├── LICENSE ├── README.md ├── alpine-curl └── Dockerfile ├── ansible ├── Dockerfile ├── Dockerfile-core └── Dockerfile-lite ├── chrony ├── Dockerfile └── readme.md ├── dante ├── Dockerfile ├── sockd.conf └── start.sh ├── es-index-rotator ├── Dockerfile └── rotate.sh ├── harbor-offline └── Dockerfile ├── kubeasz-ext-bin └── Dockerfile ├── kubeasz-ext-build └── Dockerfile ├── kubeasz-k8s-bin └── Dockerfile ├── kubeasz-sys-pkg └── Dockerfile ├── kubeasz └── Dockerfile ├── ng-forward-proxy ├── Dockerfile └── nginx.conf ├── ng-http-proxy ├── Dockerfile └── nginx.conf ├── ng-l4-proxy ├── Dockerfile └── nginx.conf └── nodejs └── Dockerfile /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # dockerfiles 2 | 3 | dockerfiles for auto-building docker images used by kubeasz https://github.com/easzlab/kubeasz 4 | -------------------------------------------------------------------------------- /alpine-curl/Dockerfile: -------------------------------------------------------------------------------- 1 | # repo: easzlab/alpine-curl 2 | 3 | FROM alpine:3.16 4 | 5 | RUN set -x \ 6 | && apk update \ 7 | # Useful tools 8 | && apk --no-cache add \ 9 | bash \ 10 | curl \ 11 | # Cleaning 12 | && rm -rf /var/cache/apk/* \ 13 | && rm -rf /root/.cache 14 | 15 | CMD [ "sleep", "360000000" ] 16 | -------------------------------------------------------------------------------- /ansible/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.9-alpine 2 | 3 | ENV ANSIBLE_VER=2.10.6 4 | EASZLAB_ANSIBLE_TAG=2.10.6 5 | 6 | RUN set -x \ 7 | # Build dependencies 8 | && apk --no-cache add --virtual build-dependencies \ 9 | gcc \ 10 | musl-dev \ 11 | python3-dev \ 12 | libffi-dev \ 13 | openssl-dev \ 14 | cargo \ 15 | build-base \ 16 | # Useful tools 17 | && apk --no-cache add \ 18 | bash \ 19 | openssh-client \ 20 | rsync \ 21 | && pip install pip --upgrade \ 22 | && pip install --no-cache-dir \ 23 | ansible=="$ANSIBLE_VER" \ 24 | # Some module need '/usr/bin/python' exist 25 | && ln -s -f /usr/local/bin/python3 /usr/bin/python \ 26 | && ln -s -f /usr/local/bin/python3 /usr/bin/python3 \ 27 | # Cleaning 28 | && apk del build-dependencies \ 29 | && rm -rf /var/cache/apk/* \ 30 | && rm -rf /root/.cache \ 31 | && rm -rf /root/.cargo 32 | 33 | CMD [ "sleep", "360000000" ] 34 | -------------------------------------------------------------------------------- /ansible/Dockerfile-core: -------------------------------------------------------------------------------- 1 | FROM python:3.9-alpine 2 | 3 | ENV ANSIBLE_VER=2.10.6 4 | EASZLAB_ANSIBLE_TAG=2.10.6-core 5 | 6 | RUN set -x \ 7 | # Build dependencies 8 | && apk --no-cache add --virtual build-dependencies \ 9 | gcc \ 10 | musl-dev \ 11 | python3-dev \ 12 | libffi-dev \ 13 | openssl-dev \ 14 | cargo \ 15 | build-base \ 16 | # Useful tools 17 | && apk --no-cache add \ 18 | bash \ 19 | openssh-client \ 20 | rsync \ 21 | && pip install pip --upgrade \ 22 | && pip install --no-cache-dir \ 23 | ansible-base=="$ANSIBLE_VER" \ 24 | # Some module need '/usr/bin/python' exist 25 | && ln -s -f /usr/local/bin/python3 /usr/bin/python \ 26 | && ln -s -f /usr/local/bin/python3 /usr/bin/python3 \ 27 | # Cleaning 28 | && apk del build-dependencies \ 29 | && rm -rf /var/cache/apk/* \ 30 | && rm -rf /root/.cache \ 31 | && rm -rf /root/.cargo 32 | 33 | CMD [ "sleep", "360000000" ] 34 | -------------------------------------------------------------------------------- /ansible/Dockerfile-lite: -------------------------------------------------------------------------------- 1 | FROM python:3.9-alpine 2 | 3 | ENV ANSIBLE_VER=2.10.6 4 | EASZLAB_ANSIBLE_TAG=2.10.6-lite 5 | 6 | RUN set -x \ 7 | # Build dependencies 8 | && apk --no-cache add --virtual build-dependencies \ 9 | gcc \ 10 | musl-dev \ 11 | python3-dev \ 12 | libffi-dev \ 13 | openssl-dev \ 14 | cargo \ 15 | build-base \ 16 | # Useful tools 17 | && apk --no-cache add \ 18 | bash \ 19 | openssh-client \ 20 | rsync \ 21 | && pip install pip --upgrade \ 22 | && pip install --no-cache-dir \ 23 | ansible=="$ANSIBLE_VER" \ 24 | # Remove unnecessary ansible packages 25 | && mv /usr/local/lib/python3.9/site-packages/ansible_collections/ansible /tmp \ 26 | && mv /usr/local/lib/python3.9/site-packages/ansible_collections/community /tmp \ 27 | && rm -rf /usr/local/lib/python3.9/site-packages/ansible_collections/* \ 28 | && mv /tmp/ansible /tmp/community /usr/local/lib/python3.9/site-packages/ansible_collections \ 29 | && mv /usr/local/lib/python3.9/site-packages/ansible_collections/community/crypto /tmp \ 30 | && mv /usr/local/lib/python3.9/site-packages/ansible_collections/community/general /tmp \ 31 | && mv /usr/local/lib/python3.9/site-packages/ansible_collections/community/network /tmp \ 32 | && rm -rf /usr/local/lib/python3.9/site-packages/ansible_collections/community/* \ 33 | && mv /tmp/crypto /tmp/general /tmp/network /usr/local/lib/python3.9/site-packages/ansible_collections/community/ \ 34 | # Some module need '/usr/bin/python' exist 35 | && ln -s -f /usr/local/bin/python3 /usr/bin/python \ 36 | && ln -s -f /usr/local/bin/python3 /usr/bin/python3 \ 37 | # Cleaning 38 | && apk del build-dependencies \ 39 | && rm -rf /var/cache/apk/* \ 40 | && rm -rf /root/.cache \ 41 | && rm -rf /root/.cargo 42 | 43 | CMD [ "sleep", "360000000" ] 44 | -------------------------------------------------------------------------------- /chrony/Dockerfile: -------------------------------------------------------------------------------- 1 | # chrony dockerfile 2 | # @usage: docker run -d -p123:123/udp -v /your_chrony.conf:/etc/chrony/chrony.conf easzlab/chrony:$TAG 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/dockerfiles/chrony 5 | # @ref: https://github.com/easzlab/kubeasz 6 | 7 | FROM alpine:3.9 8 | 9 | RUN apk --update add chrony && \ 10 | rm -rf /var/cache/apk/* 11 | 12 | EXPOSE 123/udp 13 | 14 | HEALTHCHECK --interval=30s --timeout=5s CMD chronyc tracking > /dev/null 15 | 16 | CMD ["/usr/sbin/chronyd", "-4", "-d", "-s"] 17 | -------------------------------------------------------------------------------- /chrony/readme.md: -------------------------------------------------------------------------------- 1 | ## chrony 镜像 2 | 3 | 本 chrony 镜像是为项目[kubeasz](https://github.com/easzlab/kubeasz)提供离线安装时间同步服务器使用,参阅 https://github.com/easzlab/kubeasz/tree/master/roles/chrony 4 | 5 | ### TL;DR; 6 | 7 | ``` 8 | $ docker run -d \ 9 | --name chrony \ 10 | --cap-add SYS_TIME \ 11 | --publish 123:123/udp \ 12 | --volume /etc/chrony.conf:/etc/chrony/chrony.conf \ 13 | --volume /var/lib/chrony:/var/lib/chrony \ 14 | easzlab/chrony:$TAG 15 | ``` 16 | - --cap-add SYS_TIME 为容器添加系统权限,如果不考虑权限扩大风险,也可以替换指定`--privileged` 17 | - --publish 123:123/udp 指定开放端口,如果 chrony 作为服务端使用,必须开放该端口;如果作为客户端可以不开放端口 18 | - --volume /etc/chrony.conf:/etc/chrony/chrony.conf 指定个性化配置 19 | - --volume /var/lib/chrony:/var/lib/chrony 可选保存时间校准记录的状态文件 /var/lib/chrony/drift 20 | 21 | ### 制作 chrony.service 22 | 23 | 在支持 systemd 的linux系统上,可以参考配置如下服务文件: 24 | 25 | ``` 26 | $ cat /etc/systemd/system/chrony.service 27 | [Unit] 28 | Description=chrony 29 | Documentation=https://github.com/kubeasz/dockerfiles/chrony 30 | After=docker.service 31 | Requires=docker.service 32 | 33 | [Service] 34 | User=root 35 | ExecStart=/opt/kube/bin/docker run \ 36 | --cap-add SYS_TIME \ 37 | --name chrony \ 38 | --network host \ 39 | --volume /etc/chrony.conf:/etc/chrony/chrony.conf \ 40 | --volume /var/lib/chrony:/var/lib/chrony \ 41 | easzlab/chrony:0.1.0 42 | ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK 43 | ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK 44 | ExecStop=/opt/kube/bin/docker rm -f chrony 45 | Restart=always 46 | RestartSec=10 47 | Delegate=yes 48 | 49 | [Install] 50 | WantedBy=multi-user.target 51 | ``` 52 | - 主要 --network host 选项,而不是使用 --publish 123:123/udp,后者在使用中发现无法连接外部时间服务器 53 | 54 | ### 参考 55 | 56 | 1. https://github.com/publicarray/docker-chrony 57 | 2. chrony 官方文档 https://chrony.tuxfamily.org/index.html 58 | -------------------------------------------------------------------------------- /dante/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | ENV DANTE_VER=1.4.3 \ 4 | IFACE=eth0 \ 5 | WORKERS=1 \ 6 | PORT=8118 \ 7 | USER=dummyUser \ 8 | PASS=dummyPass \ 9 | EASZLAB_DANTE_TAG=1.4.3 10 | 11 | RUN set -x \ 12 | && yum update -y \ 13 | && yum install -y \ 14 | curl \ 15 | gcc \ 16 | iproute \ 17 | make \ 18 | && cd /tmp \ 19 | && curl -L https://www.inet.no/dante/files/dante-$DANTE_VER.tar.gz | tar xz \ 20 | && cd dante-* \ 21 | && ./configure \ 22 | --prefix=/usr \ 23 | --sysconfdir=/etc \ 24 | --localstatedir=/var \ 25 | --disable-client \ 26 | --disable-pidfile \ 27 | --without-libwrap \ 28 | --without-bsdauth \ 29 | --without-gssapi \ 30 | --without-upnp \ 31 | --without-pam \ 32 | && make && make install \ 33 | && cd / \ 34 | # Add an unprivileged user. 35 | && adduser -r -M -U -s /sbin/nologin sockd \ 36 | # set timezone 37 | && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ 38 | # Clean up. 39 | && rm -rf /tmp/* \ 40 | && yum remove gcc make -y \ 41 | && yum clean all \ 42 | && rm -rf /var/cache/yum \ 43 | # forward sockd logs to docker log collector. 44 | && ln -sf /dev/stdout /var/log/sockd.log 45 | 46 | COPY sockd.conf start.sh ./ 47 | 48 | CMD ["./start.sh"] 49 | -------------------------------------------------------------------------------- /dante/sockd.conf: -------------------------------------------------------------------------------- 1 | ###--- Server settings --- 2 | logoutput: /var/log/sockd.log 3 | internal: 0.0.0.0 port = 8118 4 | external: eth0 5 | clientmethod: none 6 | socksmethod: none 7 | user.notprivileged: sockd 8 | user.privileged: sockd 9 | 10 | timeout.negotiate: 10 11 | timeout.io: 1800 12 | #debug: 2 13 | 14 | ###--- Client access rules --- 15 | client pass { 16 | from: 0.0.0.0/0 to: 0.0.0.0/0 17 | } 18 | 19 | ###--- Socks command rules --- 20 | socks pass { 21 | from: 0.0.0.0/0 to: 0.0.0.0/0 22 | } 23 | 24 | ##--- allow only one dst-port 25 | #socks pass { 26 | # from: 0.0.0.0/0 to: 0.0.0.0/0 port = 3478 27 | # } 28 | 29 | socks block { 30 | from: 0.0.0.0/0 to: 0.0.0.0/0 31 | log: connect error 32 | } 33 | -------------------------------------------------------------------------------- /dante/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | echo "[INFO] version: $DANTE_VER" 4 | echo "[INFO] listening port: $PORT" 5 | echo "[INFO] start workers number: $WORKERS" 6 | 7 | # to support mounting config 8 | if [ -e /etc/sockd.conf ];then 9 | echo "[INFO] load mounted config" 10 | cat /etc/sockd.conf > /sockd.conf 11 | fi 12 | 13 | if [[ "$USER" != "dummyUser" ]];then 14 | echo "[INFO] create user:$USER" 15 | adduser "$USER" > /dev/null 16 | printf "$PASS\n$PASS\n"|passwd "$USER" > /dev/null 2>&1 17 | echo "[INFO] enable username/password authentication" 18 | sed -i "s/^socksmethod:.*$/socksmethod: username/g" ./sockd.conf 19 | fi 20 | 21 | # change interface 22 | if [[ "$IFACE" != "eth0" ]];then 23 | echo "[INFO] use interface: $IFACE" 24 | else 25 | IFACE=$(ip route|grep default|awk '{print $5}') 26 | echo "[WARN] interface not set, use auto-detected: $IFACE" 27 | fi 28 | sed -i "s/^external:.*$/external: $IFACE/g" ./sockd.conf 29 | 30 | 31 | # change listening port 32 | sed -i "s/^internal:.*$/internal: 0.0.0.0 port = $PORT/g" ./sockd.conf 33 | 34 | sockd -f ./sockd.conf -N "$WORKERS" -n 35 | -------------------------------------------------------------------------------- /es-index-rotator/Dockerfile: -------------------------------------------------------------------------------- 1 | # Dockerfile for Rotating the indices in elastic of the EFK deployment 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/mirrorepo/es-index-rotator 5 | # @ref: https://github.com/easzlab/kubeasz/tree/master/manifests/efk/es-index-rotator/rotator.yaml 6 | 7 | FROM alpine:3.9 8 | 9 | COPY rotate.sh /bin/rotate.sh 10 | 11 | RUN echo "===> Installing essential tools..." && \ 12 | apk --update add bash curl coreutils && \ 13 | echo "===> Cleaning up cache..." && \ 14 | rm -rf /var/cache/apk/* && \ 15 | chmod +x /bin/rotate.sh 16 | 17 | CMD ["/bin/rotate.sh"] 18 | -------------------------------------------------------------------------------- /es-index-rotator/rotate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #-------------------------------------------------- 3 | # Rotate the indices in elastic of the EFK deployment 4 | # 5 | # @author: gjmzj 6 | # @usage: ./rotator.sh [ ...] 