From 5d61b7087e45c7788e89185ff985ce9fbccc5c35 Mon Sep 17 00:00:00 2001
From: Julian Ospald <hasufell@posteo.de>
Date: Thu, 17 Mar 2016 19:11:40 +0100
Subject: [PATCH] Initial commit

---
 Dockerfile              | 50 +++++++++++++++++++++
 README.md               | 96 +++++++++++++++++++++++++++++++++++++++++
 config/supervisord.conf | 17 ++++++++
 setup.sh                | 38 ++++++++++++++++
 4 files changed, 201 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100644 config/supervisord.conf
 create mode 100644 setup.sh

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..34f617c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,50 @@
+FROM       alpine:3.3
+MAINTAINER Julian Ospald <hasufell@posteo.de>
+
+
+ENV GOPATH /gopath
+ENV PATH $PATH:$GOROOT/bin:$GOPATH/bin
+
+WORKDIR /gopath/src/github.com/gogits/gogs/
+
+RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" \
+		>> /etc/apk/repositories && \
+	apk --no-cache add go redis sqlite openssh sudo supervisor git \
+		bash linux-pam build-base linux-pam-dev shadow@testing && \
+	git clone --depth=1 https://github.com/gogits/gogs.git \
+		/gopath/src/github.com/gogits/gogs && \
+	go get -v -tags "sqlite redis memcache cert pam" && \
+	go build -tags "sqlite redis memcache cert pam" && \
+	mkdir /app/ && \
+	mv /gopath/src/github.com/gogits/gogs/ /app/gogs/ && \
+	groupadd git && \
+	useradd --shell /bin/bash --system --comment gogits git && \
+	apk --no-cache del build-base linux-pam-dev shadow && \
+	rm -rf "$GOPATH" /var/cache/apk/*
+
+
+WORKDIR /app/gogs/
+
+# SSH login fix, otherwise user is kicked off after login
+RUN echo "export VISIBLE=now" >> /etc/profile && \
+	echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config
+
+# Setup server keys on startup
+RUN echo "HostKey /data/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config && \
+	echo "HostKey /data/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config && \
+	echo "HostKey /data/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
+
+# Prepare data
+ENV GOGS_CUSTOM /data/gogs
+RUN echo "export GOGS_CUSTOM=/data/gogs" >> /etc/profile
+
+RUN chown -R redis /var/log/redis
+RUN sed -i -e 's/daemonize yes/daemonize no/' /etc/redis.conf
+
+COPY setup.sh /setup.sh
+RUN chmod +x /setup.sh
+COPY config/supervisord.conf /etc/supervisord.conf
+
+EXPOSE 3000
+
+CMD /setup.sh && exec /usr/bin/supervisord -n -c /etc/supervisord.conf
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..70b0f75
--- /dev/null
+++ b/README.md
@@ -0,0 +1,96 @@
+# Gogs via Docker
+
+## Concept
+
+* nginx reverse proxy (in docker container), automatically configured (except for the ssl certificates)
+* backend gogs instance (in docker container)
+
+## Getting the images
+
+Just pull them:
+```sh
+docker pull hasufell/alpine-gogs
+docker pull hasufell/alpine-nginx-proxy
+```
+
+## Configuration
+
+Gogs is configured via the web interface once the instance has started.
+
+In addition, the following environment variables can be passed via `-e` to
+`docker run`:
+* `VIRTUAL_HOST`: sets the hostname for connecting to the gogs backend server
+* `VIRTUAL_PORT`: tells the front proxy on which port to contact the backend server
+* `GOGS_SSH_PORT`: this only changes the port of the sshd service, you will still have to adjust it in the web configuration interface (optional, default 22)
+
+### Certificates
+
+We need certificates which are named according to the hostname
+of the gogs instance (e.g. if you will access gogs via
+`https://gogs.foo.com`, then you name your certificates files
+`gogs.foo.crt` and `gogs.foo.key`).
