├── .github └── workflows │ ├── docker-legacy.yml │ ├── docker-release.yml │ ├── docker-tag.yml │ └── docker-test.yml ├── Dockerfile ├── README.md └── root └── etc ├── logrotate.d ├── ucrm └── unms └── s6-overlay ├── s6-rc.d ├── init-adduser │ ├── dependencies.d │ │ └── base │ ├── type │ └── up ├── init-permissions │ ├── dependencies.d │ │ └── init-prepare │ ├── type │ └── up ├── init-postgres │ ├── dependencies.d │ │ └── init-permissions │ ├── type │ └── up ├── init-prepare │ ├── dependencies.d │ │ └── init-adduser │ ├── type │ └── up ├── netflow │ ├── dependencies.d │ │ └── postgres │ ├── run │ └── type ├── nginx │ ├── dependencies.d │ │ └── init-permissions │ ├── run │ └── type ├── postgres │ ├── dependencies.d │ │ └── init-postgres │ ├── run │ └── type ├── rabbitmq │ ├── dependencies.d │ │ └── init-permissions │ ├── run │ └── type ├── siridb │ ├── dependencies.d │ │ └── init-permissions │ ├── run │ └── type ├── ucrm │ ├── dependencies.d │ │ └── postgres │ ├── run │ └── type ├── unms │ ├── dependencies.d │ │ └── postgres │ ├── run │ └── type └── user │ └── contents.d │ ├── netflow │ ├── nginx │ ├── rabbitmq │ ├── siridb │ ├── ucrm │ └── unms └── scripts ├── init-adduser ├── init-permissions ├── init-postgres └── init-prepare /.github/workflows/docker-legacy.yml: -------------------------------------------------------------------------------- 1 | #Legacy armhf tag, use latest for all platforms! 2 | name: Docker CI Legacy 3 | 4 | on: 5 | push: 6 | branches: 7 | - master 8 | paths-ignore: 9 | - '**/README.md' 10 | 11 | jobs: 12 | build: 13 | runs-on: self-hosted 14 | steps: 15 | - 16 | name: Checkout 17 | uses: actions/checkout@v2 18 | - 19 | name: Login to DockerHub 20 | run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin 21 | - 22 | name: Build and push Docker image 23 | run: | 24 | docker buildx build \ 25 | --platform linux/arm \ 26 | -t nico640/docker-unms:armhf -f Dockerfile \ 27 | --push --cache-from type=local,src=/tmp/buildx-cache \ 28 | --cache-to type=local,dest=/tmp/buildx-cache . 29 | -------------------------------------------------------------------------------- /.github/workflows/docker-release.yml: -------------------------------------------------------------------------------- 1 | name: Docker CI Release 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths-ignore: 8 | - '**/README.md' 9 | 10 | jobs: 11 | build: 12 | runs-on: self-hosted 13 | steps: 14 | - 15 | name: Checkout 16 | uses: actions/checkout@v2 17 | - 18 | name: Login to DockerHub 19 | run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin 20 | - 21 | name: Build and push Docker image 22 | run: | 23 | docker buildx build \ 24 | --platform linux/amd64,linux/arm64,linux/arm/v7 \ 25 | -t nico640/docker-unms:latest -f Dockerfile \ 26 | --push --cache-from type=local,src=/tmp/buildx-cache \ 27 | --cache-to type=local,dest=/tmp/buildx-cache . 28 | -------------------------------------------------------------------------------- /.github/workflows/docker-tag.yml: -------------------------------------------------------------------------------- 1 | name: Docker CI Tag 2 | 3 | on: 4 | push: 5 | tags: 6 | - '*' 7 | 8 | jobs: 9 | build: 10 | runs-on: self-hosted 11 | steps: 12 | - 13 | name: Checkout 14 | uses: actions/checkout@v2 15 | - 16 | name: Login to DockerHub 17 | run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin 18 | - 19 | name: Build and push Docker image 20 | run: | 21 | docker buildx build \ 22 | --platform linux/amd64,linux/arm64,linux/arm/v7 \ 23 | -t nico640/docker-unms:${GITHUB_REF:10} -f Dockerfile \ 24 | --push --cache-from type=local,src=/tmp/buildx-cache \ 25 | --cache-to type=local,dest=/tmp/buildx-cache . 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-test.yml: -------------------------------------------------------------------------------- 1 | name: Docker CI Test 2 | 3 | on: 4 | push: 5 | branches: 6 | - testing 7 | paths-ignore: 8 | - '**/README.md' 9 | 10 | jobs: 11 | build: 12 | runs-on: self-hosted 13 | steps: 14 | - 15 | name: Checkout 16 | uses: actions/checkout@v2 17 | - 18 | name: Login to DockerHub 19 | run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin 20 | - 21 | name: Build and push Docker image 22 | run: | 23 | docker buildx build \ 24 | --platform linux/amd64,linux/arm64,linux/arm/v7 \ 25 | -t nico640/docker-unms:testing -f Dockerfile \ 26 | --push --cache-from type=local,src=/tmp/buildx-cache \ 27 | --cache-to type=local,dest=/tmp/buildx-cache . 