0.12.0

.travis.yml

@@ -1,3 +1,5 @@
+language: bash
+
 services:
   - docker
 
@@ -9,3 +11,4 @@ before_script:
 
 script:
   - ~/docker-arm-ci/run.sh
+

Dockerfile

@@ -1,18 +1,10 @@
 # Multi-stage build - See https://docs.docker.com/engine/userguide/eng-image/multistage-build
-FROM ubnt/unms:0.11.3 as unms
+FROM ubnt/unms:0.12.0 as unms
+FROM oznu/s6-node:8.10.0-amd64
 
-FROM oznu/s6-node:8.9.4
-
-# Copy UNMS app from offical image since the source code is not published at this time
-COPY --from=unms /home/app/unms /app
-
-WORKDIR /app
-
-RUN devDeps="vips-dev fftw-dev make python g++" \
-  && sed -i 's/edge\/community/edge\/testing/g' /etc/apk/repositories \
-  && apk add --no-cache ${devDeps} bash gzip vips openssl postgresql redis rabbitmq-server \
-  && rm -rf /app/node_modules \
-  && yarn install --ignore-engines \
+# base deps redis, rabbitmq
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
+  && apk add --no-cache vips redis rabbitmq-server \
   && apk del ${devDeps} \
   && deluser rabbitmq \
   && addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq \
@@ -21,23 +13,109 @@ RUN devDeps="vips-dev fftw-dev make python g++" \
   && chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq \
   && ln -sf /var/lib/rabbitmq/.erlang.cookie /root/
 
-RUN devDeps="musl-dev gcc python python-dev py-pip libffi-dev openssl-dev" \
-  && apk add --no-cache sudo dumb-init certbot openssl nginx nginx-mod-http-lua ${devDeps} \
-  && pip install -U certbot-nginx \
-  && apk del ${devDeps} \
-  && echo "abc ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers
+# postgres 9.6.8
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.6/main" >> /etc/apk/repositories \
+    && apk add --no-cache postgresql==9.6.8-r0 postgresql-client=9.6.8-r0 libpq=9.6.8-r0 \
+    && sed -i '/v3.6/d' /etc/apk/repositories
+
+# start ubnt/unms dockerfile #
+RUN mkdir -p /home/app/unms
+
+WORKDIR /home/app/unms
+
+# Copy UNMS app from offical image since the source code is not published at this time
+COPY --from=unms /home/app/unms /home/app/unms
+
+RUN devDeps="vips-dev fftw-dev make python g++" \
+    && apk add --no-cache ${devDeps} su-exec gzip bash vim dumb-init openssl vips libcap \
+    && rm -rf node_modules \
+    && JOBS=$(nproc) npm install \
+    && apk del ${devDeps} \
+    && mkdir -p -m 777 "$HOME/unms/public/site-images" \
+    && mkdir -p -m 777 "$HOME/unms/data/config-backups" \
+    && mkdir -p -m 777 "$HOME/unms/data/unms-backups" \
+    && mkdir -p -m 777 "$HOME/unms/data/import"
+
+RUN setcap cap_net_raw=pe /usr/bin/node
+
+COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+# end ubnt/unms dockerfile #
+
+# ubnt/nginx docker file #
+ENV NGINX_UID=1000 \
+    NGINX_VERSION=nginx-1.12.2 \
+    LUAJIT_VERSION=2.1.0-beta3
+
+RUN devDeps="wget openssl-dev pcre-dev zlib-dev build-base libffi-dev python-dev build-base" \
+    && apk add --no-cache --update ${devDeps} sudo dumb-init openssl pcre libgcc gettext py-pip \
+    && pip install certbot==0.21.0 \
+    && mkdir -p /tmp/src && cd /tmp/src \
+    && wget -q http://nginx.org/download/${NGINX_VERSION}.tar.gz -O nginx.tar.gz \
+    && wget -q https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz -O lua-nginx-module.tar.gz \
+    && wget -q https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz -O ndk.tar.gz \
+    && wget -q http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz -O luajit.tar.gz \
+    && tar -zxvf lua-nginx-module.tar.gz \
+    && tar -zxvf ndk.tar.gz \
+    && tar -zxvf luajit.tar.gz \
+    && tar -zxvf nginx.tar.gz \
+    && cd /tmp/src/LuaJIT-${LUAJIT_VERSION} && make amalg PREFIX='/usr' && make install PREFIX='/usr' \
+    && export LUAJIT_LIB=/usr/lib/libluajit-5.1.so && export LUAJIT_INC=/usr/include/luajit-2.1 \
+    && cd /tmp/src/${NGINX_VERSION} && ./configure \
+        --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
+        --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' \
+        --with-pcre-jit \
+        --with-threads \
+        --add-module=/tmp/src/lua-nginx-module-0.10.11 \
+        --add-module=/tmp/src/ngx_devel_kit-0.3.0 \
+        --with-http_ssl_module \
+        --with-http_realip_module \
+        --with-http_gzip_static_module \
+        --with-http_secure_link_module \
+        --without-mail_pop3_module \
+        --without-mail_imap_module \
+        --without-http_upstream_ip_hash_module \
+        --without-http_memcached_module \
+        --without-http_auth_basic_module \
+        --without-http_userid_module \
+        --without-http_fastcgi_module \
+        --without-http_uwsgi_module \
+        --without-http_scgi_module \
+        --prefix=/var/lib/nginx \
+        --sbin-path=/usr/sbin/nginx \
+        --conf-path=/etc/nginx/nginx.conf \
+        --http-log-path=/dev/stdout \
+        --error-log-path=/dev/stderr \
+        --lock-path=/tmp/nginx.lock \
+        --pid-path=/tmp/nginx.pid \
+        --http-client-body-temp-path=/tmp/body \
+        --http-proxy-temp-path=/tmp/proxy \
+    && make -j $(nproc) \
+    && make install \
+    && apk del ${devDeps} \
+    && rm /usr/bin/luajit-${LUAJIT_VERSION} \
+    && rm -rf /tmp/src \
+    && rm -rf /var/cache/apk/* \
+    && echo "unms ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers \
+    && echo "unms ALL=(ALL) NOPASSWD:SETENV: /copy-user-certs.sh reload" >> /etc/sudoers
+
+ADD https://github.com/Ubiquiti-App/UNMS/archive/4a4cc87c476fec59fc8fed90ec1b0bf69dade8fd.tar.gz /tmp/unms.tar.gz
+
+RUN cd /tmp \
+    && tar -xzf unms.tar.gz \
+    && cd UNMS-*/src/nginx \
+    && cp *.sh *.conf.template openssl.cnf 502.html / \
+    && chmod +x /entrypoint.sh /cert.sh /letsencrypt.sh /fill-template.sh /copy-user-certs.sh
+# end ubnt/nginx docker file #
 
