From 27b956587bd0695fff909c4bc80039ed34eb832a Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Sun, 30 Jul 2023 15:09:31 -0400 Subject: [PATCH] feat(debian)!: Changes to Debian 12 to Correlate with Latest Official OLS Ubuntu 22.04 Build * Fixes #102 * Updates the Docker base image to use Debian 12. * Updates build library requirements. * Downgrades OpenSSL v3 to v1.1.1. * Adds pull request Docker image build testing. * Switches to setup official OLS package repositories & install OLS package. --- .github/workflows/test-builds.yml | 67 +++++++++++++++++++++++++++++++ README.md | 47 ++++++++++++++++------ template/Dockerfile | 14 ++----- template/cleanup-build-env.sh | 2 +- template/config-build-env.sh | 8 ++-- template/config-ols.sh | 6 +-- template/config-php.sh | 1 + template/prepare-build.sh | 13 ++---- template/prepare-ols.sh | 13 +++++- 9 files changed, 129 insertions(+), 42 deletions(-) create mode 100644 .github/workflows/test-builds.yml diff --git a/.github/workflows/test-builds.yml b/.github/workflows/test-builds.yml new file mode 100644 index 0000000..bf6a8ea --- /dev/null +++ b/.github/workflows/test-builds.yml @@ -0,0 +1,67 @@ +name: docker-build + +on: + workflow_dispatch: + pull_request: + branches: + - develop + +env: + OLS_VERSION: 1.7.17 + PHP_STABLE_VERSION: '8.2.8' + REGISTRY: ghcr.io + +jobs: + buildx: + runs-on: self-hosted + strategy: + fail-fast: false + matrix: + PHP_VERSION: ['8.0.29', '8.1.21', '8.2.8'] + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Required due to the way Git works, without it this action won't be able to find any or the correct tags + + # https://github.com/marketplace/actions/docker-setup-buildx + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + # https://github.com/marketplace/actions/docker-login + - name: Login to GitHub Packages + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + logout: false + + # https://github.com/orgs/community/discussions/26625#discussioncomment-3252582 + - name: Determine PHP Major/Minor Version + id: php-version + run: | + _0=$(echo ${{ matrix.PHP_VERSION }} | cut -d. -f1) + _1=$(echo ${{ matrix.PHP_VERSION }} | cut -d. -f2) + echo "_0=$_0" >> $GITHUB_OUTPUT + echo "_1=$_1" >> $GITHUB_OUTPUT + + # https://github.com/marketplace/actions/build-and-push-docker-images + - name: Build Docker Images + uses: docker/build-push-action@v4 + with: + context: template + platforms: linux/arm64 + provenance: false + build-args: | + OLS_VERSION=${{ env.OLS_VERSION }} + PHP_VERSION=${{ matrix.PHP_VERSION }} + PHP_MAJOR_VERSION=${{ steps.php-version.outputs._0 }} + PHP_MINOR_VERSION=${{ steps.php-version.outputs._1 }} + push: false + tags: ${{ env.REGISTRY }}/ndigitals/openlitespeed:${{ env.OLS_VERSION }}-lsphp${{ steps.php-version.outputs._0 }}${{ steps.php-version.outputs._1 }} + no-cache: ${{ github.event_name == 'workflow_dispatch' && true || false }} + cache-from: type=registry,ref=${{ env.REGISTRY }}/ndigitals/openlitespeed:latest + cache-to: type=inline + diff --git a/README.md b/README.md index 106a887..5ca1ee6 100644 --- a/README.md +++ b/README.md @@ -1,60 +1,81 @@ # OpenLiteSpeed Docker Container + [![Build Status](https://github.com/ndigitals/ols-dockerfiles/workflows/docker-build/badge.svg)](https://github.com/ndigitals/ols-dockerfiles/actions/new) Install a lightweight OpenLiteSpeed container using the Stable version in Debian 11 Linux on arm64. ### Prerequisites -* [Install Docker](https://www.docker.com/) + +- [Install Docker](https://www.docker.com/) ## Build Components + The system will regulary build the OpenLiteSpeed Latest stable version, along with at least two PHP versions, currently only PHP 8.x. -|Component|Version| -| :-------------: | :-------------: | -|Linux|Debian 11| -|OpenLiteSpeed|[Latest stable version](https://openlitespeed.org/release-log/version-1-7-x)| -|PHP|[Latest stable version](https://www.php.net/downloads)| +| Component | Version | +| :-----------: | :--------------------------------------------------------------------------: | +| Linux | Debian 