diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8cba70b4f12f9aaea4a1b30b16de576d125581c8..697bba055d4d86e685f27c1dcbd96c9084681d63 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,11 +12,9 @@ build-rpm:
- env | sort
- export VOMS_MODULE_HOME=${CI_PROJECT_DIR}
- cd rpm && sh make_packaging.sh && cd ..
- - mv ${HOME}/rpmbuild.tar.gz .
- mv ${HOME}/rpmbuild ./rpmbuild
artifacts:
paths:
- - rpmbuild.tar.gz
- rpmbuild/SRPMS/
- rpmbuild/RPMS/noarch/
- rpmbuild/RPMS/x86_64/
@@ -32,12 +30,13 @@ docker-build-rpm:
- apk add git bash
- git clone https://baltig.infn.it/mw-devel/helper-scripts.git helper-scripts
- cp helper-scripts/scripts/* /usr/local/bin
- - cp rpmbuild/RPMS/x86_64/* ${CI_PROJECT_DIR}/docker/ngx-voms-packaging/
- - cp rpmbuild/RPMS/noarch/* ${CI_PROJECT_DIR}/docker/ngx-voms-packaging/
+ - cp rpmbuild/RPMS/x86_64/* ${CI_PROJECT_DIR}/docker/openresty-voms/
+ - cp rpmbuild/RPMS/noarch/* ${CI_PROJECT_DIR}/docker/openresty-voms/
+ - rm ${CI_PROJECT_DIR}/docker/openresty-voms/*-debuginfo*.rpm
- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
- export DOCKER_REGISTRY_HOST=${CI_REGISTRY}
- export DOCKER_REGISTRY_NAMESPACE=${CI_PROJECT_PATH}
- - cd docker && cd ngx-voms-packaging && build-docker-image.sh && push-docker-image.sh
+ - cd docker/openresty-voms && build-docker-image.sh && push-docker-image.sh
push-to-dockerhub:
stage: docker-push
@@ -55,9 +54,7 @@ push-to-dockerhub:
- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
- export DOCKER_REGISTRY_HOST=${CI_REGISTRY}
- export DOCKER_REGISTRY_NAMESPACE=${CI_PROJECT_PATH}
- - cd docker && cd ngx-voms-packaging && pull-docker-image.sh && cd .. && unset DOCKER_REGISTRY_HOST
- - docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD}
- - cd ngx-voms-packaging && push-docker-image.sh
+ - cd docker/openresty-voms && pull-docker-image.sh && unset DOCKER_REGISTRY_HOST
+ - docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD} && push-docker-image.sh
only:
- master
-
diff --git a/docker/ngx-voms-packaging/Dockerfile b/docker/ngx-voms-packaging/Dockerfile
deleted file mode 100644
index 180d27df352bbc66fb9c5328042071bcb74796a2..0000000000000000000000000000000000000000
--- a/docker/ngx-voms-packaging/Dockerfile
+++ /dev/null
@@ -1,36 +0,0 @@
-FROM storm2/base:latest
-
-RUN sudo yum -y install voms zlib pcre readline gettext && \
- sudo yum clean all && rm -rf /var/cache/yum
-
-ADD assets/setup.sh /docker/
-
-RUN sh /docker/setup.sh
-
-RUN mkdir /cores
-
-USER root
-
-ADD openresty-voms-1.15.8.1-7.el7.x86_64.rpm openresty-voms-1.15.8.1-7.el7.x86_64.rpm
-ADD openresty-voms-debuginfo-1.15.8.1-7.el7.x86_64.rpm openresty-voms-debuginfo-1.15.8.1-7.el7.x86_64.rpm
-
-ADD openresty-voms-doc-1.15.8.1-7.el7.noarch.rpm openresty-voms-doc-1.15.8.1-7.el7.noarch.rpm
-ADD openresty-voms-opm-1.15.8.1-7.el7.noarch.rpm openresty-voms-opm-1.15.8.1-7.el7.noarch.rpm
-ADD openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm
-
-RUN sudo yum -y localinstall openresty-voms-1.15.8.1-7.el7.x86_64.rpm \
- openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm \
- openresty-voms-doc-1.15.8.1-7.el7.noarch.rpm \
- openresty-voms-opm-1.15.8.1-7.el7.noarch.rpm \
- openresty-voms-resty-1.15.8.1-7.el7.noarch.rpm
-
-RUN chown -R ${STORM_USER}:${STORM_USER} /usr/local/openresty-voms/ /usr/lib/systemd/system/openresty-voms.service /usr/bin/openresty-voms
-
-ENV TINI_VERSION v0.18.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
-RUN chmod +x /tini
-ENTRYPOINT ["/tini", "--"]
-
