From 6209e21a9a0f39716837e6a98165a59614b9e321 Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Sun, 30 Jul 2023 15:09:31 -0400 Subject: [PATCH] feat(debian): Changes to Debian 12 to Correlate with Latest Official OLS Ubuntu 22.04 Build * Fixes #102 * Updates the Docker base image to use Debian 12. * Updates build library requirements. * Downgrades OpenSSL v3 to v1.1.1. * Adds pull request Docker image build testing. * Updates to build the OLS admin PHP version to match the system/hosting PHP version. --- .github/workflows/test-builds.yml | 67 +++++++++++++++++++++++++++++++ README.md | 47 ++++++++++++++++------ template/Dockerfile | 8 ++-- template/config-build-env.sh | 6 +-- template/config-php.sh | 1 + template/prepare-build.sh | 18 +++++---- 6 files changed, 120 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/test-builds.yml diff --git a/.github/workflows/test-builds.yml b/.github/workflows/test-builds.yml new file mode 100644 index 0000000..bf6a8ea --- /dev/null +++ b/.github/workflows/test-builds.yml @@ -0,0 +1,67 @@ +name: docker-build + +on: + workflow_dispatch: + pull_request: + branches: + - develop + +env: + OLS_VERSION: 1.7.17 + PHP_STABLE_VERSION: '8.2.8' + REGISTRY: ghcr.io + +jobs: + buildx: + runs-on: self-hosted + strategy: + fail-fast: false + matrix: + PHP_VERSION: ['8.0.29', '8.1.21', '8.2.8'] + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Required due to the way Git works, without it this action won't be able to find any or the correct tags + + # https://github.com/marketplace/actions/docker-setup-buildx + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + # https://github.com/marketplace/actions/docker-login + - name: Login to GitHub Packages + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + logout: false + + # https://github.com/orgs/community/discussions/26625#discussioncomment-3252582 + - name: Determine PHP Major/Minor Version + id: php-version + run: | + _0=$(echo ${{ matrix.PHP_VERSION }} | cut -d. -f1) + _1=$(echo ${{ matrix.PHP_VERSION }} | cut -d. -f2) + echo "_0=$_0" >> $GITHUB_OUTPUT + echo "_1=$_1" >> $GITHUB_OUTPUT + + # https://github.com/marketplace/actions/build-and-push-docker-images + - name: Build Docker Images + uses: docker/build-push-action@v4 + with: + context: template + platforms: linux/arm64 + provenance: false + build-args: | + OLS_VERSION=${{ env.OLS_VERSION }} + PHP_VERSION=${{ matrix.PHP_VERSION }} + PHP_MAJOR_VERSION=${{ steps.php-version.outputs._0 }} + PHP_MINOR_VERSION=${{ steps.php-version.outputs._1 }} + push: false + tags: ${{ env.REGISTRY }}/ndigitals/openlitespeed:${{ env.OLS_VERSION }}-lsphp${{ steps.php-version.outputs._0 }}${{ steps.php-version.outputs._1 }} + no-cache: ${{ github.event_name == 'workflow_dispatch' && true || false }} + cache-from: type=registry,ref=${{ env.REGISTRY }}/ndigitals/openlitespeed:latest + cache-to: type=inline + diff --git a/README.md b/README.md index 106a887..5ca1ee6 100644 --- a/README.md +++ b/README.md @@ -1,60 +1,81 @@ # OpenLiteSpeed Docker Container + [![Build Status](https://github.com/ndigitals/ols-dockerfiles/workflows/docker-build/badge.svg)](https://github.com/ndigitals/ols-dockerfiles/actions/new) Install a lightweight OpenLiteSpeed container using the Stable version in Debian 11 Linux on arm64. ### Prerequisites -* [Install Docker](https://www.docker.com/) + +- [Install Docker](https://www.docker.com/) ## Build Components + The system will regulary build the OpenLiteSpeed Latest stable version, along with at least two PHP versions, currently only PHP 8.x. -|Component|Version| -| :-------------: | :-------------: | -|Linux|Debian 11| -|OpenLiteSpeed|[Latest stable version](https://openlitespeed.org/release-log/version-1-7-x)| -|PHP|[Latest stable version](https://www.php.net/downloads)| +| Component | Version | +| :-----------: | :--------------------------------------------------------------------------: | +| Linux | Debian 12(slim) | +| OpenLiteSpeed | [Latest stable version](https://openlitespeed.org/release-log/version-1-7-x) | +| PHP | [Latest stable versions](https://www.php.net/downloads) | ## Usage + ### Download an image + Download the openlitespeed image, we can use latest for latest version + ``` docker pull ghcr.io/ndigitals/openlitespeed:latest ``` + or specify the OpenLiteSpeed version with lsphp version + ``` -docker pull ghcr.io/ndigitals/openlitespeed:1.7.16-lsphp80 +docker pull ghcr.io/ndigitals/openlitespeed:1.7.17-lsphp80 ``` + ### Start a Container + ``` docker run --name openlitespeed -p 7080:7080 -p 80:80 -p 443:443 -it ghcr.io/ndigitals/openlitespeed:latest ``` + You can also run with Detached mode, like so: + ``` docker run -d --name openlitespeed -p 7080:7080 -p 80:80 -p 443:443 -it ghcr.io/ndigitals/openlitespeed:latest ``` -Tip, you can get rid of `-p 7080:7080` from the command if you don’t need the web admin access. + +Tip, you can get rid of `-p 7080:7080` from the command if you don’t need the web admin access. ### Add a sample page + The server should start running successfully, and you should be able to log into the container. Add some files you want to display with the following command: + ``` docker exec -it openlitespeed bash ``` -Your default `WORKDIR` should be `/var/www/vhosts/`, since the default document root path is `/var/www/vhosts/localhost/html`. Simply add the following command to `index.php`, then we can verify it from the browser with a public server IP address on both HTTP and HTTPS. + +Your default `WORKDIR` should be `/var/www/vhosts/`, since the default document root path is `/var/www/vhosts/localhost/html`. Simply add the following command to `index.php`, then we can verify it from the browser with a public server IP address on both HTTP and HTTPS. + ``` echo ' localhost/html/index.php ``` ### Stop a Container + Feel free to substitute the "openlitespeed" to the "Container_ID" if you did not define any name for the container. + ``` docker stop openlitespeed ``` ## Support & Feedback + If you still have a question after using OpenLiteSpeed Docker, you have a few options. -* Join [the GoLiteSpeed Slack community](https://litespeedtech.com/slack) for real-time discussion -* Post to [the OpenLiteSpeed Forums](https://forum.openlitespeed.org/) for community support -* Reporting any issue on [Github ols-dockerfiles](https://github.com/ndigitals/ols-dockerfiles/issues) project -**Pull requests are always welcome** +- Join [the GoLiteSpeed Slack community](https://litespeedtech.com/slack) for real-time discussion +- Post to [the OpenLiteSpeed Forums](https://forum.openlitespeed.org/) for community support +- Reporting any issue on [Github ols-dockerfiles](https://github.com/ndigitals/ols-dockerfiles/issues) project + +**Pull requests are always welcome** diff --git a/template/Dockerfile b/template/Dockerfile index d72c19f..b6364f2 100644 --- a/template/Dockerfile +++ b/template/Dockerfile @@ -12,7 +12,7 @@ ARG PHP_MINOR_VERSION FROM litespeedtech/openlitespeed:${OLS_VERSION}-lsphp${PHP_MAJOR_VERSION}0 AS ols -FROM debian:11-slim +FROM debian:12-slim LABEL org.opencontainers.image.url=https://github.com/ndigitals/ols-dockerfiles LABEL org.opencontainers.image.documentation=https://github.com/ndigitals/ols-dockerfiles/wiki @@ -29,9 +29,9 @@ ENV OLS_VERSION=${OLS_VERSION} ENV PHP_VERSION=${PHP_VERSION} ENV PHP_MAJOR_VERSION=${PHP_MAJOR_VERSION} ENV PHP_MINOR_VERSION=${PHP_MINOR_VERSION} -ENV OLS_ADMIN_PHP_VERSION=7.4.33 -ENV OLS_ADMIN_PHP_MAJOR_VERSION=7 -ENV OLS_ADMIN_PHP_MINOR_VERSION=4 +ENV OLS_ADMIN_PHP_VERSION=${PHP_VERSION} +ENV OLS_ADMIN_PHP_MAJOR_VERSION=${PHP_MAJOR_VERSION} +ENV OLS_ADMIN_PHP_MINOR_VERSION=${PHP_MINOR_VERSION} COPY *.sh /build/ diff --git a/template/config-build-env.sh b/template/config-build-env.sh index 68f0a71..bc1e5e3 100755 --- a/template/config-build-env.sh +++ b/template/config-build-env.sh @@ -12,7 +12,7 @@ MINIMAL_APT_GET_ARGS='-y --no-install-recommends' PACKAGES_INSTALLED_LOG="/tmp/packages.lst" ## Run time dependencies ## -RUN_PACKAGES="ca-certificates cron tzdata openssl mariadb-client libgssapi-krb5-2 libkrb5-3 libexpat1 libxml2 libargon2-1 libenchant-2-2 libpng16-16 libwebp6 libjpeg62-turbo libxpm4 libfreetype6 libonig5 libsodium23 libxslt1.1 libzip4 libzstd1 liblz4-1 libcurl4 imagemagick libc-client2007e libmemcached11 libdbd-freetds freetds-bin procps libatomic1 net-tools less libjpeg-turbo-progs optipng gifsicle zip unzip libyajl2 libpcre2-posix2 libpcre++0v5 liblmdb0 libgeoip1 ruby-full gnupg2 nodejs yarn" +RUN_PACKAGES="ca-certificates cron tzdata mariadb-client openssl libssl3 libgssapi-krb5-2 libkrb5-3 libexpat1 libxml2 libargon2-1 libenchant-2-2 libpng16-16 libwebp7 libjpeg62-turbo libxpm4 libfreetype6 libonig5 libsodium23 libxslt1.1 libzip4 libzstd1 liblz4-1 libcurl4 libcurlpp0 imagemagick libc-client2007e libmemcached11 libdbd-freetds freetds-bin procps libatomic1 net-tools less libjpeg-turbo-progs optipng gifsicle zip unzip libyajl2 libpcre2-posix3 liblmdb0 libgeoip1 ruby-full gnupg2 nodejs yarn" ## Build time dependencies ## @@ -24,10 +24,10 @@ BUILD_PACKAGES="git curl wget" BUILD_PACKAGES="$BUILD_PACKAGES pkg-config" # OLS build required packages -BUILD_PACKAGES="$BUILD_PACKAGES cmake g++ libgeoip-dev liblmdb-dev libyajl-dev libpcre++-dev" +BUILD_PACKAGES="$BUILD_PACKAGES cmake g++ libgeoip-dev liblmdb-dev libyajl-dev" # PHP building required packages -BUILD_PACKAGES="$BUILD_PACKAGES build-essential libssl-dev libdb5.3-dev krb5-multidev libkrb5-dev bison autoconf automake libtool re2c flex libxml2-dev libbz2-dev libcurl4-openssl-dev libexpat1-dev libjpeg-dev libfreetype6-dev libgmp3-dev libpng-dev libxpm-dev libc-client2007e-dev libenchant-2-dev libsasl2-dev libc-client2007e-dev libldap2-dev libldb-dev libmcrypt-dev libmhash-dev freetds-dev zlib1g-dev libpq-dev libmariadb-dev-compat libmariadb-dev libncurses5-dev libpcre2-dev libpcre3-dev unixodbc-dev libsqlite3-dev libaspell-dev libreadline6-dev