├── .gitignore ├── Dockerfile ├── README.md ├── cozy-init ├── docker-compose.yml ├── nginx ├── cozy ├── cozy-ssl └── nginx.conf └── supervisor ├── couchdb.conf ├── cozy-controller.conf ├── cozy-init.conf ├── nginx.conf ├── postfix.conf └── supervisord.conf /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | cozy-couchdb/ 3 | cozy-etc/ 4 | cozy-local/ 5 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | 3 | ENV DEBIAN_FRONTEND noninteractive 4 | 5 | # Install Cozy tools and dependencies. 6 | RUN echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" >> /etc/apt/sources.list \ 7 | && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C \ 8 | && apt-get update --quiet \ 9 | && apt-get install --quiet --yes \ 10 | build-essential \ 11 | couchdb \ 12 | curl \ 13 | git \ 14 | imagemagick \ 15 | language-pack-en \ 16 | libffi6 \ 17 | libffi-dev \ 18 | libssl-dev \ 19 | libxml2-dev \ 20 | libxslt1-dev \ 21 | libjpeg-dev \ 22 | lsof \ 23 | nginx \ 24 | postfix \ 25 | pwgen \ 26 | python-dev \ 27 | python-pip \ 28 | python-setuptools \ 29 | python-software-properties \ 30 | software-properties-common \ 31 | sqlite3 \ 32 | wget 33 | RUN update-locale LANG=en_US.UTF-8 34 | RUN pip install \ 35 | supervisor \ 36 | virtualenv 37 | 38 | # Install NodeJS 4.2.X LTS 39 | RUN curl -sL https://deb.nodesource.com/setup_4.x | bash - 40 | RUN apt-get install -y nodejs 41 | 42 | # Install CoffeeScript, Cozy Monitor and Cozy Controller via NPM. 43 | RUN npm install -g \ 44 | coffee-script \ 45 | cozy-controller \ 46 | cozy-monitor 47 | 48 | # Create Cozy users, without home directories. 49 | RUN useradd -M cozy \ 50 | && useradd -M cozy-data-system \ 51 | && useradd -M cozy-home 52 | 53 | # Configure CouchDB. 54 | RUN mkdir /etc/cozy \ 55 | && chown -hR cozy /etc/cozy 56 | RUN pwgen -1 > /etc/cozy/couchdb.login \ 57 | && pwgen -1 >> /etc/cozy/couchdb.login \ 58 | && chown cozy-data-system /etc/cozy/couchdb.login \ 59 | && chmod 640 /etc/cozy/couchdb.login 60 | RUN mkdir /var/run/couchdb \ 61 | && chown -hR couchdb /var/run/couchdb \ 62 | && su - couchdb -c 'couchdb -b' \ 63 | && sleep 5 \ 64 | && while ! curl -s 127.0.0.1:5984; do sleep 5; done \ 65 | && curl -s -X PUT 127.0.0.1:5984/_config/admins/$(head -n1 /etc/cozy/couchdb.login) -d "\"$(tail -n1 /etc/cozy/couchdb.login)\"" 66 | 67 | # Configure Supervisor. 68 | ADD supervisor/supervisord.conf /etc/supervisord.conf 69 | RUN mkdir -p /var/log/supervisor \ 70 | && chmod 777 /var/log/supervisor \ 71 | && /usr/local/bin/supervisord -c /etc/supervisord.conf 72 | 73 | # Start up background services and install the Cozy platform apps. 74 | ENV NODE_ENV production 75 | RUN su - couchdb -c 'couchdb -b' \ 76 | && sleep 5 \ 77 | && while ! curl -s 127.0.0.1:5984; do sleep 5; done \ 78 | && cozy-controller & sleep 5 \ 79 | && while ! curl -s 127.0.0.1:9002; do sleep 5; done \ 80 | && cozy-monitor install data-system \ 81 | && cozy-monitor install home \ 82 | && cozy-monitor install proxy \ 83 | && curl -X POST http://localhost:9103/api/instance -H "Content-Type: application/json" -d '{"background":"background-07"}' \ 84 | && for app in calendar contacts photos emails files sync; do \ 85 | cozy-monitor install $app; \ 86 | done 87 | 88 | # Configure Nginx and check its configuration by restarting the service. 89 | ADD nginx/nginx.conf /etc/nginx/nginx.conf 90 | ADD nginx/cozy /etc/nginx/sites-available/cozy 91 | ADD nginx/cozy-ssl /etc/nginx/sites-available/cozy-ssl 92 | RUN chmod 0644 /etc/nginx/sites-available/cozy /etc/nginx/sites-available/cozy-ssl \ 93 | && rm /etc/nginx/sites-enabled/default \ 94 | && ln -s /etc/nginx/sites-available/cozy /etc/nginx/sites-enabled/cozy 95 | RUN nginx -t 96 | 97 | # Configure Postfix with default parameters. 98 | ENV DISABLE_SSL false 99 | ENV POSTFIX_DOMAIN mydomain.net 100 | RUN echo "postfix postfix/mailname string $POSTFIX_DOMAIN" | debconf-set-selections \ 101 | && echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections \ 102 | && echo "postfix postfix/destinations string $POSTFIX_DOMAIN, localhost.localdomain, localhost " | debconf-set-selections \ 103 | && cp /etc/services /var/spool/postfix/etc/ \ 104 | && cp /etc/resolv.conf /var/spool/postfix/etc \ 105 | && postfix check 106 | 107 | # Import Supervisor configuration files. 