28 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 ubnt/unms:2.4.206 as unms 2 | FROM --platform=linux/amd64 ubnt/unms-nginx:2.4.206 as unms-nginx 3 | FROM --platform=linux/amd64 ubnt/unms-netflow:2.4.206 as unms-netflow 4 | FROM --platform=linux/amd64 ubnt/unms-crm:4.4.31 as unms-crm 5 | FROM --platform=linux/amd64 ubnt/unms-siridb:2.4.206 as unms-siridb 6 | FROM --platform=linux/amd64 ubnt/unms-postgres:2.4.206 as unms-postgres 7 | FROM rabbitmq:3.7.28-alpine as rabbitmq 8 | FROM node:12.18.4-alpine3.12 as node-old 9 | 10 | FROM nico640/s6-alpine-node:16.20.0-3.17-2 11 | ARG TARGETARCH 12 | 13 | # base deps postgres 13, certbot 14 | RUN set -x \ 15 | && apk upgrade --no-cache \ 16 | && apk add --no-cache certbot gzip bash vim dumb-init openssl libcap sudo \ 17 | pcre pcre2 yajl gettext coreutils make argon2-libs jq vips tar xz \ 18 | libzip gmp icu c-client supervisor libuv su-exec postgresql13 postgresql13-client \ 19 | postgresql13-contrib gnu-libiconv git libsodium 20 | 21 | # start unms # 22 | WORKDIR /home/app/unms 23 | 24 | # copy unms app from offical image since the source code is not published at this time 25 | COPY --from=unms /home/app/unms /home/app/unms 26 | 27 | ENV LIBVIPS_VERSION=8.12.2 28 | 29 | RUN apk add --no-cache --virtual .build-deps python3 g++ vips-dev glib-dev \ 30 | && mkdir -p /tmp/src /home/app/unms/tmp && cd /tmp/src \ 31 | && wget -q https://github.com/libvips/libvips/releases/download/v${LIBVIPS_VERSION}/vips-${LIBVIPS_VERSION}.tar.gz -O libvips.tar.gz \ 32 | && tar -zxvf libvips.tar.gz \ 33 | && cd /tmp/src/vips-${LIBVIPS_VERSION} && ./configure \ 34 | && make && make install \ 35 | && cd /home/app/unms \ 36 | && mv node_modules/@ubnt/* tmp/ \ 37 | && sed -i 's#"@ubnt/images": ".*"#"@ubnt/images": "file:../images"#g' tmp/ui-components/package.json \ 38 | && sed -i 's#"@ubnt/icons": ".*"#"@ubnt/icons": "file:../icons"#g' tmp/ui-components/package.json \ 39 | && sed -i 's#"@ubnt/icons-5": ".*"#"@ubnt/icons-5": "file:../icons-5"#g' tmp/ui-components/package.json \ 40 | && sed -i 's#"@ubnt/icons": ".*"#"@ubnt/icons": "file:../icons"#g' tmp/link-core/package.json \ 41 | && sed -i 's#"@ubnt/icons-5": ".*"#"@ubnt/icons-5": "file:../icons-5"#g' tmp/link-core/package.json \ 42 | && sed -i 's#"@ubnt/ui-components": ".*"#"@ubnt/ui-components": "file:../ui-components"#g' tmp/link-core/package.json \ 43 | && sed -i 's#"@ubnt/link-core": ".*"#"@ubnt/link-core": "file:./tmp/link-core"#g' package.json \ 44 | && sed -i '$i,"resolutions": { "cheerio": "1.0.0-rc.5" }' package.json \ 45 | && rm -rf node_modules \ 46 | && CHILD_CONCURRENCY=1 yarn install --production --no-cache --ignore-engines --network-timeout 100000 \ 47 | && yarn cache clean \ 48 | && apk del .build-deps \ 49 | && rm -rf /var/cache/apk/* tmp /tmp/src \ 50 | && setcap cap_net_raw=pe /usr/local/bin/node 51 | 52 | COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh 53 | RUN chmod +x /usr/local/bin/docker-entrypoint.sh 54 | # end unms # 55 | 56 | # start unms-netflow # 57 | WORKDIR /home/app/netflow 58 | 59 | COPY --from=unms-netflow /home/app /home/app/netflow 60 | COPY --from=node-old /usr/local/bin/node /home/app/netflow/node-old 61 | 62 | RUN rm -rf node_modules \ 63 | && apk add --no-cache --virtual .build-deps python3 g++ \ 64 | && yarn install --frozen-lockfile --production --no-cache --ignore-engines \ 65 | && yarn cache clean \ 66 | && apk del .build-deps \ 67 | && rm -rf /var/cache/apk/* \ 68 | && rm -rf .node-gyp 69 | # end unms-netflow # 70 | 71 | # start unms-crm # 72 | RUN mkdir -p /usr/src/ucrm \ 73 | && mkdir -p /tmp/crontabs \ 74 | && mkdir -p /usr/local/etc/php/conf.d \ 75 | && mkdir -p /usr/local/etc/php-fpm.d \ 76 | && mkdir -p /tmp/supervisor.d \ 77 | && mkdir -p /tmp/supervisord 78 | 79 | COPY --from=unms-crm --chown=911:911 /usr/src/ucrm /usr/src/ucrm 80 | COPY --from=unms-crm --chown=911:911 /data /data 81 | COPY --from=unms-crm /usr/local/bin/crm* /usr/local/bin/ 82 | COPY --from=unms-crm /usr/local/bin/docker* /usr/local/bin/ 83 | COPY --from=unms-crm /tmp/crontabs/server /tmp/crontabs/server 84 | COPY --from=unms-crm /tmp/supervisor.d /tmp/supervisor.d 85 | COPY --from=unms-crm /tmp/supervisord /tmp/supervisord 86 | 87 | RUN grep -lr "nginx:nginx" /usr/src/ucrm/ | xargs sed -i 's/nginx:nginx/unms:unms/g' \ 88 | && grep -lr "su-exec nginx" /usr/src/ucrm/ | xargs sed -i 's/su-exec nginx/su-exec unms/g' \ 89 | && grep -lr "su-exec nginx" /tmp/ | xargs sed -i 's/su-exec nginx/su-exec unms/g' \ 90 | && sed -i "s#unixUser='nginx'#unixUser='unms'#g" /usr/src/ucrm/scripts/unms_ready.sh \ 91 | && sed -i 's#chmod -R 775 /data/log/var/log#chmod -R 777 /data/log/var/log#g' /usr/src/ucrm/scripts/dirs.sh \ 92 | && sed -i 's#rm -rf /var/log#mv /var/log /data/log/var#g' /usr/src/ucrm/scripts/dirs.sh \ 93 | && sed -i 's#LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 48 | head -n 1 || true#head /dev/urandom | tr -dc A-Za-z0-9 | head -c 48#g' \ 94 | /usr/src/ucrm/scripts/parameters.sh \ 95 | && sed -i '/\[program:nginx]/,+10d' /tmp/supervisor.d/server.ini \ 96 | && sed -i "s#http://localhost/%s#http://localhost:9081/%s#g" /usr/src/ucrm/src/AppBundle/Service/LocalUrlGenerator.php \ 97 | && sed -i "s#'localhost', '127.0.0.1'#'localhost:9081', '127.0.0.1:9081'#g" /usr/src/ucrm/src/AppBundle/Util/Helpers.php \ 98 | && sed -i "s#crm-extra-programs-enabled && run-parts /etc/periodic/daily#run-parts /etc/periodic/daily#g" /tmp/crontabs/server 99 | # end unms-crm # 100 | 101 | # start openresty # 102 | ENV OPEN_RESTY_VERSION=openresty-1.21.4.2 103 | 104 | WORKDIR /tmp/src 105 | 106 | RUN apk add --no-cache --virtual .build-deps gcc g++ pcre-dev openssl-dev zlib-dev perl ccache \ 107 | && export CC="ccache gcc -fdiagnostics-color=always -g3" \ 108 | && curl -SL https://openresty.org/download/${OPEN_RESTY_VERSION}.tar.gz | tar xvz \ 109 | && cd /tmp/src/${OPEN_RESTY_VERSION} && ./configure \ 110 | --prefix="/usr/local/openresty" \ 111 | --with-cc='ccache