-CMD ["sudo", "/usr/bin/openresty-voms", "-g", "daemon off;"]
-
-USER ${STORM_USER}
diff --git a/docker/ngx-voms-packaging/assets/setup.sh b/docker/ngx-voms-packaging/assets/setup.sh
deleted file mode 100644
index 41c7aace44a3e31ace1ce61eae76c553a5f9b59d..0000000000000000000000000000000000000000
--- a/docker/ngx-voms-packaging/assets/setup.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-set -ex
-
-mkdir -p /etc/nginx/conf.d
-
-chown -R ${STORM_USER}:${STORM_USER} /etc/nginx
-
-
diff --git a/docker/ngx-voms-packaging/.env b/docker/openresty-voms/.env
similarity index 52%
rename from docker/ngx-voms-packaging/.env
rename to docker/openresty-voms/.env
index 7368612d7a88de745e091a81683d2cfb00e4ea2e..835f784586b2b8bf793d5daed5baf0c534810baa 100644
--- a/docker/ngx-voms-packaging/.env
+++ b/docker/openresty-voms/.env
@@ -1,4 +1,3 @@
-DOCKER_IMAGE=storm2/ngx-voms-centos7
+DOCKER_IMAGE=storm2/openresty-voms
DOCKER_VERBOSE=y
DOCKER_GIT_TAG_ENABLED=y
-
diff --git a/docker/openresty-voms/Dockerfile b/docker/openresty-voms/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..b267f246d84701d4a684a03b5d073ea37e6a60cf
--- /dev/null
+++ b/docker/openresty-voms/Dockerfile
@@ -0,0 +1,38 @@
+FROM centos:7
+
+# Allow customization of nginx user ID and name
+ARG NGINX_USER=nginx
+ARG NGINX_USER_UID=1001
+
+ENV NGINX_USER $NGINX_USER
+ENV NGINX_USER_UID $NGINX_USER_UID
+
+RUN echo "include_only=.garr.it,.cern.ch" >> /etc/yum/pluginconf.d/fastestmirror.conf && \
+ yum clean all && \
+ yum install -y hostname epel-release && \
+ yum -y update && \
+ yum -y install which wget tar sudo file && \
+ echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
+ adduser --uid ${NGINX_USER_UID} ${NGINX_USER} && \
+ usermod -a -G root ${NGINX_USER} && \
+ yum clean all && \
+ rm -rf /var/cache/yum
+
+RUN \
+ yum -y install voms zlib pcre readline gettext && \
+ mkdir /pkgs
+
+ADD *.rpm /pkgs/
+
+RUN yum -y localinstall /pkgs/*.rpm && \
+ chmod -R g+rwx /usr/local/openresty-voms/nginx && \
+ mkdir -p /etc/nginx/conf.d
+
+ADD assets/nginx.conf /usr/local/openresty-voms/nginx/conf/nginx.conf
+
+CMD ["/usr/bin/openresty-voms", "-g", "daemon off;"]
+
+ENV TINI_VERSION v0.18.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
+RUN chmod +x /tini
+ENTRYPOINT ["/tini", "--"]
diff --git a/docker/openresty-voms/assets/nginx.conf b/docker/openresty-voms/assets/nginx.conf
new file mode 100644
index 0000000000000000000000000000000000000000..0db096e9f9ff8e562dde8fe4c6e629b96d324b17
--- /dev/null
+++ b/docker/openresty-voms/assets/nginx.conf
@@ -0,0 +1,42 @@
+user nobody;
+worker_processes 1;
+
+env OPENSSL_ALLOW_PROXY_CERTS=1;
+env X509_VOMS_DIR=/vomsdir;
+
+error_log logs/error.log notice;
+
+pid logs/nginx.pid;
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ log_format tls '$time_iso8601 [$request_id] $remote_addr - $remote_user "$request" <$upstream_response_time> '
+ '$ssl_protocol/$ssl_cipher '
+ '"$ssl_client_s_dn" '
+ '[$voms_fqans] '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ log_format plain '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log logs/access.log tls;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ include /etc/nginx/conf.d/*.conf;
+
+}
diff --git a/rpm/make_packaging.sh b/rpm/make_packaging.sh
index fa6106563970d429d72f8eca2dee3abe55de6591..c872aa4a30404295ea75e601e9326ecbb5ed5e10 100644
--- a/rpm/make_packaging.sh
+++ b/rpm/make_packaging.sh
@@ -28,4 +28,4 @@ rpmbuild -ba openresty-voms.spec
cd ~
-tar cvzf rpmbuild.tar.gz rpmbuild
+# tar cvzf rpmbuild.tar.gz rpmbuild