7 | # @repo: https://github.com/kubeasz/mirrorepo/es-index-rotator 8 | # @ref: https://github.com/easzlab/kubeasz/tree/master/manifests/efk/es-index-rotator/rotator.yaml 9 | 10 | set -o nounset 11 | set -o errexit 12 | #set -o xtrace 13 | 14 | [[ "$#" -gt 1 && $1 =~ ^[1-9][0-9]{0,2}$ ]] || \ 15 | { echo 'Usage: ./rotator.sh [ ...]'; exit 1; } 16 | 17 | max_days_of_log="$1" 18 | 19 | echo -e "\n[INFO] rotate job starts, try to keep $max_days_of_log days of logs." 20 | 21 | curl -s elasticsearch-logging:9200/_cat/indices > /tmp/indices || \ 22 | { echo "[ERROR] Can not connect to elastic!"; exit 1; } 23 | 24 | for index_prefix in "${@:2}";do 25 | cat /tmp/indices|grep "$index_prefix"|wc -l > /tmp/lines 26 | curr_days_of_log=$(cat /tmp/lines) 27 | curr_days_of_log=$((${curr_days_of_log}-2)) 28 | 29 | if [[ "$max_days_of_log" -gt "$curr_days_of_log" ]];then 30 | echo "[WARN] No need to rotate the ES indices: $index_prefix-*!" 31 | else 32 | first_day=$(date -d "$max_days_of_log days ago" +'%Y.%m.%d') 33 | cat /tmp/indices|grep "$index_prefix"|cut -d' ' -f3|sed "s/$index_prefix-//g"|sed "s/-/\./g" > /tmp/index 34 | rotate=$(cat /tmp/index|sort|sed -n "1,/$first_day/"p) 35 | for day in $rotate;do 36 | curl -s -X DELETE "elasticsearch-logging:9200/$index_prefix-$day" 37 | day=$(echo $day|sed 's/\./-/g') 38 | curl -s -X DELETE "elasticsearch-logging:9200/$index_prefix-$day" 39 | done 40 | echo -e "\n[INFO] Success to rotate the ES indices: $index_prefix-*!" 41 | fi 42 | done 43 | 44 | exit 0 45 | -------------------------------------------------------------------------------- /harbor-offline/Dockerfile: -------------------------------------------------------------------------------- 1 | # Download harbor offline-package needed by 'kubeasz' 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/dockerfiles/harbor-offline 5 | # @ref: https://github.com/easzlab/kubeasz 6 | 7 | FROM alpine:3.9 8 | 9 | ENV HARBOR_VER=v2.1.3 10 | 11 | RUN wget https://github.com/goharbor/harbor/releases/download/${HARBOR_VER}/harbor-offline-installer-${HARBOR_VER}.tgz 12 | 13 | CMD [ "sleep", "360000000" ] 14 | -------------------------------------------------------------------------------- /kubeasz-ext-bin/Dockerfile: -------------------------------------------------------------------------------- 1 | # Download extral binaries needed by 'kubeasz' 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/dockerfiles/kubeasz-ext-bin 5 | # @ref: https://github.com/kubernetes/kubernetes/blob/master/build/dependencies.yaml 6 | 7 | FROM alpine:3.12 8 | 9 | ENV ETCD_VER=v3.5.4 \ 10 | CFSSL_VER=1.6.1 \ 11 | CNI_VER=v1.1.1 \ 12 | HELM_VER=v3.9.4 \ 13 | DOCKER_COMPOSE_VER=1.28.6 \ 14 | CALICOCTL_VER=v3.23.3 \ 15 | CRICTL_VER=v1.25.0 \ 16 | RUNC_VER=v1.1.4 \ 17 | CONTAINERD_VER=1.6.8 \ 18 | EXT_BIN_VER=1.3.0 19 | 20 | RUN mkdir -p /extra && \ 21 | \ 22 | wget https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz && \ 23 | tar zxf etcd-${ETCD_VER}-linux-amd64.tar.gz && \ 24 | cd etcd-${ETCD_VER}-linux-amd64 && \ 25 | mv etcd etcdctl /extra && \ 26 | cd / && rm -rf etcd-${ETCD_VER}-linux-amd64* && \ 27 | \ 28 | wget https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VER}/cfssl_${CFSSL_VER}_linux_amd64 && \ 29 | wget https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VER}/cfssljson_${CFSSL_VER}_linux_amd64 && \ 30 | wget https://github.com/cloudflare/cfssl/releases/download/v${CFSSL_VER}/cfssl-certinfo_${CFSSL_VER}_linux_amd64 && \ 31 | mv cfssl_${CFSSL_VER}_linux_amd64 /extra/cfssl && \ 32 | mv cfssljson_${CFSSL_VER}_linux_amd64 /extra/cfssljson && \ 33 | mv cfssl-certinfo_${CFSSL_VER}_linux_amd64 /extra/cfssl-certinfo && \ 34 | \ 35 | wget https://github.com/containernetworking/plugins/releases/download/${CNI_VER}/cni-plugins-linux-amd64-${CNI_VER}.tgz && \ 36 | mkdir /cni && tar zxf cni-plugins-linux-amd64-${CNI_VER}.tgz -C /cni && \ 37 | cd /cni && mv bridge host-local loopback portmap tuning /extra && \ 38 | cd / && rm -rf cni* && \ 39 | \ 40 | export CILIUM_CLI_VER=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt) && \ 41 | wget https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VER}/cilium-linux-amd64.tar.gz && \ 42 | tar zxf cilium-linux-amd64.tar.gz -C /extra && \ 43 | rm -rf