learn/linux.softwareshinobi.com
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adding notes for installing nginx properly

Browse Source
This commit is contained in:
Software Shinobi
2025-06-11 10:01:21 -04:00
parent 3a5fdd88ba
commit f99c61b24d
7 changed files with 182 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
docs/supervisor.md Normal file
View File

@@ -0,0 +1,143 @@
Okay, you want both Nginx and SSHD running in a *single* container using your provided Dockerfile as a base. The best and most robust way to achieve this is by using a process manager like **Supervisord**.
Here's how to modify your Dockerfile and add the necessary configuration files to make that happen.
**Reasoning for Supervisord:**
* **PID 1 Management:** Docker expects the `CMD` or `ENTRYPOINT` process to be PID 1. If that process exits, the container exits. Supervisord runs as PID 1 and then manages Nginx and SSHD as its child processes, ensuring the container stays alive even if one of the managed services briefly stops (Supervisord will restart it).
* **Foreground Execution:** Both Nginx and SSHD need to be told to run in the foreground when managed by Supervisord.
---
### Step 1: Create `supervisord.conf`
Create a file named `supervisord.conf` in the same directory as your `Dockerfile`. This file tells Supervisord which processes to run and how to manage them.
**`supervisord.conf` content:**
```ini
[supervisord]
nodaemon=true ; Prevents supervisord from detaching, keeping it in the foreground for Docker
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;" ; Command to start Nginx in the foreground
autostart=true ; Start Nginx when supervisord starts
autorestart=true ; Restart Nginx if it crashes
stdout_logfile=/var/log/supervisor/%(program_name)s.log ; Log Nginx's stdout
stderr_logfile=/var/log/supervisor/%(program_name)s.log ; Log Nginx's stderr
[program:sshd]
command=/usr/sbin/sshd -D ; Command to start SSHD in the foreground
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
```
---
### Step 2: Modify Your `Dockerfile`
Now, update your `Dockerfile` to install Supervisord, Nginx, and OpenSSH Server, and then configure them.
**Your `Dockerfile` content:**
```dockerfile
FROM ubuntu:questing
ARG DEBIAN_FRONTEND=noninteractive
WORKDIR /
COPY /provision /
# Run your provisioning script.
# ENSURE THIS SCRIPT DOES NOT TRY TO START NGINX or SSHD as SERVICES.
# It should only handle installation and configuration.
RUN bash provision.bash
## Install necessary packages: Nginx, OpenSSH Server, and Supervisord
## Also, ensure the SSH run directory exists and set up basic SSH config for key auth.
RUN apt-get update && \
apt-get install -y nginx openssh-server supervisor && \
rm -rf /var/lib/apt/lists/* && \
mkdir -p /var/run/sshd && \
sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config
# If you want to allow root login via SSH (not recommended for production but common in dev containers)
# RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# --- IMPORTANT: SSH Key Setup ---
# This is crucial for key-based login. Add your public key to authorized_keys for the user you intend to log in as.
# For 'root' user (common in simple containers for convenience, but be aware of security implications):
# For a non-root user, replace /root with /home/youruser
RUN mkdir -p /root/.ssh && \
chmod 700 /root/.ssh && \
# Replace 'ssh-rsa AAAA...' with your actual public key content
# It's better to COPY the key from your build context if it's dynamic
echo "ssh-rsa YOUR_PUBLIC_KEY_CONTENT_HERE your_username@your_machine" >> /root/.ssh/authorized_keys && \
chmod 600 /root/.ssh/authorized_keys
# Copy the Supervisord configuration file into the container
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
# Expose the ports for SSH (22) and Nginx (80)
EXPOSE 22
EXPOSE 80
# The CMD instruction now runs Supervisord, which will manage Nginx and SSHD
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
```
**Important Considerations for your `provision.bash`:**
* Your `provision.bash` script should *install* Nginx and `openssh-server`, but it **must not** attempt to start them using `service` or `systemctl` or any other method that leaves them running in the background. Their startup will be handled by Supervisord.
* If your `provision.bash` already handles SSH key setup (creating `.ssh` and `authorized_keys`), make sure it sets the correct permissions (`700` for `.ssh` and `600` for `authorized_keys`). If not, the `RUN` commands in the Dockerfile above will do it for the `root` user. **Remember to replace `"ssh-rsa YOUR_PUBLIC_KEY_CONTENT_HERE your_username@your_machine"` with your actual public key!**
---
### Step 3: Build and Run Your Docker Container
1. **Save the files:** Ensure `Dockerfile` and `supervisord.conf` are in the same directory.
2. **Build the image:**
```bash
docker build -t my-nginx-ssh-box .
```
3. **Run the container:**
```bash
docker run -d \
-p 80:80 \
-p 2222:22 \
--name my-nginx-ssh \
my-nginx-ssh-box
```
* `-d`: Runs the container in detached (background) mode.
* `-p 80:80`: Maps host port 80 to container port 80 (for Nginx).
* `-p 2222:22`: Maps host port 2222 to container port 22 (for SSH). Using `2222` on the host avoids conflicts if your host machine is already using port 22 for its own SSH server. You can change `2222` to `22` if host port 22 is free.
* `--name my-nginx-ssh`: Gives your container a memorable name.
---
### Step 4: Verify
1. **Check if the container is running:**
```bash
docker ps
```
You should see `my-nginx-ssh` listed with status "Up".
2. **Check Nginx:**
Open your web browser and navigate to `http://localhost/` (or `http://your_docker_host_ip/`). You should see the Nginx welcome page or whatever your Nginx configuration serves.
3. **Check SSH:**
From your local machine's terminal (where your private key is located):
```bash
ssh -i ~/.ssh/id_rsa root@localhost -p 2222
```
(Replace `id_rsa` if your private key has a different name, and `root` if you set up SSH for a different user. Use `localhost` if running Docker locally, otherwise your Docker host's IP.)
You should be able to log in without a password (if the key setup is correct and you used a key without a passphrase, or after entering your passphrase).
This setup will ensure both Nginx and SSHD are running concurrently within your single Docker container, managed by Supervisord.

2
server/Dockerfile
View File

@@ -24,4 +24,6 @@ RUN bash provision.bash
EXPOSE 22
RUN service nginx start
CMD ["/usr/sbin/sshd","-D"]

16
server/provision/provision.bash
View File

@@ -19,12 +19,28 @@ set -x;
cd server
##
cd sshd/
bash sshd.bash
cd ..
##
cd nginx
bash nginx.bash
cd ..
##
cd ..
##
cd users/shinobi
bash provision.bash

1
server/provision/server/nginx/index.html Normal file
View File

@@ -0,0 +1 @@
what it do!!!

20
server/provision/server/nginx/nginx.bash Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
set -e;
set -x;
apt update;
apt install -y nginx;
## cp sshd_config /etc/ssh/sshd_config
service nginx start;
##
## finish
##
echo "fin."

0
server/provision/server/sshd.bash → server/provision/server/sshd/sshd.bash
View File

0
server/provision/server/sshd_config → server/provision/server/sshd/sshd_config
View File