gcc -fdiagnostics-color=always -g3' \ 112 | --with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC" \ 113 | --with-pcre-jit \ 114 | --without-http_rds_json_module \ 115 | --without-http_rds_csv_module \ 116 | --without-lua_rds_parser \ 117 | --with-stream \ 118 | --with-stream_ssl_module \ 119 | --with-stream_ssl_preread_module \ 120 | --with-http_v2_module \ 121 | --without-mail_pop3_module \ 122 | --without-mail_imap_module \ 123 | --without-mail_smtp_module \ 124 | --with-http_stub_status_module \ 125 | --with-http_realip_module \ 126 | --with-http_addition_module \ 127 | --with-http_auth_request_module \ 128 | --with-http_secure_link_module \ 129 | --with-http_random_index_module \ 130 | --with-http_gzip_static_module \ 131 | --with-http_sub_module \ 132 | --with-http_dav_module \ 133 | --with-http_flv_module \ 134 | --with-http_mp4_module \ 135 | --with-http_gunzip_module \ 136 | --with-threads \ 137 | --with-compat \ 138 | --with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT' \ 139 | -j$(nproc) \ 140 | && make -j$(nproc) \ 141 | && make install \ 142 | && apk del .build-deps \ 143 | && rm -rf /tmp/src /var/cache/apk/* \ 144 | && echo "unms ALL=(ALL) NOPASSWD: /usr/local/openresty/nginx/sbin/nginx -s *" >> /etc/sudoers \ 145 | && echo "unms ALL=(ALL) NOPASSWD: /bin/cat *" >> /etc/sudoers \ 146 | && echo "unms ALL=(ALL) NOPASSWD:SETENV: /refresh-configuration.sh *" >> /etc/sudoers 147 | 148 | COPY --from=unms-crm /etc/nginx/available-servers /usr/local/openresty/nginx/conf/ucrm 149 | COPY --from=unms-postgres /usr/local/bin/migrate.sh / 150 | COPY --from=unms-nginx /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /openssl.cnf /ip-whitelist.sh / 151 | COPY --from=unms-nginx /usr/local/openresty/nginx/templates /usr/local/openresty/nginx/templates 152 | COPY --from=unms-nginx /www/public /www/public 153 | 154 | RUN chmod +x /entrypoint.sh /refresh-certificate.sh /refresh-configuration.sh /ip-whitelist.sh /migrate.sh \ 155 | && sed -i 's#NEW_BIN_DIR="/usr/local/bin"#NEW_BIN_DIR="/usr/bin"#g' /migrate.sh \ 156 | && sed -i "s#-c listen_addresses=''#-c listen_addresses='' -p 50432#g" /migrate.sh \ 157 | && sed -i "s#80#9081#g" /usr/local/openresty/nginx/conf/ucrm/ucrm.conf \ 158 | && sed -i "s#81#9082#g" /usr/local/openresty/nginx/conf/ucrm/suspended_service.conf \ 159 | && sed -i '/conf;/a \ \ include /usr/local/openresty/nginx/conf/ucrm/*.conf;' /usr/local/openresty/nginx/templates/nginx.conf.template \ 160 | && grep -lr "location /nms/ " /usr/local/openresty/nginx/templates | xargs sed -i "s#location /nms/ #location /nms #g" \ 161 | && grep -lr "location /crm/ " /usr/local/openresty/nginx/templates | xargs sed -i "s#location /crm/ #location /crm #g" 162 | # end openresty # 163 | 164 | # start php # 165 | ENV PHP_VERSION=php-8.1.31 166 | 167 | WORKDIR /tmp/src 168 | 169 | RUN set -x \ 170 | && apk add --no-cache --virtual .build-deps autoconf dpkg-dev dpkg file g++ gcc libc-dev make pkgconf re2c gnu-libiconv-dev \ 171 | argon2-dev coreutils curl-dev libsodium-dev libxml2-dev linux-headers oniguruma-dev openssl-dev readline-dev sqlite-dev \ 172 | && curl -SL https://www.php.net/get/${PHP_VERSION}.tar.xz/from/this/mirror -o php.tar.xz \ 173 | && tar -xvf php.tar.xz \ 174 | && cp php.tar.xz /usr/src \ 175 | && export CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" \ 176 | && export CPPFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" \ 177 | && export LDFLAGS="-Wl,-O1 -pie" \ 178 | && cd /tmp/src/${PHP_VERSION} && ./configure \ 179 | --with-config-file-path="/usr/local/etc/php" \ 180 | --with-config-file-scan-dir="/usr/local/etc/php/conf.d" \ 181 | --enable-option-checking=fatal \ 182 | --with-mhash \ 183 | --with-pic \ 184 | --enable-ftp \ 185 | --enable-mbstring \ 186 | --enable-mysqlnd \ 187 | --with-password-argon2 \ 188 | --with-sodium=shared \ 189 | --with-pdo-sqlite=/usr \ 190 | --with-sqlite3=/usr \ 191 | --with-curl \ 192 | --with-iconv=/usr \ 193 | --with-openssl \ 194 | --with-readline \ 195 | --with-zlib \ 196 | --disable-phpdbg \ 197 | --with-pear \ 198 | --disable-cgi \ 199 | --enable-fpm \ 200 | --with-fpm-user=www-data \ 201 | --with-fpm-group=www-data \ 202 | $([ $TARGETARCH = "arm" ] && echo "--host=arm-unknown-linux-musleabihf --disable-opcache-jit") \ 203 | && make -j $(nproc) \ 204 | && make install \ 205 | && apk del .build-deps \ 206 | && rm -rf /tmp/src /var/cache/apk/* 207 | # end php # 208 | 209 | # start php plugins / composer # 210 | ENV PHP_INI_DIR=/usr/local/etc/php \ 211 | SYMFONY_ENV=prod 212 | 213 | COPY --from=unms-crm /usr/local/etc/php/php.ini /usr/local/etc/php/ 214 | COPY --from=unms-crm /usr/local/etc/php-fpm.conf /usr/local/etc/ 215 | COPY --from=unms-crm /usr/local/etc/php-fpm.d /usr/local/etc/php-fpm.d 216 | 217 | RUN apk add --no-cache --virtual .build-deps autoconf dpkg-dev dpkg file g++ gcc libc-dev make pkgconf re2c \ 218 | bzip2-dev freetype-dev libjpeg-turbo-dev libpng-dev libwebp-dev libzip-dev gmp-dev icu-dev \ 219 | libxml2-dev postgresql-dev \ 220 | && docker-php-source extract \ 221 | && cd /usr/src/php \ 222 | && pecl channel-update pecl.php.net \ 223 | && echo '' | pecl install apcu ds \ 224 | && docker-php-ext-enable apcu