From 249e8cdd3f10681808dcdfa1b97810dea4e3caa0 Mon Sep 17 00:00:00 2001 From: nierdz Date: Tue, 11 Dec 2018 14:47:10 +0100 Subject: [PATCH 1/4] bump mono from 5.12 to 5.16 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 49420c4..adca137 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM mono:5.12.0.226 AS webminerpool-build +FROM mono:5.16 AS webminerpool-build ARG DONATION_LEVEL=0.03 @@ -8,14 +8,15 @@ COPY hash_cn /hash_cn RUN sed -ri "s/^(.*DonationLevel = )[0-9]\.[0-9]{2}/\1${DONATION_LEVEL}/" /server/Server/DevDonation.cs && \ apt-get -qq update && \ apt-get -qq install build-essential && \ + rm -rf /var/lib/apt/lists/* && \ cd /hash_cn/libhash && \ make && \ cd /server && \ msbuild Server.sln /p:Configuration=Release_Server /p:Platform="any CPU" -FROM mono:5.12.0.226 VOLUME ["/root"] +FROM mono:5.16 RUN mkdir /webminerpool COPY entrypoint.sh /entrypoint.sh From f2e46c9e2558ceb2e1330e33b0d86813da4dd42e Mon Sep 17 00:00:00 2001 From: nierdz Date: Tue, 11 Dec 2018 14:47:28 +0100 Subject: [PATCH 2/4] multiple improvements to Dockerfile and entrypoint.sh - $DOMAIN is no mandatory anymore - acme.sh is installed inside container directly - apply some docker best practices --- Dockerfile | 17 +++++++++++++++-- entrypoint.sh | 34 +++++++++++----------------------- 2 files changed, 26 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index adca137..5f6890c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,11 +14,24 @@ RUN sed -ri "s/^(.*DonationLevel = )[0-9]\.[0-9]{2}/\1${DONATION_LEVEL}/" /serve cd /server && \ msbuild Server.sln /p:Configuration=Release_Server /p:Platform="any CPU" - -VOLUME ["/root"] FROM mono:5.16 RUN mkdir /webminerpool + +# Install acme.sh +RUN apt-get -qq update && \ + apt-get install -qq \ + coreutils \ + cron \ + curl \ + git \ + openssl \ + socat && \ + rm -rf /var/lib/apt/lists/* && \ + git clone https://github.com/Neilpang/acme.sh.git /root/acme.sh && \ + cd /root/acme.sh && \ + git checkout 2.7.9 && \ + /root/acme.sh/acme.sh --install --home /root/.acme.sh COPY entrypoint.sh /entrypoint.sh COPY --from=webminerpool-build /server/Server/bin/Release_Server/server.exe /webminerpool COPY --from=webminerpool-build /server/Server/bin/Release_Server/pools.json /webminerpool diff --git a/entrypoint.sh b/entrypoint.sh index dece977..28b56bc 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,33 +1,21 @@ #!/usr/bin/env bash +set -o errexit +set -o pipefail +set -o nounset + # Check if $DOMAIN is set if [ -z $DOMAIN ]; then - echo -e "You need to set \$DOMAIN variable at run time\n" - echo -e "For example: docker run -d -p 80:80 -p 443:443 -e DOMAIN=example.com\n" - exit 1 + echo -e "You did not set \$DOMAIN variable at run time. No certificate will be registered.\n" + echo -e "If you want to define it on command line here is an example:\n" + echo -e "docker run -d -p 80:80 -p 443:443 -e DOMAIN=example.com\n" else - # Install acme.sh - apt-get -qq update - apt-get install -qq \ - cron \ - openssl \ - curl \ - coreutils \ - socat \ - git - git clone https://github.com/Neilpang/acme.sh.git /root/acme.sh && \ - cd /root/acme.sh && \ - git checkout 2.7.8 && \ - /root/acme.sh/acme.sh --install - # Generate SSL cert /root/.acme.sh/acme.sh --issue --standalone -d ${DOMAIN} -d www.${DOMAIN} - # Generate pfx openssl pkcs12 -export -out /webminerpool/certificate.pfx -inkey /root/.acme.sh/${DOMAIN}/${DOMAIN}.key -in /root/.acme.sh/${DOMAIN}/${DOMAIN}.cer -certfile /root/.acme.sh/${DOMAIN}/fullchain.cer -passin pass:miner -passout pass:miner - - # Start server - pushd /webminerpool - exec /usr/bin/mono server.exe - fi + +# Start server +pushd /webminerpool +exec /usr/bin/mono server.exe From f08e84df779a4851c205b9b4f0ff1c30aaf84463 Mon Sep 17 00:00:00 2001 From: nierdz Date: Tue, 11 Dec 2018 14:48:33 +0100 Subject: [PATCH 3/4] update documentation to reflect changes --- README.