12(slim) | +| OpenLiteSpeed | [Latest stable version](https://openlitespeed.org/release-log/version-1-7-x) | +| PHP | [Latest stable versions](https://www.php.net/downloads) | ## Usage + ### Download an image + Download the openlitespeed image, we can use latest for latest version + ``` docker pull ghcr.io/ndigitals/openlitespeed:latest ``` + or specify the OpenLiteSpeed version with lsphp version + ``` -docker pull ghcr.io/ndigitals/openlitespeed:1.7.16-lsphp80 +docker pull ghcr.io/ndigitals/openlitespeed:1.7.17-lsphp80 ``` + ### Start a Container + ``` docker run --name openlitespeed -p 7080:7080 -p 80:80 -p 443:443 -it ghcr.io/ndigitals/openlitespeed:latest ``` + You can also run with Detached mode, like so: + ``` docker run -d --name openlitespeed -p 7080:7080 -p 80:80 -p 443:443 -it ghcr.io/ndigitals/openlitespeed:latest ``` -Tip, you can get rid of `-p 7080:7080` from the command if you don’t need the web admin access. + +Tip, you can get rid of `-p 7080:7080` from the command if you don’t need the web admin access. ### Add a sample page + The server should start running successfully, and you should be able to log into the container. Add some files you want to display with the following command: + ``` docker exec -it openlitespeed bash ``` -Your default `WORKDIR` should be `/var/www/vhosts/`, since the default document root path is `/var/www/vhosts/localhost/html`. Simply add the following command to `index.php`, then we can verify it from the browser with a public server IP address on both HTTP and HTTPS. + +Your default `WORKDIR` should be `/var/www/vhosts/`, since the default document root path is `/var/www/vhosts/localhost/html`. Simply add the following command to `index.php`, then we can verify it from the browser with a public server IP address on both HTTP and HTTPS. + ``` echo ' localhost/html/index.php ``` ### Stop a Container + Feel free to substitute the "openlitespeed" to the "Container_ID" if you did not define any name for the container. + ``` docker stop openlitespeed ``` ## Support & Feedback + If you still have a question after using OpenLiteSpeed Docker, you have a few options. -* Join [the GoLiteSpeed Slack community](https://litespeedtech.com/slack) for real-time discussion -* Post to [the OpenLiteSpeed Forums](https://forum.openlitespeed.org/) for community support -* Reporting any issue on [Github ols-dockerfiles](https://github.com/ndigitals/ols-dockerfiles/issues) project -**Pull requests are always welcome** +- Join [the GoLiteSpeed Slack community](https://litespeedtech.com/slack) for real-time discussion +- Post to [the OpenLiteSpeed Forums](https://forum.openlitespeed.org/) for community support +- Reporting any issue on [Github ols-dockerfiles](https://github.com/ndigitals/ols-dockerfiles/issues) project + +**Pull requests are always welcome** diff --git a/template/Dockerfile b/template/Dockerfile index d72c19f..474af24 100644 --- a/template/Dockerfile +++ b/template/Dockerfile @@ -12,7 +12,7 @@ ARG PHP_MINOR_VERSION FROM litespeedtech/openlitespeed:${OLS_VERSION}-lsphp${PHP_MAJOR_VERSION}0 AS ols -FROM debian:11-slim +FROM debian:12-slim LABEL org.opencontainers.image.url=https://github.com/ndigitals/ols-dockerfiles LABEL org.opencontainers.image.documentation=https://github.com/ndigitals/ols-dockerfiles/wiki @@ -45,16 +45,10 @@ RUN /build/secure-base.sh && \ cd /build/php-$PHP_VERSION && make -j3 && make install && \ /build/config-php.sh && \ /build/prepare-ols.sh && \ - cd /build/openlitespeed-$OLS_VERSION && ./build.sh && ./install.sh && \ - echo 'cloud-docker' > /usr/local/lsws/PLAT && \ - cd /build/openlitespeed-$OLS_VERSION/src/modules/modsecurity-ls && make -f Makefile.f && \ - cp mod_security.so /usr/local/lsws/modules && \ - /build/prepare-ols-admin_php.sh && \ - cd /usr/local/lsws/phpbuild/php-$OLS_ADMIN_PHP_VERSION && make -j3 && \ - /build/config-ols-admin_php.sh && \ + cd / && /build/cleanup-build-env.sh && rm -rf /build && \ /build/config-ols.sh && \ - /build/prepare-acme.sh && \ - cd / && /build/cleanup-build-env.sh && rm -rf /build + echo 'cloud-docker' > /usr/local/lsws/PLAT && \ + /build/prepare-acme.sh RUN mkdir -p /usr/local/lsws/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/etc/php/${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}/ diff --git a/template/cleanup-build-env.sh b/template/cleanup-build-env.sh index 7bd02eb..1075b76 100755 --- a/template/cleanup-build-env.sh +++ b/template/cleanup-build-env.sh @@ -13,7 +13,7 @@ rm -f "$tmp" apt-get remove --purge -y $PACKAGES_TO_REMOVE # Install the run-time dependencies -apt-get install $MINIMAL_APT_GET_ARGS $RUN_PACKAGES +apt-get install $MINIMAL_APT_GET_ARGS $RUN_PACKAGES openlitespeed ols-modsecurity rm -rf /tmp/* /var/tmp/* $LSWS_HOME/phpbuild diff --git a/template/config-build-env.sh b/template/config-build-env.sh index 68f0a71..99868e5 100755 --- a/template/config-build-env.sh +++ b/template/config-build-env.sh @@ -6,13 +6,13 @@ export INITRD=no export DEBIAN_FRONTEND=noninteractive -MINIMAL_APT_GET_ARGS='-y --no-install-recommends' +MINIMAL_APT_GET_ARGS='-y --no-install-recommends --allow-downgrades' # File containing original installed packages PACKAGES_INSTALLED_LOG="/tmp/packages.lst" ## Run time dependencies ## -RUN_PACKAGES="ca-certificates cron tzdata openssl mariadb-client libgssapi-krb5-2 libkrb5-3 libexpat1 libxml2 libargon2-1 libenchant-2-2 libpng16-16 libwebp6 libjpeg62-turbo libxpm4 libfreetype6 libonig5 libsodium23 libxslt1.1 libzip4 libzstd1 liblz4-1 libcurl4 imagemagick libc-client2007e libmemcached11 libdbd-freetds freetds-bin procps libatomic1 net-tools less libjpeg-turbo-progs optipng gifsicle zip unzip libyajl2 libpcre2-posix2 libpcre++0v5 liblmdb0 libgeoip1 ruby-full gnupg2 nodejs yarn" +RUN_PACKAGES="cron tzdata mariadb-client openssl=1.1.1n-0+deb11u4 libssl1.1 libgssapi-krb5-2 libkrb5-3 libexpat1 libxml2 libargon2-1 libenchant-2-2 libpng16-16 libwebp6 libjpeg62-turbo libxpm4 libfreetype6 libonig5 libsodium23 libxslt1.1 libzip4 libzstd1 liblz4-1 libcurl4 libcurlpp0 imagemagick libc-client2007e libmemcached11 libdbd-freetds freetds-bin procps libatomic1 net-tools less libjpeg-turbo-progs optipng gifsicle zip unzip libyajl2 libpcre2-posix3 liblmdb0 libgeoip1 ruby-full gnupg2 nodejs yarn libmodsecurity3 modsecurity-crs liblua5.3-0" ## Build time dependencies ## @@ -24,10 +24,10 @@ BUILD_PACKAGES="git curl wget" BUILD_PACKAGES="$BUILD_PACKAGES pkg-config" # OLS build required packages -BUILD_PACKAGES="$BUILD_PACKAGES cmake g++ libgeoip-dev liblmdb-dev libyajl-dev libpcre++-dev" +BUILD_PACKAGES="$BUILD_PACKAGES cmake g++ libgeoip-dev liblmdb-dev libyajl-dev libmodsecurity-dev liblua5.3-dev" # PHP building required packages -BUILD_PACKAGES="$BUILD_PACKAGES build-essential libssl-dev libdb5.3-dev krb5-multidev libkrb5-dev bison autoconf automake libtool re2c flex libxml2-dev libbz2-dev libcurl4-openssl-dev libexpat1-dev libjpeg-dev libfreetype6-dev libgmp3-dev libpng-dev libxpm-dev libc-client2007e-dev libenchant-2-dev libsasl2-dev libc-client2007e-dev libldap2-dev libldb-dev libmcrypt-dev libmhash-dev freetds-dev zlib1g-dev libpq-dev libmariadb-dev-compat libmariadb-dev libncurses5-dev libpcre2-dev libpcre3-dev unixodbc-dev libsqlite3-dev libaspell-dev libreadline6-dev librecode-dev libsnmp-dev libtidy-dev libxslt-dev libonig-dev libzip-dev libwebp-dev freetds-dev libpspell-dev libedit-dev libsodium-dev libargon2-dev libvarnishapi-dev libmagickwand-dev libmagickcore-dev libmemcached-dev libzstd-dev liblz4-dev libyaml-dev libffi-dev" +BUILD_PACKAGES="$BUILD_PACKAGES build-essential libdb5.3-dev krb5-multidev libkrb5-dev bison autoconf automake libtool re2c flex libxml2-dev libbz2-dev libcurlpp-dev libssl-dev=1.1.1n-0+deb11u4 libcurl4-openssl-dev libexpat1-dev libjpeg-dev libfreetype6-dev libgmp3-dev libpng-dev libxpm-dev libc-client2007e-dev libenchant-2-dev libsasl2-dev libc-client2007e-dev libldap2-dev libldb-dev libmcrypt-dev libmhash-dev freetds-dev zlib1g-dev libpq-dev libmariadb-dev-compat libmariadb-dev libncurses5-dev libpcre2-dev unixodbc-dev libsqlite3-dev libaspell-dev libreadline6-dev