ds sodium \ 225 | && docker-php-ext-configure gd \ 226 | --enable-gd \ 227 | --with-freetype=/usr/include/ \ 228 | --with-webp=/usr/include/ \ 229 | --with-jpeg=/usr/include/ \ 230 | && docker-php-ext-install -j$(nproc) bcmath bz2 exif gd gmp intl opcache \ 231 | pdo_pgsql soap sockets sysvmsg sysvsem sysvshm zip \ 232 | && curl -sS https://getcomposer.org/installer | php -- \ 233 | --install-dir=/usr/bin --filename=composer \ 234 | && cd /usr/src/ucrm \ 235 | && composer install \ 236 | --classmap-authoritative \ 237 | --no-dev --no-interaction \ 238 | && app/console assets:install --symlink web \ 239 | && composer clear-cache \ 240 | && rm /usr/bin/composer \ 241 | && docker-php-source delete \ 242 | && apk del .build-deps \ 243 | && rm -rf /var/cache/apk/* \ 244 | && sed -i 's#nginx#unms#g' /usr/local/etc/php-fpm.d/zz-docker.conf 245 | # end php plugins / composer # 246 | 247 | # start siridb # 248 | COPY --from=unms-siridb /etc/siridb/siridb.conf /etc/siridb/siridb.conf 249 | 250 | ENV SIRIDB_VERSION=2.0.51 251 | 252 | RUN set -x \ 253 | && [ $TARGETARCH = "arm" ] && export LIBCLERI_VERSION=0.12.2 || export LIBCLERI_VERSION=1.0.2 \ 254 | && apk add --no-cache --virtual .build-deps gcc make libuv-dev musl-dev pcre2-dev yajl-dev util-linux-dev \ 255 | && mkdir -p /tmp/src && cd /tmp/src \ 256 | && curl -SL https://github.com/cesbit/libcleri/archive/$([[ $LIBCLERI_VERSION != 0* ]] && echo "v" )${LIBCLERI_VERSION}.tar.gz | tar xvz \ 257 | && curl -SL https://github.com/siridb/siridb-server/archive/${SIRIDB_VERSION}.tar.gz | tar xvz \ 258 | && cd /tmp/src/libcleri-${LIBCLERI_VERSION}/Release \ 259 | && make all -j $(nproc) && make install \ 260 | && cd /tmp/src/siridb-server-${SIRIDB_VERSION}/Release \ 261 | && make clean && make -j $(nproc) && make install \ 262 | && apk del .build-deps \ 263 | && rm -rf /tmp/src \ 264 | && rm -rf /var/cache/apk/* 265 | # end siridb # 266 | 267 | # start rabbitmq # 268 | COPY --from=rabbitmq /var/lib/rabbitmq/ /var/lib/rabbitmq/ 269 | COPY --from=rabbitmq /etc/rabbitmq/ /etc/rabbitmq/ 270 | COPY --from=rabbitmq /opt/rabbitmq/ /opt/rabbitmq/ 271 | COPY --from=rabbitmq /usr/local/lib/erlang/ /usr/local/lib/erlang/ 272 | COPY --from=rabbitmq /usr/local/bin/ct_run /usr/local/bin/dialyzer /usr/local/bin/e* /usr/local/bin/run_erl /usr/local/bin/t* /usr/local/bin/ 273 | # end rabbitmq # 274 | 275 | WORKDIR /home/app/unms 276 | 277 | ENV PATH=$PATH:/home/app/unms/node_modules/.bin:/opt/rabbitmq/sbin:/usr/local/openresty/bin \ 278 | QUIET_MODE=0 \ 279 | PUBLIC_HTTPS_PORT=443 \ 280 | PUBLIC_WS_PORT=443 \ 281 | HTTP_PORT=80 \ 282 | HTTPS_PORT=443 283 | 284 | EXPOSE 80 443 2055/udp 285 | 286 | VOLUME ["/config"] 287 | 288 | COPY root / 289 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![GitHub Release](https://img.shields.io/github/v/release/Nico640/docker-unms?style=flat-square)](https://github.com/nico640/docker-unms/releases) 2 | [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/nico640/docker-unms/docker-release.yml?branch=master&style=flat-square)](https://github.com/Nico640/docker-unms/actions/workflows/docker-release.yml) 3 | 4 | # Docker UISP (formerly UNMS) 5 | 6 | This is an all-in-one Docker image for running the [Ubiquiti Network Management System](https://uisp.ui.com/). This image contains all the components required to run [UISP](https://uisp.ui.com/) in a single container and uses the [s6-overlay](https://github.com/just-containers/s6-overlay) for process management. 7 | 8 | This image will run on most platforms that support Docker including [Docker for Mac](https://www.docker.com/docker-mac), [Docker for Windows](https://www.docker.com/docker-windows), Synology DSM and Raspberry Pi boards. 9 | 10 | ## Usage 11 | 12 | ```shell 13 | docker run \ 14 | -p 80:80 \ 15 | -p 443:443 \ 16 | -p 2055:2055/udp \ 17 | -e TZ= \ 18 | -v :/config \ 19 | nico640/docker-unms:latest 20 | ``` 21 | 22 | ## Raspberry Pi / ARM 23 | 24 | This image will also allow you to run [UISP](https://uisp.ui.com/) on a Raspberry Pi or other Docker-enabled ARMv7/8 devices. 25 | 26 | ``` 27 | docker run -d --name unms -p 80:80 -p 443:443 -p 2055:2055/udp -v :/config nico640/docker-unms:latest 28 | ``` 29 | 30 | ## Parameters 31 | 32 | The parameters are split into two halves, separated by a colon, the left hand side representing the host and the right the container side. 33 | 34 | * `-v :/config` - The persistent data location, the database, certs and logs will be stored here 35 | * `-p 80:80` - Expose the HTTP web server port on the docker host 36 | * `-p 443:443` - Expose the HTTPS and WSS web server port on the docker host 37 | * `-p 2055:2055/udp` - Expose the Netflow port on the docker host 38 | * `-e TZ` - for [timezone information](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) e.g. `-e TZ=Europe/London` 39 | 40 | *Optional Settings:* 41 | 42 | * `-e DEMO=false` - Enable UISP demo mode 43 | * `-e PUBLIC_HTTPS_PORT=443` - This should match the HTTPS port your are exposing to on the docker host 44 | * `-e PUBLIC_WS_PORT=443` - This should match the HTTPS port your are exposing to on the docker host 45 | * `-e HTTPS_PORT=443` - Sets the HTTPS port the container's webserver is listening on 46 | * `-e HTTP_PORT=80` - Set ths HTTP port the container's webserver is listening on 47 | * `-e SSL_CERT=` - Filename of custom SSL certificate in /config/usercert/ 48 | * `-e SSL_CERT_KEY=` - Filename of custom SSL key in /config/usercert/ 49 | * `-e PUID=911` - User ID of the container user 50 | * `-e PGID=911` - Group ID of the container user 51 | 52 | ## Limitations 53 | 54 | The Docker image, nico640/docker-unms, is not maintained by or affiliated with Ubiquiti Networks. You should not expect any support from Ubiquiti when running UISP (formerly UNMS) using this image. 