108 | ADD supervisor/cozy-controller.conf /etc/supervisor/conf.d/cozy-controller.conf 109 | ADD supervisor/cozy-init.conf /etc/supervisor/conf.d/cozy-init.conf 110 | ADD supervisor/couchdb.conf /etc/supervisor/conf.d/couchdb.conf 111 | ADD supervisor/nginx.conf /etc/supervisor/conf.d/nginx.conf 112 | ADD supervisor/postfix.conf /etc/supervisor/conf.d/postfix.conf 113 | ADD cozy-init /etc/init.d/cozy-init 114 | RUN chmod 0644 /etc/supervisor/conf.d/* 115 | 116 | # Clean APT cache for a lighter image. 117 | RUN apt-get clean \ 118 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 119 | 120 | EXPOSE 80 443 121 | 122 | VOLUME ["/var/lib/couchdb", "/etc/cozy", "/usr/local/cozy", "/usr/local/var/cozy/"] 123 | 124 | CMD [ "/usr/local/bin/supervisord", "-n", "-c", "/etc/supervisord.conf" ] 125 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Cozy Dockerfile 2 | =============== 3 | 4 | ## ⚠️ DEPRECATION WARNING ⚠️ ** 5 | 6 | This was an experimental image for the old version of Cozy, based on Node.js. Both this version and this image are now deprecated and unmaintained. Some work has been done to create an [image for the new, Go based, Cozy V3](https://github.com/cozy/gozy-docker), but this is still a work in progress. 7 | 8 | --- 9 | 10 | This is the Dockerfile recipe used to build the official Cozy image. 11 | It is built on top of the Ubuntu 14.04 image. 12 | 13 | ## Installation 14 | 15 | * Install [Docker](https://www.docker.com/). This recipe has been tested on **Docker v1.0.1 and newer**. 16 | * Fetch the Cozy image: 17 | ``` 18 | sudo docker pull cozy/full 19 | ``` 20 | 21 | * OR you can build the container manually by running: 22 | ```bash 23 | sudo docker build -t cozy/full github.com/cozy-labs/cozy-docker 24 | ``` 25 | 26 | ## Usage 27 | 28 | ``` 29 | sudo docker run -d -p 80:80 -p 443:443 cozy/full 30 | ``` 31 | 32 | Where `-d` tells Docker to daemonize the process and `-p` to bind ports to the host. 33 | 34 | Then, you can open https://localhost/ in your browser to start using your new 35 | dockerized cozy instance. 36 | 37 | 38 | ## Usage as a development environment 39 | 40 | You can also use the same Docker image as a development environment. To do so, just add `-e NODE_ENV=development` and `-e DISABLE_SSL=true`: 41 | 42 | ``` 43 | sudo docker run -e NODE_ENV=development -e DISABLE_SSL=true -d -p 80:80 cozy/full 44 | ``` 45 | 46 | 47 | ## Hack 48 | 49 | In order to modify or patch this recipe you have to clone the repository: 50 | ```bash 51 | git clone https://github.com/cozy-labs/cozy-docker 52 | cd cozy-docker 53 | ``` 54 | 55 | Modify the Dockerfile and/or the configuration files then build the container: 56 | ```bash 57 | sudo docker build -t cozy/full . 58 | ``` 59 | 60 | That's all! 61 | 62 | 63 | ## Security 64 | 65 | It is highly recommended to build the image locally if you want to run Cozy in a production environment: 66 | ``` 67 | sudo docker build -t cozy github.com/cozy-labs/cozy-docker 68 | ``` 69 | 70 | This way, the security tokens will be reset, and the SSL certificate will be renewed. 71 | 72 | 73 | 74 | ## What is Cozy? 75 | 76 | ![Cozy Logo](https://raw.github.com/mycozycloud/cozy-setup/gh-pages/assets/images/happycloud.png) 77 | 78 | [Cozy](http://cozy.io) is a platform that brings all your web services in the 79 | same private space. With it, your web apps and your devices can share data 80 | easily, providing you 81 | with a new experience. You can install Cozy on your own hardware where no one 82 | profiles you. 83 | 84 | 85 | ## Community 86 | 87 | You can reach the Cozy Community by: 88 | 89 | * Chatting with us on IRC #cozycloud on irc.freenode.net 90 | * Posting on our [Forum](https://forum.cozy.io) 91 | * Posting issues on the [Github repos](https://github.com/mycozycloud/) 92 | * Mentioning us on [Twitter](http://twitter.com/mycozycloud) 93 | -------------------------------------------------------------------------------- /cozy-init: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | # Remove old CouchDB admin 