forked from google/certificate-transparency
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
61 lines (60 loc) · 2.09 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
FROM ubuntu
RUN echo 'Building new SuperDuper Docker image...'
COPY test/testdata/ca-cert.pem /tmp/
RUN apt-get update && \
apt-get install -y software-properties-common && \
apt-add-repository -y ppa:jbboehr/coreos && \
apt-get update && \
apt-get install -qqy \
ca-certificates \
etcdctl \
libevent-2.0.5 \
libevent-core-2.0.5 \
libevent-extra-2.0.5 \
libevent-pthreads-2.0.5 \
libgflags2 \
libgoogle-glog0 \
libjson-c2 \
libleveldb1 \
libsnappy1 \
libldns1 \
libprotobuf8
RUN update-ca-certificates && \
cat /etc/ssl/certs/* /tmp/ca-cert.pem > /usr/local/etc/ctlog_ca_roots.pem
RUN groupadd -r ctlog && useradd -r -g ctlog ctlog
RUN mkdir /mnt/ctlog
COPY cpp/server/ct-server /usr/local/bin/
COPY test/testdata/ct-server-key.pem /usr/local/etc/
COPY cpp/tools/ct-clustertool /usr/local/bin/
VOLUME /mnt/ctlog
CMD cd /mnt/ctlog/ && \
if [ ! -d logs ]; then mkdir logs; fi && \
MY_IP=$(awk "/${HOSTNAME}/ {print \$1}" < /etc/hosts) && \
export V_LEVEL=${V_LEVEL:-0} && \
export NUM_HTTP_SERVER_THREADS=${NUM_HTTP_SERVER_THREADS:-32} && \
echo "My IP: ${MY_IP}" && \
echo "Container: ${CONTAINER_HOST}" && \
echo "Etcd: ${ETCD_HOST}:${ETCD_PORT}" && \
ulimit -c unlimited && \
/usr/local/bin/ct-server \
--port=80 \
--server=${CONTAINER_HOST} \
--key=/usr/local/etc/ct-server-key.pem \
--trusted_cert_file=/usr/local/etc/ctlog_ca_roots.pem \
--log_dir=/mnt/ctlog/logs \
--tree_signing_frequency_seconds=30 \
--guard_window_seconds=10 \
--sqlite_db=/mnt/ctlog/sqlite.db \
--etcd_host=${ETCD_HOST} \
--etcd_port=${ETCD_PORT} \
--etcd_delete_concurrency=100 \
--num_http_server_threads=${NUM_HTTP_SERVER_THREADS} \
--v=${V_LEVEL}; \
if [ -e core ]; then \
CORE_DIR="/mnt/ctlog/cores/$(date +%s)"; \
mkdir -p ${CORE_DIR}; \
cp -v core ${CORE_DIR}; \
cp -v /usr/local/bin/ct-server ${CORE_DIR}; \
echo "Core saved to ${CORE_DIR}"; \
fi
EXPOSE 80