55 | 56 | * In-app upgrades will not work. You can upgrade UISP by downloading the latest version of this image. 57 | 58 | ## Docker Compose 59 | 60 | ```yml 61 | version: '2' 62 | services: 63 | unms: 64 | image: nico640/docker-unms:latest 65 | restart: always 66 | ports: 67 | - 80:80 68 | - 443:443 69 | - 2055:2055/udp 70 | environment: 71 | - TZ=Australia/Sydney 72 | volumes: 73 | - ./volumes/unms:/config 74 | ``` 75 | -------------------------------------------------------------------------------- /root/etc/logrotate.d/ucrm: -------------------------------------------------------------------------------- 1 | /data/log/ucrm/app/logs/*log { 2 | rotate 14 3 | daily 4 | maxsize 10M 5 | compress 6 | missingok 7 | notifempty 8 | copytruncate 9 | su unms unms 10 | create 775 unms unms 11 | } 12 | 13 | /data/log/ucrm/nginx/*log /data/log/ucrm/php/*log /data/log/ucrm/letsencrypt/*log { 14 | rotate 14 15 | daily 16 | maxsize 10M 17 | compress 18 | missingok 19 | notifempty 20 | copytruncate 21 | su root root 22 | create 775 root root 23 | } 24 | -------------------------------------------------------------------------------- /root/etc/logrotate.d/unms: -------------------------------------------------------------------------------- 1 | /config/unms/logs/*.log { 2 | size 10M 3 | copytruncate 4 | missingok 5 | rotate 7 6 | compress 7 | delaycompress 8 | } -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-adduser/dependencies.d/base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/init-adduser/dependencies.d/base -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-adduser/type: -------------------------------------------------------------------------------- 1 | oneshot -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-adduser/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/scripts/init-adduser -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-permissions/dependencies.d/init-prepare: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/init-permissions/dependencies.d/init-prepare -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-permissions/type: -------------------------------------------------------------------------------- 1 | oneshot -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-permissions/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/scripts/init-permissions -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-postgres/dependencies.d/init-permissions: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/init-postgres/dependencies.d/init-permissions -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-postgres/type: -------------------------------------------------------------------------------- 1 | oneshot -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-postgres/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/scripts/init-postgres -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-prepare/dependencies.d/init-adduser: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/init-prepare/dependencies.d/init-adduser -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-prepare/type: -------------------------------------------------------------------------------- 1 | oneshot -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-prepare/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/scripts/init-prepare -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/netflow/dependencies.d/postgres: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/netflow/dependencies.d/postgres -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/netflow/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | export HOME=/home/app 4 | export HTTP_PORT=8081 5 | export WS_PORT=8082 6 | export WS_SHELL_PORT=8083 7 | export UNMS_RABBITMQ_HOST=127.0.0.1 8 | export UNMS_RABBITMQ_PORT=5672 9 | export UNMS_PG_HOST=127.0.0.1 10 | export UNMS_PG_PORT=5432 11 | export UNMS_FLUENTD_HOST=127.0.0.1 12 | export UNMS_FLUENTD_PORT=8081 13 | export UNMS_NETFLOW_PORT=2055 14 | export UNMS_NGINX_HOST=127.0.0.1 15 | export UNMS_NGINX_PORT=12345 16 | export NODE_ENV=production 17 | export PATH=$PATH:/home/app/unms/node_modules/.bin:/opt/rabbitmq/sbin 18 | 19 | echo "Waiting for rabbitmq to start..." 20 | /opt/rabbitmq/sbin/rabbitmqctl wait /var/lib/rabbitmq/mnesia/rabbit@$(hostname).pid 21 | 22 | # wait for postgres to come up 23 | until pg_isready; do 24 | echo "Waiting for postgres to come up..." 25 | sleep 3 26 | done 27 | 28 | echo "Starting unms-netflow..." 