-ENV NODE_ENV=production \
-  PATH=/app/node_modules/.bin:$PATH \
+ENV PATH=/home/app/unms/node_modules/.bin:$PATH \
   PGDATA=/config/postgres \
   POSTGRES_DB=unms \
-  HOME=/var/lib/rabbitmq \
-  PROD=true \
-  HTTPS_PORT=443 \
+  QUIET_MODE=0 \
   PUBLIC_HTTPS_PORT=443 \
   PUBLIC_WS_PORT=443 \
-  UNMS_FLUENTD_PORT=80 \
-  QUIET_MODE=0
+  SECURE_LINK_SECRET=enigma \
+  SSL_CERT=""
 
 EXPOSE 80 443
 

Dockerfile.raspberry-pi

@@ -1,18 +1,10 @@
 # Multi-stage build - See https://docs.docker.com/engine/userguide/eng-image/multistage-build
-FROM ubnt/unms:0.11.3 as unms
+FROM ubnt/unms:0.12.0 as unms
+FROM oznu/s6-node:8.10.0-armhf
 
-FROM oznu/s6-node:8.9.4-armhf
-
-# Copy UNMS app from offical image since the source code is not published at this time
-COPY --from=unms /home/app/unms /app
-
-WORKDIR /app
-
-RUN devDeps="vips-dev fftw-dev make python g++" \
-  && sed -i 's/edge\/community/edge\/testing/g' /etc/apk/repositories \
-  && apk add --no-cache ${devDeps} bash gzip vips openssl postgresql redis rabbitmq-server \
-  && rm -rf /app/node_modules \
-  && yarn install --ignore-engines \
+# base deps redis, rabbitmq
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
+  && apk add --no-cache vips redis rabbitmq-server \
   && apk del ${devDeps} \
   && deluser rabbitmq \
   && addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq \
@@ -21,23 +13,109 @@ RUN devDeps="vips-dev fftw-dev make python g++" \
   && chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq \
   && ln -sf /var/lib/rabbitmq/.erlang.cookie /root/
 