6 | if [ "$(tail -n1 /etc/couchdb/local.ini | awk '{ print $1 }')" != ";admin" ]; then 7 | sed -i '$ d' /etc/couchdb/local.ini 8 | fi 9 | 10 | if [ "$NODE_ENV" == "development" ]; then 11 | # In development: ensure that DS will not start with CouchDB credentials 12 | rm -f /etc/cozy/couchdb.login 13 | else 14 | # In production: configure a new CouchDB admin 15 | new_admin=$(pwgen -1) 16 | new_password=$(pwgen -1) 17 | echo "$new_admin = $new_password" >> /etc/couchdb/local.ini 18 | echo "$new_admin" > /etc/cozy/couchdb.login 19 | echo "$new_password" >> /etc/cozy/couchdb.login 20 | fi 21 | supervisorctl restart couchdb 22 | 23 | # Reset controller token 24 | pwgen -1 > /etc/cozy/controller.token 25 | chown cozy-home /etc/cozy/controller.token 26 | chmod 700 /etc/cozy/controller.token 27 | supervisorctl restart cozy-controller 28 | 29 | # Regenerate SSL certificates 30 | if [ "$DISABLE_SSL" == "true" ]; then 31 | rm -f /etc/nginx/sites-enabled/cozy-ssl 32 | ln -sf /etc/nginx/sites-available/cozy /etc/nginx/sites-enabled/ 33 | else 34 | rm -f /etc/nginx/sites-enabled/cozy 35 | ln -sf /etc/nginx/sites-available/cozy-ssl /etc/nginx/sites-enabled/ 36 | 37 | if [ -z "$DOMAIN" ]; then 38 | DOMAIN=localhost 39 | fi 40 | openssl dhparam -out /etc/cozy/dh2048.pem -outform PEM -2 2048 41 | openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/cozy/server.key -out /etc/cozy/server.crt -days 3650 -subj "/CN=$DOMAIN" 42 | chown cozy:cozy /etc/cozy/server.key 43 | chmod 600 /etc/cozy/server.key 44 | fi 45 | supervisorctl restart nginx 46 | 47 | # Restart cozy-controller when CouchDB is available 48 | while ! curl -s 127.0.0.1:5984; do sleep 5; done 49 | cozy-monitor restart-cozy-stack 50 | 51 | rm -f /etc/supervisor/conf.d/cozy-init.conf 52 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | cozy_data: 3 | container_name: cozy_data 4 | image: alpine 5 | volumes: 6 | - ./cozy-etc:/etc/cozy 7 | - ./cozy-couchdb:/var/lib/couchdb 8 | - ./cozy-local:/usr/local/cozy 9 | command: /bin/true 10 | cozy: 11 | build: . 12 | ports: 13 | - "80:80" 14 | - "443:443" 15 | volumes_from: 16 | - cozy_data 17 | -------------------------------------------------------------------------------- /nginx/cozy: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | gzip_vary on; 5 | client_max_body_size 1024M; 6 | 7 | location / { 8 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 9 | proxy_set_header Host $http_host; 10 | proxy_pass http://127.0.0.1:9104; 11 | proxy_http_version 1.1; 12 | proxy_set_header Upgrade $http_upgrade; 13 | proxy_set_header Connection "upgrade"; 14 | } 15 | 16 | access_log /var/log/nginx/cozy.log; 17 | } 18 | -------------------------------------------------------------------------------- /nginx/cozy-ssl: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443; 3 | 4 | ssl_certificate /etc/cozy/server.crt; 5 | ssl_certificate_key /etc/cozy/server.key; 6 | ssl_dhparam /etc/cozy/dh2048.pem; 7 | ssl_session_cache shared:SSL:10m; 8 | ssl_session_timeout 10m; 9 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 10 | ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM; 11 | ssl_prefer_server_ciphers on; 12 | ssl on; 13 | 14 | gzip_vary on; 15 | client_max_body_size 1024M; 16 | 17 | add_header Strict-Transport-Security max-age=2678400; 18 | 19 | location / { 20 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21 | proxy_set_header Host $http_host; 22 | proxy_redirect http:// https://; 23 | proxy_pass http://127.0.0.1:9104; 24 | proxy_http_version 1.1; 25 | proxy_set_header Upgrade $http_upgrade; 26 | proxy_set_header Connection "upgrade"; 27 | } 28 | 29 | access_log /var/log/nginx/cozy.log; 30 | } 31 | 32 | # Always redirect http:// to https:// 33 | server { 34 | listen 80; 35 | return 301 https://$host$request_uri; 36 | } 37 | -------------------------------------------------------------------------------- /nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | daemon off; 2 | user www-data; 3 | worker_processes 1; 4 | pid /run/nginx.pid; 5 | 6 | events { 7 | worker_connections 768; 8 | # multi_accept on; 9 | } 10 | 11 | http { 12 | 13 | ## 14 | # Basic Settings 15 | ## 16 | 17 | sendfile on; 18 | tcp_nopush on; 19 | tcp_nodelay on; 20 | keepalive_timeout 65; 21 | types_hash_max_size 2048; 22 | # server_tokens off; 23 | 24 | # server_names_hash_bucket_size 64; 25 | # server_name_in_redirect off; 26 | 27 | include /etc/nginx/mime.types; 28 | default_type application/octet-stream; 29 | 30 | ## 31 | # SSL Settings 32 | ## 33 | 34 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE 35 | ssl_prefer_server_ciphers on; 36 | 37 | ## 38 | # Logging Settings 39 | ## 40 | 41 | access_log /var/log/nginx/access.log; 42 | error_log /var/log/nginx/error.log; 43 | 44 | ## 45 | # Gzip Settings 46 | ## 47 | 48 | gzip on; 49 | gzip_disable "msie6"; 50 | 51 | # gzip_vary on; 52 | # gzip_proxied any; 53 | # gzip_comp_level 6; 54 | # gzip_buffers 16 8k; 55 | # gzip_http_version 1.1; 56 | # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; 57 | 58 | ## 59 | # Virtual Host Configs 60 | ## 61 | 62 | include /etc/nginx/conf.d/*.conf; 63 | include /etc/nginx/sites-enabled/*; 64 | } 65 | -------------------------------------------------------------------------------- /supervisor/couchdb.conf: -------------------------------------------------------------------------------- 1 | [program:couchdb] 2 | autorestart=true 3 | autostart=true 4 | command=couchdb 5 | environment=HOME=/usr/local/var/lib/couchdb 6 | redirect_stderr=true 7 | user=couchdb 8 | priority=1 9 | -------------------------------------------------------------------------------- /supervisor/cozy-controller.conf: -------------------------------------------------------------------------------- 1 | [program:cozy-controller] 2 | autorestart=true 3 | autostart=true 4 | command=cozy-controller 5 | environment=NODE_ENV=%(ENV_NODE_ENV)s 6 | redirect_stderr=true 7 | user=root 8 | priority=11 9 | -------------------------------------------------------------------------------- /supervisor/cozy-init.conf: -------------------------------------------------------------------------------- 1 | [program:cozy-init] 2 | autorestart=false 3 | autostart=true 4 | command=/etc/init.d/cozy-init 5 | redirect_stderr=true 6 | user=root 7 | priority=3 8 | -------------------------------------------------------------------------------- /supervisor/nginx.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | autorestart=true 3 | autostart=true 4 | command=/usr/sbin/nginx 5 | stdout_events_enabled=true 6 | stderr_events_enabled=true 7 | priority=13 8 | -------------------------------------------------------------------------------- /supervisor/postfix.conf: -------------------------------------------------------------------------------- 1 | [program:postfix] 2 | process_name = master 3 | directory = /etc/postfix 4 | command = /usr/sbin/postfix -c /etc/postfix start 5 | startsecs = 0 6 | autorestart = false 7 | priority = 7 8 | -------------------------------------------------------------------------------- /supervisor/supervisord.conf: -------------------------------------------------------------------------------- 1 | ; supervisor config file 2 | 3 | [unix_http_server] 4 | file=/var/run/supervisor.sock ; (the path to the socket file) 5 | chmod=0700 ; sockef file mode (default 0700) 6 | 7 | [supervisord] 8 | logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) 9 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) 11 | 12 | ; the below section must remain in the config file for RPC 13 | ; (supervisorctl/web interface) to work, additional interfaces may be 14 | ; added by defining them in separate rpcinterface: sections 15 | [rpcinterface:supervisor] 16 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 17 | 18 | [supervisorctl] 19 | serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket 20 | 21 | ; The [include] section can just contain the "files" setting. This 22 | ; setting can list multiple files (separated by whitespace or 23 | ; newlines). It can also contain wildcards. The filenames are 24 | ; interpreted as relative to this file. Included files *cannot* 25 | ; include files themselves. 26 | 27 | [include] 28 | files = /etc/supervisor/conf.d/*.conf 29 | --------------------------------------------------------------------------------