29 | 30 | if [ "$QUIET_MODE" = "1" ]; then 31 | echo "Starting Netflow in quiet mode..." 32 | s6-setuidgid unms /home/app/netflow/node-old /home/app/netflow/index.js >> /config/unms/logs/unms.log 2>&1 33 | 34 | else 35 | s6-setuidgid unms /home/app/netflow/node-old /home/app/netflow/index.js 2>&1 | tee -a /config/unms/logs/unms.log 36 | fi 37 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/netflow/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-permissions: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-permissions -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/nginx/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | export UNMS_HTTP_PORT=8081 4 | export UNMS_WS_PORT=8082 5 | export UNMS_WS_SHELL_PORT=8083 6 | export UNMS_WS_API_PORT=8084 7 | export UNMS_HOST=127.0.0.1 8 | export UCRM_HOST=127.0.0.1 9 | export UCRM_HTTP_PORT=9081 10 | export UCRM_SUSPEND_PORT=9082 11 | export OPEN_RESTY_DIR=/usr/local/openresty 12 | export PATH=$PATH:/usr/local/openresty/bin 13 | . /sharedenv 14 | 15 | echo "Starting nginx..." 16 | 17 | # Run entrypoint 18 | cd / 19 | /entrypoint.sh 20 | 21 | # Fix permissions 22 | chown -R unms:unms /cert /config/cert 23 | 24 | s6-setuidgid root /usr/local/openresty/bin/openresty -g "daemon off;" 25 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/nginx/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/postgres/dependencies.d/init-postgres: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/postgres/dependencies.d/init-postgres -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/postgres/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv bash 2 | 3 | export PGDATA=/config/postgres 4 | 5 | echo "Starting postgres..." 6 | 7 | if [ -f "${PGDATA}/PG_VERSION" ] && [ $(cat "${PGDATA}/PG_VERSION" || echo "") == "9.6" ]; then 8 | echo "You are trying to update from a UISP version older than 1.4.0, which is not supported. Please update to a version prior to 2.4.0 first, ideally one major version at a time." 9 | exit 1 10 | fi 11 | 12 | s6-setuidgid unms postgres 13 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/postgres/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/rabbitmq/dependencies.d/init-permissions: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/rabbitmq/dependencies.d/init-permissions -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/rabbitmq/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | export HOME=/var/lib/rabbitmq 4 | export PATH=$PATH:/opt/rabbitmq/sbin 5 | 6 | # Limit max open file descriptors or else RabbitMQ wont't start (#96) 7 | [ $(ulimit -n) -gt 65536 ] && ulimit -n 65536 8 | 9 | echo "Starting rabbitmq-server..." 10 | s6-setuidgid unms rabbitmq-server 11 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/rabbitmq/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/siridb/dependencies.d/init-permissions: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/siridb/dependencies.d/init-permissions -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/siridb/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | echo "Starting siridb-server..." 4 | s6-setuidgid unms siridb-server 5 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/siridb/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/ucrm/dependencies.d/postgres: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/ucrm/dependencies.d/postgres -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/ucrm/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | export TERM=xterm 4 | export POSTGRES_USER=ucrm 5 | export POSTGRES_DB=unms 6 | export POSTGRES_PASSWORD=ucrm 7 | export POSTGRES_HOST=127.0.0.1 8 | export POSTGRES_HOST_BOUNCER=127.0.0.1 9 | export POSTGRES_PORT=5432 10 | export POSTGRES_PORT_BOUNCER=5432 11 | export POSTGRES_SCHEMA=ucrm 12 | export UNMS_POSTGRES_SCHEMA=unms 13 | export MAILER_HOST=127.0.0.1 14 | export MAILER_USERNAME=null 15 | export MAILER_PASSWORD=null 16 | export MAILER_AUTH_MODE=null 17 | export MAILER_ENCRYPTION=null 18 | export MAILER_PORT=null 19 | export MAILER_TRANSPORT=smtp 20 | export RABBITMQ_HOST=127.0.0.1 21 | export RABBITMQ_PORT=5672 22 | export RABBITMQ_USER=guest 23 | export RABBITMQ_PASSWORD=guest 24 | export NETFLOW_HOST=127.0.0.1 25 | export NETFLOW_PORT=2055 26 | export SYMFONY_ENV=prod 27 | export FORCE_HTTPS=1 28 | export TRUSTED_PROXIES=all 29 | export UCRM_USERNAME=null 30 | export UCRM_PASSWORD=null 31 | export UCRM_DISK_USAGE_DIRECTORY=/ 32 | export UAS_INSTALLATION= 33 | export NGINX_VERSION=1.14.2 34 | export PGBOUNCER_VERSION=1.10.0 35 | export UNMS_HOST=127.0.0.1 36 | export UNMS_PORT=8081 37 | export UNMS_VERSION=2.4.206 38 | export SUSPEND_PORT=9082 39 | export CLOUD=0 40 | export CLOUD_SMTP_PORT=null 41 | export CLOUD_SMTP_USERNAME=null 42 | export CLOUD_SMTP_PASSWORD=null 43 | export CLOUD_SMTP_HOSTNAME=null 44 | export CLOUD_SMTP_TLS_ALLOW_UNAUTHORIZED=null 45 | export CLOUD_SMTP_SECURITY_MODE=null 46 | export CLOUD_MAPS_API_KEY=null 47 | export NODE_ENV=production 48 | . /sharedenv 49 | 50 | # wait for postgres to come up 51 | until pg_isready; do 52 | echo "Waiting for postgres to come up..." 53 | sleep 3 54 | done 55 | 56 | if [ "$QUIET_MODE" = "1" ]; then 57 | echo "Starting UCRM in quiet mode..." 58 | cd /usr/src/ucrm 59 | s6-setuidgid root make server_with_migrate >> /config/unms/logs/ucrm.log 2>&1 60 | 61 | printf "\n\nUCRM exited, last 100 