-RUN devDeps="musl-dev gcc python python-dev py-pip libffi-dev openssl-dev" \
-  && apk add --no-cache sudo dumb-init certbot openssl nginx nginx-mod-http-lua ${devDeps} \
-  && pip install -U certbot-nginx \
-  && apk del ${devDeps} \
-  && echo "abc ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers
+# postgres 9.6.8
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.6/main" >> /etc/apk/repositories \
+    && apk add --no-cache postgresql==9.6.8-r0 postgresql-client=9.6.8-r0 libpq=9.6.8-r0 \
+    && sed -i '/v3.6/d' /etc/apk/repositories
+
+# start ubnt/unms dockerfile #
+RUN mkdir -p /home/app/unms
+
+WORKDIR /home/app/unms
+
+# Copy UNMS app from offical image since the source code is not published at this time
+COPY --from=unms /home/app/unms /home/app/unms
+
+RUN devDeps="vips-dev fftw-dev make python g++" \
+    && apk add --no-cache ${devDeps} su-exec gzip bash vim dumb-init openssl vips libcap \
+    && rm -rf node_modules \
+    && JOBS=$(nproc) npm install \
+    && apk del ${devDeps} \
+    && mkdir -p -m 777 "$HOME/unms/public/site-images" \
+    && mkdir -p -m 777 "$HOME/unms/data/config-backups" \
+    && mkdir -p -m 777 "$HOME/unms/data/unms-backups" \
+    && mkdir -p -m 777 "$HOME/unms/data/import"
+
+RUN setcap cap_net_raw=pe /usr/bin/node
+
+COPY --from=unms /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+# end ubnt/unms dockerfile #
+
+# ubnt/nginx docker file #
+ENV NGINX_UID=1000 \
+    NGINX_VERSION=nginx-1.12.2 \
+    LUAJIT_VERSION=2.1.0-beta3
+
+RUN devDeps="wget openssl-dev pcre-dev zlib-dev build-base libffi-dev python-dev build-base" \
+    && apk add --no-cache --update ${devDeps} sudo dumb-init openssl pcre libgcc gettext py-pip \
+    && pip install certbot==0.21.0 \
+    && mkdir -p /tmp/src && cd /tmp/src \
+    && wget -q http://nginx.org/download/${NGINX_VERSION}.tar.gz -O nginx.tar.gz \
+    && wget -q https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz -O lua-nginx-module.tar.gz \
+    && wget -q https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz -O ndk.tar.gz \
+    && wget -q http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz -O luajit.tar.gz \
+    && tar -zxvf lua-nginx-module.tar.gz \
+    && tar -zxvf ndk.tar.gz \
+    && tar -zxvf luajit.tar.gz \
+    && tar -zxvf nginx.tar.gz \
+    && cd /tmp/src/LuaJIT-${LUAJIT_VERSION} && make amalg PREFIX='/usr' && make install PREFIX='/usr' \
+    && export LUAJIT_LIB=/usr/lib/libluajit-5.1.so && export LUAJIT_INC=/usr/include/luajit-2.1 \
+    && cd /tmp/src/${NGINX_VERSION} && ./configure \
+        --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' \
+        --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' \
+        --with-pcre-jit \
+        --with-threads \
+        --add-module=/tmp/src/lua-nginx-module-0.10.11 \
+        --add-module=/tmp/src/ngx_devel_kit-0.3.0 \
+        --with-http_ssl_module \
+        --with-http_realip_module \
+        --with-http_gzip_static_module \
+        --with-http_secure_link_module \
+        --without-mail_pop3_module \
+        --without-mail_imap_module \
+        --without-http_upstream_ip_hash_module \
+        --without-http_memcached_module \
+        --without-http_auth_basic_module \
+        --without-http_userid_module \
+        --without-http_fastcgi_module \
+        --without-http_uwsgi_module \
+        --without-http_scgi_module \
+        --prefix=/var/lib/nginx \
+        --sbin-path=/usr/sbin/nginx \
+        --conf-path=/etc/nginx/nginx.conf \
+        --http-log-path=/dev/stdout \
+        --error-log-path=/dev/stderr \
+        --lock-path=/tmp/nginx.lock \
+        --pid-path=/tmp/nginx.pid \
+        --http-client-body-temp-path=/tmp/body \
+        --http-proxy-temp-path=/tmp/proxy \
+    && make -j $(nproc) \
+    && make install \
+    && apk del ${devDeps} \
+    && rm /usr/bin/luajit-${LUAJIT_VERSION} \
+    && rm -rf /tmp/src \
+    && rm -rf /var/cache/apk/* \
+    && echo "unms ALL=(ALL) NOPASSWD: /usr/sbin/nginx -s *" >> /etc/sudoers \
+    && echo "unms ALL=(ALL) NOPASSWD:SETENV: /copy-user-certs.sh reload" >> /etc/sudoers
+
+ADD https://github.com/Ubiquiti-App/UNMS/archive/4a4cc87c476fec59fc8fed90ec1b0bf69dade8fd.tar.gz /tmp/unms.tar.gz
+
+RUN cd /tmp \
+    && tar -xzf unms.tar.gz \
+    && cd UNMS-*/src/nginx \
+    && cp *.sh *.conf.template openssl.cnf 502.html / \
+    && chmod +x /entrypoint.sh /cert.sh /letsencrypt.sh /fill-template.sh /copy-user-certs.sh
+# end ubnt/nginx docker file #
 