+
+Just drop these in a directory. We will mount this directory into the
+container later.
+
+## Running for the first time
+
+Create the volumes. This will create a persistent data volume container.
+You should not remove it (keep in mind that this container is not running).
+```sh
+docker run \
+	--name=gogs-volumes \
+	-v /data \
+	hasufell/alpine-gogs \
+	echo gogs-volumes
+```
+
+Now we start the front proxy.
+```sh
+docker run -ti -d \
+	-v /var/run/docker.sock:/tmp/docker.sock:ro \
+	-v <full-path-to-nginx-certs>:/etc/nginx/certs \
+	-p 80:80 \
+	-p 443:443 \
+	hasufell/alpine-nginx-proxy
+```
+
+Now we can start the gogs instance.
+
+```sh
+docker run -ti -d \
+	--volumes-from gogs-volumes \
+	--name=gogs \
+	-e VIRTUAL_HOST=<hostname> \
+	-e VIRTUAL_PORT=3000 \
+	-e GOGS_SSH_PORT=<ssh-port> \
+	-p <sshport>:<sshport> \
+	hasufell/alpine-gogs
+```
+
+Note that `VIRTUAL_HOST` and `VIRTUAL_PORT` are __strictly__ necessary,
+because they are used by the front proxy to update its configuration
+automatically.
+
+## Initial web configuration
+
+Make sure:
+* `Database Type` is SQLite3
+* `Domain` is set to your domain
+* `SSH Port` is set to what you specified in `GOGS_SSH_PORT` (or 22 for default)
+* `Application URL` is `https://<domain>/` (not `http`) _without_ the Port 3000
+
+## Update procedure
+```sh
+docker stop gogs
+docker rm gogs
+docker pull hasufell/alpine-gogs
+docker run -ti -d \
+	--volumes-from gogs-volumes \
+	--name=gogs \
+	-e VIRTUAL_HOST=<hostname> \
+	-e VIRTUAL_PORT=3000 \
+	-e GOGS_SSH_PORT=<ssh-port> \
+	-p <sshport>:<sshport> \
+	hasufell/alpine-gogs
+```
diff --git a/config/supervisord.conf b/config/supervisord.conf
new file mode 100644
index 0000000..774f287
--- /dev/null
+++ b/config/supervisord.conf
@@ -0,0 +1,17 @@
+[supervisord]
+nodaemon=true
+
+[program:sshd]
+command=/usr/sbin/sshd -D
+autorestart=true
+priority=1
+
+[program:redis]
+command=sudo -u redis redis-server /etc/redis.conf
+autorestart=true
+priority=2
+
+[program:gogs]
+command=sudo -u git /app/gogs/gogs web
+autorestart=true
+priority=999
diff --git a/setup.sh b/setup.sh
new file mode 100644
index 0000000..898b30f
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+if [[ ! -d /data/gogs ]] ; then
+	mkdir -p /var/run/sshd
+	mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/gogs/custom
+fi
+
+if [[ ! -d /data/ssh ]] ; then
+	mkdir /data/ssh
+	ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
+	ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
+	ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
+	chown -R root:root /data/ssh/*
+	chmod 600 /data/ssh/*
+fi
+
+ln -sf /data/gogs/custom ./custom
+ln -sf /data/gogs/log ./log
+ln -sf /data/gogs/data ./data
+ln -sf /data/git /home/git
+
+
+if [[ ! -d ~git/.ssh ]] ; then
+  mkdir ~git/.ssh
+  chmod 700 ~git/.ssh
+fi
+
+if [[ ! -f ~git/.ssh/environment ]] ; then
+  echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment
+  chown git:git ~git/.ssh/environment
+  chown 600 ~git/.ssh/environment
+fi
+
+chown -R git:git /data .
+
+if [[ ${GOGS_SSH_PORT} ]] ; then
+	echo "Port ${GOGS_SSH_PORT}" >> /etc/ssh/sshd_config
+fi