lines of log:\n\n" 62 | tail -n 100 /config/unms/logs/ucrm.log 63 | else 64 | cd /usr/src/ucrm 65 | s6-setuidgid root make server_with_migrate 2>&1 | tee -a /config/unms/logs/ucrm.log 66 | fi 67 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/ucrm/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/unms/dependencies.d/postgres: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/unms/dependencies.d/postgres -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/unms/run: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | export HOME=/home/app 4 | export HTTP_PORT=8081 5 | export WS_PORT=8082 6 | export WS_SHELL_PORT=8083 7 | export UNMS_RABBITMQ_HOST=127.0.0.1 8 | export UNMS_RABBITMQ_PORT=5672 9 | export UNMS_SIRIDB_HOST=127.0.0.1 10 | export UNMS_SIRIDB_PORT=9000 11 | export UNMS_PG_HOST=127.0.0.1 12 | export UNMS_PG_PORT=5432 13 | export UNMS_PG_USER=unms 14 | export UNMS_PG_PASSWORD=unms 15 | export UNMS_PG_SCHEMA=unms 16 | export UNMS_PG_DB=unms 17 | export UNMS_FLUENTD_HOST=127.0.0.1 18 | export UNMS_FLUENTD_PORT=8081 19 | export UNMS_NGINX_HOST=127.0.0.1 20 | export UNMS_NGINX_PORT=12345 21 | export UNMS_NETFLOW_PORT=2055 22 | export UCRM_HOST=127.0.0.1 23 | export UCRM_PORT=9081 24 | export UCRM_PG_USER=ucrm 25 | export UCRM_PG_SCHEMA=ucrm 26 | export UCRM_PG_PASSWORD=ucrm 27 | export NODE_ENV=production 28 | export CLUSTER_SIZE=auto 29 | export USE_LOCAL_DISCOVERY=true 30 | export PATH=$PATH:/home/app/unms/node_modules/.bin 31 | export UISP_PATH=/home/app/unms 32 | . /sharedenv 33 | 34 | # wait for postgres to come up 35 | until pg_isready; do 36 | echo "Waiting for postgres to come up..." 37 | sleep 3 38 | done 39 | 40 | # Create postgres database if it does not exist 41 | psql -U postgres -lqt | cut -d \| -f 1 | grep -qw $UNMS_PG_DB 42 | if [ $? -ne 0 ]; then 43 | echo "Creating database..." 44 | createdb -U postgres -O postgres $UNMS_PG_DB 45 | fi 46 | 47 | # Migrate database 48 | psql -U postgres -d $UNMS_PG_DB -qt -c "SELECT schema_name FROM information_schema.schemata" | cut -d \| -f 1 | grep -qw $UNMS_PG_SCHEMA 49 | if [ $? -ne 0 ]; then 50 | echo "Migrating database..." 51 | # Create user unms 52 | psql -U postgres -d $UNMS_PG_DB -c "CREATE USER $UNMS_PG_USER SUPERUSER PASSWORD '$UNMS_PG_PASSWORD'" 53 | psql -U postgres -d $UNMS_PG_DB -c "GRANT ALL PRIVILEGES ON DATABASE $UNMS_PG_DB TO $UNMS_PG_USER" 54 | # Create user ucrm 55 | psql -U postgres -d $UNMS_PG_DB -c "CREATE USER $UCRM_PG_USER SUPERUSER PASSWORD '$UCRM_PG_PASSWORD'" 56 | psql -U postgres -d $UNMS_PG_DB -c "GRANT ALL PRIVILEGES ON DATABASE $UNMS_PG_DB TO $UCRM_PG_USER" 57 | # Rename schema public to unms 58 | psql -U postgres -d $UNMS_PG_DB -c "ALTER SCHEMA public RENAME TO $UNMS_PG_SCHEMA" 59 | # Create new schemas 60 | psql -U postgres -d $UNMS_PG_DB -c "CREATE SCHEMA IF NOT EXISTS public" 61 | psql -U postgres -d $UNMS_PG_DB -c "CREATE SCHEMA IF NOT EXISTS $UCRM_PG_SCHEMA" 62 | # Change search paths 63 | psql -U postgres -d $UNMS_PG_DB -c "ALTER USER $UNMS_PG_USER SET search_path = $UNMS_PG_SCHEMA,public" 64 | psql -U postgres -d $UNMS_PG_DB -c "ALTER USER $UCRM_PG_USER SET search_path = $UCRM_PG_SCHEMA,public" 65 | # Change schema owners 66 | psql -U postgres -d $UNMS_PG_DB -c "ALTER SCHEMA $UNMS_PG_SCHEMA OWNER TO $UNMS_PG_USER" 67 | psql -U postgres -d $UNMS_PG_DB -c "ALTER SCHEMA $UCRM_PG_SCHEMA OWNER TO $UCRM_PG_USER" 68 | fi 69 | 70 | # Migrate extensions 71 | psql -U postgres -d $UNMS_PG_DB -qt -c "\df" | cut -d \| -f 2 | grep -qw "uuid_generate_v4" 72 | if [ $? -ne 0 ]; then 73 | echo "Migrating extensions..." 74 | extensions="$(psql -U postgres -d $UNMS_PG_DB -qt -c "SELECT extname FROM pg_extension WHERE extname != 'plpgsql'")" 75 | for extension in ${extensions}; do 76 | psql -U postgres -d $UNMS_PG_DB -c "ALTER EXTENSION \"${extension}\" SET SCHEMA public" 77 | done 78 | fi 79 | 80 | if [ "$QUIET_MODE" = "1" ]; then 81 | echo "Starting UNMS in quiet mode..." 82 | cd /home/app/unms 83 | s6-setuidgid unms docker-entrypoint.sh /home/app/unms/index.js >> /config/unms/logs/unms.log 2>&1 84 | 85 | printf "\n\nUNMS exited, last 100 lines of log:\n\n" 86 | tail -n 100 /config/unms/logs/unms.log 87 | else 88 | cd /home/app/unms 89 | s6-setuidgid unms docker-entrypoint.sh /home/app/unms/index.js 2>&1 | tee -a /config/unms/logs/unms.log 90 | fi 91 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/unms/type: -------------------------------------------------------------------------------- 1 | longrun -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/netflow: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/user/contents.d/netflow -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/user/contents.d/nginx -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/rabbitmq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/user/contents.d/rabbitmq -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/siridb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/user/contents.d/siridb -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/ucrm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/user/contents.d/ucrm -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/unms: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Nico640/docker-unms/bb1794a59b5692219acc019ef30260ae61872aa7/root/etc/s6-overlay/s6-rc.d/user/contents.d/unms -------------------------------------------------------------------------------- /root/etc/s6-overlay/scripts/init-adduser: -------------------------------------------------------------------------------- 1 | #!