librecode-dev libsnmp-dev libtidy-dev libxslt-dev libonig-dev libzip-dev libwebp-dev freetds-dev libpspell-dev libedit-dev libsodium-dev libargon2-dev libvarnishapi-dev libmagickwand-dev libmagickcore-dev libmemcached-dev libzstd-dev liblz4-dev libyaml-dev libffi-dev" +BUILD_PACKAGES="$BUILD_PACKAGES build-essential libdb5.3-dev krb5-multidev libkrb5-dev bison autoconf automake libtool re2c flex libxml2-dev libbz2-dev libcurlpp-dev libssl-dev libcurl4-openssl-dev libexpat1-dev libjpeg-dev libfreetype6-dev libgmp3-dev libpng-dev libxpm-dev libc-client2007e-dev libenchant-2-dev libsasl2-dev libc-client2007e-dev libldap2-dev libldb-dev libmcrypt-dev libmhash-dev freetds-dev zlib1g-dev libpq-dev libmariadb-dev-compat libmariadb-dev libncurses5-dev libpcre2-dev unixodbc-dev libsqlite3-dev libaspell-dev libreadline6-dev librecode-dev libsnmp-dev libtidy-dev libxslt-dev libonig-dev libzip-dev libwebp-dev freetds-dev libpspell-dev libedit-dev libsodium-dev libargon2-dev libvarnishapi-dev libmagickwand-dev libmagickcore-dev libmemcached-dev libzstd-dev liblz4-dev libyaml-dev libffi-dev" # apt-get remove --allow-remove-essential enters an infinite loop of # pam errors with this package diff --git a/template/config-php.sh b/template/config-php.sh index 1648f12..47e1857 100755 --- a/template/config-php.sh +++ b/template/config-php.sh @@ -10,6 +10,7 @@ ln -sf $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/lsphp${PHP_M ln -sf $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/lsphp${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION} $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/lsphp # Install missing PECL PHP modules. +$LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl channel-update pecl.php.net $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl install igbinary $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl install msgpack $LSWS_HOME/lsphp${PHP_MAJOR_VERSION}${PHP_MINOR_VERSION}/bin/pecl install lzf diff --git a/template/prepare-build.sh b/template/prepare-build.sh index fe3c1d8..db5667d 100755 --- a/template/prepare-build.sh +++ b/template/prepare-build.sh @@ -20,11 +20,15 @@ cat "$PACKAGES_INSTALLED_LOG" apt-get install $MINIMAL_APT_GET_ARGS $BUILD_PACKAGES $RUN_PACKAGES -# https://github.com/SpiderLabs/ModSecurity/issues/804#issuecomment-246158487 -#cd /build || exit - -# Download and prepare YAJL source. -#wget https://github.com/lloyd/yajl/archive/refs/tags/2.1.0.tar.gz -O yajl-2.1.0.tar.gz && \ -# tar xzf yajl-2.1.0.tar.gz && cd yajl-2.1.0 && \ -# ./configure +# Download and install OpenSSL 1.1.1o from the snapshots repository. +# Switch to build directory. +cd /build || exit +# Download and install. +wget https://snapshot.debian.org/archive/debian/20220507T034236Z/pool/main/o/openssl/openssl_1.1.1o-1_arm64.deb && \ + wget https://snapshot.debian.org/archive/debian/20220507T034236Z/pool/main/o/openssl/libssl1.1_1.1.1o-1_arm64.deb && \ + wget https://snapshot.debian.org/archive/debian/20220507T034236Z/pool/main/o/openssl/libssl-dev_1.1.1o-1_arm64.deb && \ + dpkg -i libssl1.1_1.1.1o-1_arm64.deb libssl-dev_1.1.1o-1_arm64.deb openssl_1.1.1o-1_arm64.deb && \ + echo libssl1.1 hold | dpkg --set-selections && \ + echo libssl-dev hold | dpkg --set-selections && \ + echo openssl hold | dpkg --set-selections