-ENV NODE_ENV=production \
-  PATH=/app/node_modules/.bin:$PATH \
+ENV PATH=/home/app/unms/node_modules/.bin:$PATH \
   PGDATA=/config/postgres \
   POSTGRES_DB=unms \
-  HOME=/var/lib/rabbitmq \
-  PROD=true \
-  HTTPS_PORT=443 \
+  QUIET_MODE=0 \
   PUBLIC_HTTPS_PORT=443 \
   PUBLIC_WS_PORT=443 \
-  UNMS_FLUENTD_PORT=80 \
-  QUIET_MODE=0
+  SECURE_LINK_SECRET=enigma \
+  SSL_CERT=""
 
 EXPOSE 80 443
 

README.md

@@ -1,4 +1,4 @@
-[![Docker Build Status](https://img.shields.io/docker/build/oznu/unms.svg?label=x64%20build&style=for-the-badge)](https://hub.docker.com/r/oznu/unms/) [![Travis](https://img.shields.io/travis/oznu/docker-unms.svg?label=arm%20build&style=for-the-badge)](https://travis-ci.org/oznu/docker-unms) [![GitHub release](https://img.shields.io/github/release/oznu/unms/all.svg?style=for-the-badge)](https://github.com/oznu/docker-unms/releases)
+[![Docker Build Status](https://img.shields.io/docker/build/oznu/unms.svg?label=x64%20build)](https://hub.docker.com/r/oznu/unms/) [![Travis](https://img.shields.io/travis/oznu/docker-unms.svg?label=arm%20build)](https://travis-ci.org/oznu/docker-unms) [![GitHub release](https://img.shields.io/github/release/oznu/unms/all.svg)](https://github.com/oznu/docker-unms/releases)
 
 # Docker UNMS
 
@@ -12,7 +12,6 @@ This image will run on most platforms that support Docker including [Docker for
 docker run \
   -p 80:80 \
   -p 443:443 \
-  -e PUID=<UID> -e PGID=<GID> \
   -e TZ=<timezone> \
   -v </path/to/config>:/config \
   oznu/unms:latest
@@ -34,41 +33,34 @@ The parameters are split into two halves, separated by a colon, the left hand si
 * `-p 80:80` - Expose the HTTP web server port on the docker host
 * `-p 443:443` - Expose the HTTPS and WSS web server port on the docker host
 * `-e TZ` - for [timezone information](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) e.g. `-e TZ=Europe/London`
-* `-e PGID` - for GroupID - see below for explanation
-* `-e PUID` - for UserID - see below for explanation
 
 *Optional Settings:*
 
 * `-e DEMO=false` - Enable UNMS demo mode
 * `-e PUBLIC_HTTPS_PORT=443` - This should match the HTTPS port your are exposing to on the docker host
 * `-e PUBLIC_WS_PORT=443` - This should match the HTTPS port your are exposing to on the docker host
+* `-e SECURE_LINK_SECRET=` - Random key for secure link module. Set this to something random.
 
-### User / Group Identifiers
+## Limitations
 
-Sometimes when using data volumes (`-v` flags) permissions issues can arise between the host OS and the container. We avoid this issue by allowing you to specify the user `PUID` and group `PGID`. Ensure the data volume directory on the host is owned by the same user you specify and it will "just work".
+The Docker image, oznu/unms, is not maintained by or affiliated with Ubiquiti Networks. You should not expect any support from Ubiquiti when running UNMS using this image.
 
-In this instance `PUID=1001` and `PGID=1001`. To find yours use `id user` as below:
-
-```
-  $ id <dockeruser>
-    uid=1001(dockeruser) gid=1001(dockergroup) groups=1001(dockergroup)
-```
+* In-app upgrades will not work. You can upgrade UNMS by downloading the latest version of this image.
+* Device firmware upgrades initiated from UNMS may not work ([#7](https://github.com/oznu/docker-unms/issues/7)).
 
 ## Docker Compose
 
 ```yml
 version: '2'
 services:
   homebridge:
-    image: oznu/unms:latest
+    image: oznu/unms:latest  # use "armhf" instead of "latest" for arm devices
     restart: always
     ports:
       - 80:80
       - 443:443
     environment:
       - TZ=Australia/Sydney
-      - PGID=1000
-      - PUID=1000
     volumes:
       - ./volumes/unms:/config
 ```