/command/with-contenv sh 2 | 3 | PUID=${PUID:-911} 4 | PGID=${PGID:-911} 5 | 6 | EXISTGID=$(getent group $PGID | cut -d: -f1) 7 | EXISTUID=$(getent passwd $PUID | cut -d: -f1) 8 | 9 | [ -z "$EXISTGID" ] && addgroup -g "$PGID" unms || groupmod -n unms $EXISTGID 10 | [ -z "$EXISTUID" ] && adduser -D -u "$PUID" -G unms unms || usermod -l unms -aG unms $EXISTUID 11 | 12 | 13 | echo " 14 | ------------------------------------- 15 | GID/UID 16 | ------------------------------------- 17 | User uid: $(id -u unms) 18 | User gid: $(id -g unms) 19 | ------------------------------------- 20 | " -------------------------------------------------------------------------------- /root/etc/s6-overlay/scripts/init-permissions: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | chown -R unms:unms /home/app/unms/public/firmwares 4 | chown -R unms:unms /home/app/unms/public/site-images 5 | chown -R unms:unms /usr/src/ucrm/web 6 | chown -R unms:unms /usr/src/ucrm/app/cache 7 | chown -R unms:unms /config 8 | chown -R unms:unms /data 9 | chown unms:unms /home/app 10 | chown unms:unms /var/log/rabbitmq 11 | chmod -R 0644 /etc/logrotate.d -------------------------------------------------------------------------------- /root/etc/s6-overlay/scripts/init-postgres: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | mkdir -p /run/postgresql 4 | chown -R unms:unms /run/postgresql 5 | 6 | if [ -e /config/postgres/postgresql.conf ]; then 7 | echo "Database already configured" 8 | else 9 | mkdir -p /config/postgres 10 | chown unms:unms /config/postgres 11 | chmod 700 /config/postgres 12 | s6-setuidgid unms initdb --locale=C.UTF-8 -U postgres -D /config/postgres 13 | fi 14 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/scripts/init-prepare: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # RabbitMQ 4 | [ ! -e /config/rabbitmq ] && [ -d /var/lib/rabbitmq ] && mv /var/lib/rabbitmq /config/rabbitmq 5 | [ -e /config/rabbitmq ] || mkdir -p /config/rabbitmq 6 | [ -d /var/lib/rabbitmq ] && rm -rf /var/lib/rabbitmq 7 | [ -e /var/log/rabbitmq ] || mkdir -p /var/log/rabbitmq 8 | ln -s /config/rabbitmq /var/lib/rabbitmq 9 | 10 | # SiriDB 11 | [ ! -e /config/siridb ] && [ -d /var/lib/siridb ] && mv /var/lib/siridb /config/siridb 12 | [ -e /config/siridb ] || mkdir -p /config/siridb 13 | [ -d /var/lib/siridb ] && rm -rf /var/lib/siridb 14 | ln -s /config/siridb /var/lib/siridb 15 | 16 | # UNMS 17 | [ ! -e /config/unms ] && [ -d /home/app/unms/data ] && mv /home/app/unms/data /config/unms 18 | [ -e /config/unms ] || mkdir -p /config/unms 19 | [ -d /home/app/unms/data ] && rm -rf /home/app/unms/data 20 | [ -f /sharedenv ] || (echo "export UNMS_TOKEN=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 48 | head -n 1 || true)" > /sharedenv \ 21 | && echo "export SECRET=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 48 | head -n 1 || true)" >> /sharedenv \ 22 | && echo "export SECURE_LINK_SECRET=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 100 | head -n 1 || true)" >> /sharedenv \ 23 | && echo "export UNMS_CLI_TOKEN=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 48 | head -n 1 || true)" >> /sharedenv) 24 | ln -s /config/unms /home/app/unms/data 25 | 26 | # UCRM 27 | [ ! -e /config/unms/ucrm ] && [ -d /data ] && mv /data /config/unms/ucrm 28 | [ -e /config/unms/ucrm ] || mkdir -p /config/unms/ucrm 29 | [ -d /data ] && rm -rf /data 30 | ln -s /config/unms/ucrm /data 31 | 32 | # Nginx Firmware 33 | [ -e /config/unms/firmwares ] || mkdir -p /config/unms/firmwares 34 | [ -e /www ] || mkdir -p /www 35 | [ -d /www/firmwares ] && rm -rf /www/firmwares 36 | [ -d /home/app/unms/public/firmwares ] && rm -rf /home/app/unms/public/firmwares 37 | ln -s /config/unms/firmwares /www/firmwares 38 | ln -s /config/unms/firmwares /home/app/unms/public/firmwares 39 | 40 | # Nginx Images 41 | [ ! -e /config/unms/images ] && [ -d /home/app/unms/public/site-images ] && mv /home/app/unms/public/site-images /config/unms/images 42 | [ -e /config/unms/images ] || mkdir -p /config/unms/images 43 | [ -d /home/app/unms/public/site-images ] && rm -rf /home/app/unms/public/site-images 44 | ln -s /config/unms/images /home/app/unms/public/site-images 45 | 46 | # Certs 47 | [ -e /config/cert ] || mkdir -p /config/cert 48 | [ -e /config/usercert ] || mkdir -p /config/usercert 49 | [ -d /cert ] && rm -rf /cert 50 | [ -d /usercert ] && rm -rf /usercert 51 | ln -s /config/cert /cert 52 | ln -s /config/usercert /usercert 53 | 54 | # UNMS / UCRM Logs 55 | [ -e /config/unms/logs ] || mkdir -p /config/unms/logs 56 | 57 | # Clean cron 58 | [ -f /var/run/crond.pid ] && rm -rf /var/run/crond.pid 59 | 60 | # Fix hosts file 61 | echo "127.0.0.1 unms" >> /etc/hosts 62 | 63 | # Fix logrotate permission 64 | chmod 644 /etc/logrotate.d/unms 65 | chmod 644 /etc/logrotate.d/ucrm --------------------------------------------------------------------------------