cilium-linux-amd64.tar.gz && \ 44 | export HUBBLE_VER=$(curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt) && \ 45 | wget https://github.com/cilium/hubble/releases/download/${HUBBLE_VER}/hubble-linux-amd64.tar.gz && \ 46 | tar zxf hubble-linux-amd64.tar.gz -C /extra && \ 47 | rm -rf hubble-linux-amd64.tar.gz && \ 48 | \ 49 | wget https://get.helm.sh/helm-${HELM_VER}-linux-amd64.tar.gz && \ 50 | tar zxf helm-${HELM_VER}-linux-amd64.tar.gz && \ 51 | mv linux-amd64/helm /extra && \ 52 | rm -rf linux-amd64 helm-${HELM_VER}-linux-amd64.tar.gz && \ 53 | \ 54 | wget https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VER}/docker-compose-Linux-x86_64 && \ 55 | mv docker-compose-Linux-x86_64 /extra/docker-compose && \ 56 | \ 57 | wget https://github.com/projectcalico/calico/releases/download/${CALICOCTL_VER}/calicoctl-linux-amd64 && \ 58 | mv calicoctl-linux-amd64 /extra/calicoctl && \ 59 | \ 60 | mkdir -p /extra/containerd-bin && \ 61 | wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VER}/crictl-${CRICTL_VER}-linux-amd64.tar.gz && \ 62 | tar zxf crictl-${CRICTL_VER}-linux-amd64.tar.gz -C /extra/containerd-bin && \ 63 | wget https://github.com/opencontainers/runc/releases/download/${RUNC_VER}/runc.amd64 && \ 64 | chmod +x runc.amd64 && mv runc.amd64 /extra/containerd-bin/runc && \ 65 | wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VER}/containerd-${CONTAINERD_VER}-linux-amd64.tar.gz && \ 66 | tar zxf containerd-${CONTAINERD_VER}-linux-amd64.tar.gz -C /tmp && \ 67 | mv /tmp/bin/* /extra/containerd-bin && \ 68 | rm -rf crictl-${CRICTL_VER}-linux-amd64.tar.gz containerd-${CONTAINERD_VER}-linux-amd64.tar.gz 69 | 70 | COPY --from=easzlab/kubeasz-ext-build:1.0.0 /bin/nginx /extra/nginx 71 | COPY --from=easzlab/kubeasz-ext-build:1.0.0 /bin/chronyd /extra/chronyd 72 | COPY --from=easzlab/kubeasz-ext-build:1.0.0 /bin/keepalived /extra/keepalived 73 | 74 | CMD [ "sleep", "360000000" ] 75 | -------------------------------------------------------------------------------- /kubeasz-ext-build/Dockerfile: -------------------------------------------------------------------------------- 1 | # Download extral binaries needed by 'kubeasz' 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/dockerfiles/kubeasz-ext-build 5 | # @ref: https://github.com/easzlab/kubeasz 6 | 7 | FROM centos:7 as rpm_centos7 8 | 9 | ENV NGINX_VERSION=1.20.2 10 | ENV CHRONY_VERSION 4.0 11 | ENV CHRONY_DOWNLOAD_URL "https://download.tuxfamily.org/chrony/chrony-${CHRONY_VERSION}.tar.gz" 12 | ENV CHRONY_SHA256 be27ea14c55e7a4434b2fa51d53018c7051c42fa6a3198c9aa6a1658bae0c625 13 | ENV KEEPALIVED_VERSION 2.0.20 14 | ENV KEEPALIVED_DOWNLOAD_URL "http://keepalived.org/software/keepalived-${KEEPALIVED_VERSION}.tar.gz" 15 | 16 | RUN yum install -y \ 17 | gcc \ 18 | make \ 19 | openssl \ 20 | openssl-devel \ 21 | && curl -o nginx.tar.gz -SL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \ 22 | && tar -xzf nginx.tar.gz -C /tmp/ \ 23 | && cd /tmp/nginx-* \ 24 | && ./configure --with-stream \ 25 | --without-http \ 26 | --without-http_uwsgi_module \ 27 | --without-http_scgi_module \ 28 | --without-http_fastcgi_module \ 29 | && make && make install \ 30 | && cd / \ 31 | && curl -o chrony.tar.gz -SL $CHRONY_DOWNLOAD_URL \ 32 | && echo "${CHRONY_SHA256} *chrony.tar.gz" | sha256sum -c - \ 33 | && tar xzf chrony.tar.gz -C /tmp/ \ 34 | && cd /tmp/chrony* \ 35 | && ./configure \ 36 | --without-editline \ 37 | --disable-sechash \ 38 | --disable-nts \ 39 | --disable-ipv6 \ 40 | --disable-privdrop \ 41 | --without-libcap \ 42 | --without-seccomp \ 43 | --disable-asyncdns \ 44 | --disable-cmdmon \ 45 | && make && make install \ 46 | && cd / \ 47 | && curl -o keepalived.tar.gz -SL $KEEPALIVED_DOWNLOAD_URL \ 48 | && tar xzf keepalived.tar.gz -C /tmp/ \ 49 | && cd /tmp/keepalived* \ 50 | && ./configure \ 51 | --disable-dynamic-linking \ 52 | --disable-FEATURE \ 53 | --disable-lvs \ 54 | --disable-vrrp-auth \ 55 | --disable-routes \ 56 | --disable-linkbeat \ 57 | --disable-iptables \ 58 | --disable-libipset-dynamic \ 59 | --disable-nftables \ 60 | --disable-hardening \ 61 | --with-init=systemd \ 62 | && make && make install 63 | 64 | FROM alpine:3.12 65 | 66 | ENV EXT_BUILD_VER=1.0.0 67 | 68 | COPY --from=rpm_centos7 /usr/local/nginx/sbin/nginx /bin 69 | COPY --from=rpm_centos7 /usr/local/sbin/chronyd /bin 70 | COPY --from=rpm_centos7 /usr/local/sbin/keepalived /bin 71 | 72 | CMD [ "sleep", "360000000" ] 73 | -------------------------------------------------------------------------------- /kubeasz-k8s-bin/Dockerfile: -------------------------------------------------------------------------------- 1 | # Download kubernetes binaries needed by 'kubeasz' 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/dockerfiles/kubeasz-k8s-bin 5 | # @ref: https://github.com/easzlab/kubeasz 6 | 7 | FROM alpine:3.12 8 | 9 | ENV K8S_VER=v1.21.4 10 | 11 | RUN wget https://dl.k8s.io/$K8S_VER/kubernetes-server-linux-amd64.tar.gz && \ 12 | tar zxf kubernetes-server-linux-amd64.tar.gz && \ 13 | mkdir -p /k8s && cd kubernetes/server/bin && \ 14 | mv kube-apiserver kube-controller-manager kube-scheduler /k8s && \ 15 | mv kubelet kube-proxy kubectl /k8s && \ 16 | cd / && rm -rf kubernetes* 17 | 18 | CMD [ "sleep", "360000000" ] 19 | -------------------------------------------------------------------------------- /kubeasz-sys-pkg/Dockerfile: -------------------------------------------------------------------------------- 1 | # Download system packages (rpm or deb) needed by 'kubeasz' 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/kubeasz/dockerfiles/kubeasz-sys-pkg 5 | # @ref: https://github.com/easzlab/kubeasz 6 | 7 | # 1.downloading rpm packages on CentOS7 8 | FROM centos:7 as rpm_centos7 9 | 10 | RUN yum install --downloadonly --downloaddir=/root/down \ 11 | bash-completion \ 12 | conntrack-tools \ 13 | ipset \ 14 | ipvsadm \ 15 | libseccomp \ 16 | nfs-utils \ 17 | rsync \ 18 | socat && \ 19 | cd /root/down && rm -f systemd* && \ 20 | tar zcvf /tmp/basic_centos7.tar.gz *.rpm 21 | 22 | # 2.downloading deb packages on Ubuntu1604 23 | FROM ubuntu:16.04 as deb_xenial 24 | 25 | RUN apt update && \ 26 | apt install -d -y \ 27 | conntrack \ 28 | ipset \ 29 | ipvsadm \ 30 | jq \ 31 | libseccomp2 \ 32 | nfs-common \ 33 | rsync \ 34 | socat && \ 35 | cd /var/cache/apt/archives && \ 36 | tar zcvf /tmp/basic_xenial.tar.gz *.deb 37 | 38 | # 3.downloading deb packages on Ubuntu1804 39 | FROM ubuntu:18.04 as deb_bionic 40 | 41 | RUN apt update && \ 42 | apt install -d -y \ 43 | conntrack \ 44 | ipset \ 45 | ipvsadm \ 46 | jq \ 47 | libseccomp2 \ 48 | nfs-common \ 49 | rsync \ 50 | socat && \ 51 | cd /var/cache/apt/archives && \ 52 | tar zcvf /tmp/basic_bionic.tar.gz *.deb 53 | 54 | # 4.downloading deb packages on Ubuntu2004 55 | FROM ubuntu:20.04 as deb_focal 56 | 57 | RUN apt update && \ 58 | apt install -d -y \ 59 | conntrack \ 60 | ipset \ 61 | ipvsadm \ 62 | jq \ 63 | libseccomp2 \ 64 | nfs-common \ 65 | rsync \ 66 | socat && \ 67 | cd /var/cache/apt/archives && \ 68 | tar zcvf /tmp/basic_focal.tar.gz *.deb 69 | 70 | # 5.downloading deb packages on Debian9 71 | FROM debian:9 as deb_stretch 72 | 73 | RUN apt update && \ 74 | apt install -d -y \ 75 | conntrack \ 76 | ipset \ 77 | ipvsadm \ 78 | jq \ 79 | libseccomp2 \ 80 | nfs-common \ 81 | rsync \ 82 | socat && \ 83 | cd /var/cache/apt/archives && \ 84 | tar zcvf /tmp/basic_stretch.tar.gz *.deb 85 | 86 | # 6.downloading deb packages on Debian10 87 | FROM debian:10 as deb_buster 88 | 89 | RUN apt update && \ 90 | apt install -d -y \ 91 | conntrack \ 92 | ipset \ 93 | ipvsadm \ 94 | jq \ 95 | libseccomp2 \ 96 | nfs-common \ 97 | rsync \ 98 | socat && \ 99 | cd /var/cache/apt/archives && \ 100 | tar zcvf /tmp/basic_buster.tar.gz *.deb 101 | 102 | # storing packages on alpine 103 | FROM alpine:3.12 104 | 105 | ENV SYS_PKG_VER=0.4.3 106 | 107 | COPY --from=rpm_centos7 /tmp/*.tar.gz /packages/ 108 | 109 | COPY --from=deb_xenial /tmp/*.tar.gz /packages/ 110 | 111 | COPY --from=deb_bionic /tmp/*.tar.gz /packages/ 112 | 113 | COPY --from=deb_focal /tmp/*.tar.gz /packages/ 114 | 115 | COPY --from=deb_stretch /tmp/*.tar.gz /packages/ 116 | 117 | COPY --from=deb_buster /tmp/*.tar.gz /packages/ 118 | 119 | CMD [ "sleep", "360000000" ] 120 | -------------------------------------------------------------------------------- /kubeasz/Dockerfile: -------------------------------------------------------------------------------- 1 | # Dockerfile for building images to run kubeasz in a container 2 | # 3 | # @author: gjmzj 4 | # @repo: https://github.com/easzlab/kubeasz 5 | 6 | FROM easzlab/ansible:2.10.6-lite 7 | 8 | ENV KUBEASZ_VER=3.4.0 9 | 10 | RUN set -x \ 11 | # Downloading kubeasz 12 | && wget https://github.com/easzlab/kubeasz/archive/refs/tags/"$KUBEASZ_VER".tar.gz \ 13 | && tar zxf ./"$KUBEASZ_VER".tar.gz \ 14 | && mv kubeasz-"$KUBEASZ_VER" /etc/kubeasz \ 15 | && ln -s -f /etc/kubeasz/ezctl /usr/bin/ezctl \ 16 | && ln -s -f /etc/kubeasz/ezdown /usr/bin/ezdown \ 17 | # Cleaning 18 | && rm -rf ./"$KUBEASZ_VER".tar.gz 19 | -------------------------------------------------------------------------------- /ng-forward-proxy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | ENV NGINX_VERSION=1.20.1 \ 4 | NG_FORWARD_PROXY_VER=v1.0.0 5 | 6 | RUN yum install -y \ 7 | gcc \ 8 | make \ 9 | openssl \ 10 | openssl-devel \ 11 | && groupadd --system --gid 101 nginx \ 12 | && useradd --system --no-create-home --shell /bin/false --gid 101 --uid 101 nginx \ 13 | && curl -o nginx.tar.gz -SL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \ 14 | && tar -xzf nginx.tar.gz -C /tmp/ \ 15 | && cd /tmp/nginx-* \ 16 | && ./configure \ 17 | --user=nginx \ 18 | --group=nginx \ 19 | --prefix=/usr/local/nginx \ 20 | --with-http_ssl_module \ 21 | --with-http_stub_status_module \ 22 | --with-http_realip_module \ 23 | --with-threads \ 24 | --with-stream \ 25 | --with-stream_ssl_preread_module \ 26 | --with-stream_ssl_module \ 27 | && make && make install \ 28 | && rm -rf /nginx.tar.gz /tmp/nginx-* \ 29 | && yum remove gcc make openssl-devel -y \ 30 | && yum clean all \ 31 | && rm -rf /var/cache/yum \ 32 | && rm -f /etc/localtime \ 33 | && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ 34 | && ln -sf /dev/stdout /usr/local/nginx/logs/access.log \ 35 | && ln -sf /dev/stderr /usr/local/nginx/logs/error.log 36 | 37 | COPY nginx.conf /usr/local/nginx/conf/nginx.conf 38 | 39 | CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"] 40 | -------------------------------------------------------------------------------- /ng-forward-proxy/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log logs/error.log warn; 4 | pid logs/nginx.pid; 5 | 6 | events { 7 | use epoll; 8 | worker_connections 50000; 9 | } 10 | 11 | http { 12 | include mime.types; 13 | default_type application/octet-stream; 14 | 15 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 16 | '$status $body_bytes_sent "$http_referer" ' 17 | '"$http_user_agent" "$http_x_forwarded_for"'; 18 | 19 | access_log logs/access.log main; 20 | 21 | sendfile on; 22 | #tcp_nopush on; 23 | 24 | #keepalive_timeout 0; 25 | keepalive_timeout 65; 26 | 27 | #gzip on; 28 | 29 | #################### ENABLE HTTP Forward Proxy 30 | server { 31 | listen 80; 32 | location / { 33 | resolver 223.5.5.5; 34 | #proxy_pass http://$http_host$uri$is_args$args; 35 | proxy_pass http://$http_host$request_uri; 36 | } 37 | } 38 | } 39 | 40 | stream { 41 | resolver 223.5.5.5; 42 | #################### ENABLE HTTPS Forward Proxy 43 | server { 44 | listen 443; 45 | ssl_preread on; 46 | proxy_connect_timeout 5s; 47 | proxy_pass $ssl_preread_server_name:$server_port; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /ng-http-proxy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | ENV NGINX_VERSION=1.20.1 \ 4 | NG_HTTP_PROXY_VER=v1.0.0 5 | 6 | RUN yum install -y \ 7 | patch \ 8 | gcc \ 9 | make \ 10 | openssl \ 11 | openssl-devel \ 12 | && groupadd --system --gid 101 nginx \ 13 | && useradd --system --no-create-home --shell /bin/false --gid 101 --uid 101 nginx \ 14 | && curl -o nginx.tar.gz -SL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \ 15 | && tar -xzf nginx.tar.gz -C /tmp/ \ 16 | && curl -o patch.tar.gz -SL https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.2.tar.gz \ 17 | && tar -xzf patch.tar.gz -C /opt/ \ 18 | && cd /tmp/nginx-* \ 19 | && patch -p1 < /opt/ngx_http_proxy_connect_module-0.0.2/patch/proxy_connect_rewrite_1018.patch \ 20 | && ./configure \ 21 | --user=nginx \ 22 | --group=nginx \ 23 | --prefix=/usr/local/nginx \ 24 | --add-module=/opt/ngx_http_proxy_connect_module-0.0.2 \ 25 | && make && make install \ 26 | && rm -rf /nginx.tar.gz /tmp/nginx-* \ 27 | && yum remove gcc make openssl-devel -y \ 28 | && yum clean all \ 29 | && rm -rf /var/cache/yum \ 30 | && rm -f /etc/localtime \ 31 | && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 32 | 33 | COPY nginx.conf /usr/local/nginx/conf/nginx.conf 34 | 35 | CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"] 36 | -------------------------------------------------------------------------------- /ng-http-proxy/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log logs/error.log warn; 4 | pid logs/nginx.pid; 5 | 6 | events { 7 | use epoll; 8 | worker_connections 50000; 9 | } 10 | 11 | http { 12 | include mime.types; 13 | default_type application/octet-stream; 14 | 15 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 16 | # '$status $body_bytes_sent "$http_referer" ' 17 | # '"$http_user_agent" "$http_x_forwarded_for"'; 18 | 19 | #access_log logs/access.log main; 20 | 21 | sendfile on; 22 | #tcp_nopush on; 23 | 24 | #keepalive_timeout 0; 25 | keepalive_timeout 65; 26 | 27 | #gzip on; 28 | 29 | server { 30 | listen 3128; 31 | 32 | # dns resolver used by forward proxying 33 | resolver 223.5.5.5; 34 | 35 | # forward proxy for CONNECT request 36 | proxy_connect; 37 | proxy_connect_allow 443 563; 38 | proxy_connect_connect_timeout 10s; 39 | proxy_connect_read_timeout 10s; 40 | proxy_connect_send_timeout 10s; 41 | 42 | # forward proxy for non-CONNECT request 43 | location / { 44 | proxy_pass http://$host; 45 | proxy_set_header Host $host; 46 | } 47 | } 48 | } 49 | 50 | -------------------------------------------------------------------------------- /ng-l4-proxy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 as rpm_centos7 2 | 3 | ENV NGINX_VERSION=1.20.1 \ 4 | NG_L4_PROXY_VER=v1.0.0 5 | 6 | RUN yum install -y \ 7 | gcc \ 8 | make \ 9 | openssl \ 10 | openssl-devel \ 11 | && groupadd --system --gid 101 nginx \ 12 | && useradd --system --no-create-home --shell /bin/false --gid 101 --uid 101 nginx \ 13 | && curl -o nginx.tar.gz -SL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \ 14 | && tar -xzf nginx.tar.gz -C /tmp/ \ 15 | && cd /tmp/nginx-* \ 16 | && ./configure \ 17 | --user=nginx \ 18 | --group=nginx \ 19 | --prefix=/usr/local/nginx \ 20 | --with-http_ssl_module \ 21 | --with-http_stub_status_module \ 22 | --with-http_realip_module \ 23 | --with-threads \ 24 | --with-stream \ 25 | --with-stream_ssl_preread_module \ 26 | --with-stream_ssl_module \ 27 | && make && make install \ 28 | && rm -rf /nginx.tar.gz /tmp/nginx-* \ 29 | && yum remove gcc make openssl-devel -y \ 30 | && yum clean all \ 31 | && rm -rf /var/cache/yum \ 32 | && rm -f /etc/localtime \ 33 | && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 34 | 35 | COPY nginx.conf /usr/local/nginx/conf/nginx.conf 36 | 37 | CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"] 38 | -------------------------------------------------------------------------------- /ng-l4-proxy/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | 3 | error_log logs/error.log warn; 4 | pid logs/nginx.pid; 5 | 6 | events { 7 | use epoll; 8 | worker_connections 50000; 9 | } 10 | 11 | ################################# example L4 proxy setting ######## 12 | stream { 13 | resolver 223.5.5.5; 14 | server { 15 | listen 443; 16 | ssl_preread on; 17 | proxy_connect_timeout 5s; 18 | proxy_pass $ssl_preread_server_name:$server_port; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /nodejs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | LABEL Description="This is the image for testing nodejs" 3 | 4 | # Install node 5 | ARG NODE_VER=v14.17.0 6 | ARG NODE_REPO=https://nodejs.org/dist/${NODE_VER}/node-${NODE_VER}-linux-x64.tar.xz 7 | 8 | RUN apt-get update && apt-get install -y -q --no-install-recommends ca-certificates wget xz-utils 9 | 10 | RUN wget ${NODE_REPO} && \ 11 | tar xf node-${NODE_VER}-linux-x64.tar.xz && \ 12 | cp node-*/* /usr/local -rf && rm -rf node-* && \ 13 | rm -rf /var/lib/apt/lists/* /var/cache/apt/* 14 | --------------------------------------------------------------------------------