librecode-dev libsnmp-dev libtidy-dev libxslt-dev libonig-dev libzip-dev libwebp-dev freetds-dev libpspell-dev libedit-dev libsodium-dev libargon2-dev libvarnishapi-dev libmagickwand-dev libmagickcore-dev libmemcached-dev libzstd-dev liblz4-dev libyaml-dev libffi-dev" # apt-get remove --allow-remove-essential enters an infinite loop of # pam errors with this package diff --git a/template/config-ols.sh b/template/config-ols.sh index b492513..e09d4b9 100755 --- a/template/config-ols.sh +++ b/template/config-ols.sh @@ -4,10 +4,10 @@ cd /build || exit -wget -O $LSWS_HOME/admin/misc/lsup.sh \ - https://raw.githubusercontent.com/litespeedtech/openlitespeed/master/dist/admin/misc/lsup.sh +#wget -O $LSWS_HOME/admin/misc/lsup.sh \ +# https://raw.githubusercontent.com/litespeedtech/openlitespeed/master/dist/admin/misc/lsup.sh -chmod +x $LSWS_HOME/admin/misc/lsup.sh +#chmod +x $LSWS_HOME/admin/misc/lsup.sh echo "listener HTTP { address *:80 diff --git a/template/config-php.sh b/template/config-php.sh index 1648f12..47e1857 100755 --- a/template/config-php.sh +++ b/template/config-php.sh @@ -10,6 +10,7 @@ ln -sf $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/lsphp${PHP_M ln -sf $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/lsphp${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION} $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/lsphp # Install missing PECL PHP modules. +$LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl channel-update pecl.php.net $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl install igbinary $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl install msgpack $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl install lzf diff --git a/template/prepare-build.sh b/template/prepare-build.sh index fe3c1d8..712c010 100755 --- a/template/prepare-build.sh +++ b/template/prepare-build.sh @@ -3,7 +3,7 @@ . /build/config-build-env.sh apt-get update -y -apt install curl -y +apt install curl ca-certificates -y # Prepare to install Node 16. curl -sL https://deb.nodesource.com/setup_16.x | bash - @@ -12,6 +12,9 @@ curl -sL https://deb.nodesource.com/setup_16.x | bash - curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +# Add snapshots repository to install OpenSSL 1.1.1o & WebP6 libraries. +echo "deb [check-valid-until=no] https://snapshot.debian.org/archive/debian/20230528T210109Z/ bullseye main" | tee /etc/apt/sources.list.d/snapshots.2023.list + apt-get update -y dpkg --get-selections | awk '{print $1}' | sort > "$PACKAGES_INSTALLED_LOG" @@ -20,11 +23,3 @@ cat "$PACKAGES_INSTALLED_LOG" apt-get install $MINIMAL_APT_GET_ARGS $BUILD_PACKAGES $RUN_PACKAGES -# https://github.com/SpiderLabs/ModSecurity/issues/804#issuecomment-246158487 -#cd /build || exit - -# Download and prepare YAJL source. -#wget https://github.com/lloyd/yajl/archive/refs/tags/2.1.0.tar.gz -O yajl-2.1.0.tar.gz && \ -# tar xzf yajl-2.1.0.tar.gz && cd yajl-2.1.0 && \ -# ./configure - diff --git a/template/prepare-ols.sh b/template/prepare-ols.sh index afbaab6..5e8d807 100755 --- a/template/prepare-ols.sh +++ b/template/prepare-ols.sh @@ -8,6 +8,15 @@ cd /build || exit export PKG_CONFIG_PATH=/usr/local/share/pkgconfig:PKG_CONFIG_PATH # Download and prepare OpenLiteSpeed source. -wget https://openlitespeed.org/packages/openlitespeed-$OLS_VERSION.src.tgz && \ - tar xzf openlitespeed-$OLS_VERSION.src.tgz +# wget https://openlitespeed.org/packages/openlitespeed-$OLS_VERSION.src.tgz && \ +# tar xzf openlitespeed-$OLS_VERSION.src.tgz + +# Add OpenLiteSpeed package repositories. +wget -O /etc/apt/trusted.gpg.d/lst_debian_repo.gpg http://rpms.litespeedtech.com/debian/lst_debian_repo.gpg +wget -O /etc/apt/trusted.gpg.d/lst_repo.gpg http://rpms.litespeedtech.com/debian/lst_repo.gpg +echo "deb http://rpms.litespeedtech.com/debian/ bullseye main" > /etc/apt/sources.list.d/lst_debian_repo.list +echo "#deb http://rpms.litespeedtech.com/edge/debian/ bullseye main" >> /etc/apt/sources.list.d/lst_debian_repo.list +echo 'LiteSpeed repository has been setup!' + +apt-get update -y