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9fe2812..f3fc1ef 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ The cryptonight hashing functions in C-code. With simple Makefiles (use the "mak Find the original pull request with instructions by nierdz [here](https://github.com/notgiven688/webminerpool/pull/62). Added Dockerfile and entrypoint.sh. -Inside entrypoint.sh, a certificate is installed so you need to provide a domain name during docker run. The certificate is automatically renewed using a cronjob. +Inside entrypoint.sh, if `$DOMAIN` is provided, a certificate is registered and packed in pkcs12 format to be used with server.exe. ```bash cd webminerpool @@ -162,7 +162,7 @@ To run it: ```bash docker run -d -p 80:80 -p 8181:8181 -e DOMAIN=mydomain.com webminerpool ``` -You absolutely need to set a domain name. + The 80:80 bind is used to obtain a certificate. The 8181:8181 bind is used for server itself. @@ -172,6 +172,28 @@ If you want to bind these ports to a specific IP, you can do this: docker run -d -p xx.xx.xx.xx:80:80 -p xx.xx.xx.xx:8181:8181 -e DOMAIN=mydomain.com webminerpool ``` +You can even use docker-compose, here is a sample snippet: + +``` +webminer: + container_name: webminer + image: webminer:1.0 + build: + context: ./webminerpool + args: + - DONATION_LEVEL=${WEBMINER_DONATION_LEVEL} + restart: always + ports: + - ${WEBMINER_IP}:80:80 + - ${WEBMINER_IP}:8181:8181 + environment: + DOMAIN: ${WEBMINER_DOMAIN} + networks: + - my-network +``` + +To use this snippet, you need to define `$WEBMINER_DONATION_LEVEL`, `$WEBMINER_DOMAIN` and `$WEBMINER_IP` in a `.env` file. + # Developer Donations By default a server-side 3% dev-donation is configured. Leaving this fee at the current level is highly appreciated. If you want From b498cc03c30188f1736bd348a433ebc357b7b315 Mon Sep 17 00:00:00 2001 From: nierdz Date: Thu, 13 Dec 2018 10:54:51 +0100 Subject: [PATCH 4/4] improve entrypoint.sh - replace tabs by soft spaces - shellcheck compliant - generate cert only if not present or if cert is invalid --- entrypoint.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 28b56bc..1637211 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,15 +5,17 @@ set -o pipefail set -o nounset # Check if $DOMAIN is set -if [ -z $DOMAIN ]; then - echo -e "You did not set \$DOMAIN variable at run time. No certificate will be registered.\n" - echo -e "If you want to define it on command line here is an example:\n" - echo -e "docker run -d -p 80:80 -p 443:443 -e DOMAIN=example.com\n" +if [ -z "$DOMAIN" ]; then + echo -e "You did not set \$DOMAIN variable at run time. No certificate will be registered.\n" + echo -e "If you want to define it on command line here is an example:\n" + echo -e "docker run -d -p 80:80 -p 443:443 -e DOMAIN=example.com\n" else - # Generate SSL cert - /root/.acme.sh/acme.sh --issue --standalone -d ${DOMAIN} -d www.${DOMAIN} - # Generate pfx - openssl pkcs12 -export -out /webminerpool/certificate.pfx -inkey /root/.acme.sh/${DOMAIN}/${DOMAIN}.key -in /root/.acme.sh/${DOMAIN}/${DOMAIN}.cer -certfile /root/.acme.sh/${DOMAIN}/fullchain.cer -passin pass:miner -passout pass:miner + if [[ ! -f "/root/.acme.sh/${DOMAIN}/${DOMAIN}.cer" ]] || ! openssl x509 -checkend 0 -in "/root/.acme.sh/${DOMAIN}/${DOMAIN}.cer"; then + # Generate SSL cert + /root/.acme.sh/acme.sh --issue --standalone -d "${DOMAIN}" -d "www.${DOMAIN}" + # Generate pfx + openssl pkcs12 -export -out /webminerpool/certificate.pfx -inkey "/root/.acme.sh/${DOMAIN}/${DOMAIN}.key" -in "/root/.acme.sh/${DOMAIN}/${DOMAIN}.cer" -certfile "/root/.acme.sh/${DOMAIN}/fullchain.cer" -passin pass:miner -passout pass:miner + fi fi # Start server