-novnc

Run GUI applications within a browser - Base image
Dockerfile
4
star
65

docker-flarum

Dockerized Flarum Web Forum Software based on Alpine
Shell
4
star
66

docker-registry

Dockerized Docker Registry
Dockerfile
4
star
67

docker-rabbitmq

Dockerized RabbitMQ server
Python
4
star
68

docker-gitlab-runner

Docker Gitlab runner w/ Zabbix monitoring support based on Alpine
4
star
69

docker-openeats

Dockerized Openeats Recipe manager based on Alpine Linux w/Zabbix Monitoring
Dockerfile
3
star
70

docker-restic

Dockerized Backup application
Dockerfile
3
star
71

docker-dovecot

Docker Dovecot IMAP server based on Alpine w/LDAP Support
TSQL
3
star
72

docker-uptimekuma

Dockerized Service availability monitoring system
Dockerfile
3
star
73

docker-draw-io

Docker Draw.IO image based on Alpine and Nginx
3
star
74

docker-logrotate

Docker Logrotate to keep logfiles compressed and rotated based on Alpine
Shell
3
star
75

docker-mailhog

Dockerized SMTP Test server
Dockerfile
3
star
76

docker-cachet

Dockerized Cachet Status monitoring application based on Alpine Linux
Dockerfile
3
star
77

docker-sentry

Dockerized Sentry.IO Exception tracking system based on Debian w/LDAP and SAML
Python
3
star
78

docker-airsonic-advanced

Dockerized Airsonic Advanced Server based on Alpine
Dockerfile
3
star
79

docker-limesurvey

Dockerized Limesurvey application based on Alpine
Dockerfile
3
star
80

docker-mongo

Docker MongoDB server w/ S6 Overlay, Zabbix Monitoring based on Alpine
3
star
81

docker-haraka

Docker Haraka MTA based on Alpine
JavaScript
3
star
82

docker-ruby

Docker Ruby base images w/ S6 Overlay and Zabbix monitoring support
3
star
83

docker-ubuntu

Dockerized Ubuntu Base Images
Dockerfile
2
star
84

docker-memcached

Docker Memcached Server w/ S6 Initsystem and Zabbix Monitoring based on Alpine
Dockerfile
2
star
85

home

Home-Manager configuration ala Nix flakes
Nix
2
star
86

docker-kopano-meet

Dockerfile
2
star
87

docker-soulseek

Dockerized Soulseek Client
Dockerfile
2
star
88

docker-kopano-kapi

Dockerfile
2
star
89

docker-kopano-konnect

Dockerfile
2
star
90

docker-olefy

Dockerized Olefy TCP listener for OLE Tools
Dockerfile
2
star
91

docker-logchimp

Dockerized Logchimp Application
Dockerfile
2
star
92

docker-transmission

Dockerized Transmission client
Dockerfile
2
star
93

docker-dind

Docker in Docker Image with Zabbix monitoring Support and --squash --compress options by default based on Alpine
Dockerfile
2
star
94

docker-matrix-bridges

Dockerized Matrix Bridges to interconnect services
Dockerfile
2
star
95

docker-monica

Dockerized Monica PRM
Dockerfile
2
star
96

tiredofit

2
star
97

docker-minio

Dockerized Minio Server based on Alpine
Dockerfile
2
star
98

docker-tomcat

Docker Apache Tomcat based on Alpine
2
star
99

docker-mongo-builder

Docker Image to build MongoDB and associated tools for Alpine Edge from aports/non-free
Dockerfile
2
star
100

nixos-config

NixOS configurations
Nix
1
star