Server migration
This commit is contained in:
parent
bd08db0172
commit
835f1d4211
2 changed files with 56 additions and 0 deletions
43
Dockerfile
Normal file
43
Dockerfile
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
# BIND9 DNS Server on Alpine Linux
|
||||
FROM git.esculta.es/aesculta/alpine-base:latest
|
||||
|
||||
# Environment variables
|
||||
ENV BIND_USER=named \
|
||||
BIND_UID=53 \
|
||||
BIND_GID=53 \
|
||||
BIND_VERSION=9.18 \
|
||||
RNDC_KEY=supersecretkey \
|
||||
TZ=UTC
|
||||
|
||||
# Install BIND and tools
|
||||
RUN apk add --no-cache \
|
||||
bind~${BIND_VERSION} \
|
||||
bind-tools~${BIND_VERSION} \
|
||||
tzdata \
|
||||
libcap \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
# Configure BIND
|
||||
#COPY --chown=named:named config/named.conf /etc/bind/
|
||||
#COPY --chown=named:named config/zones/ /etc/bind/zones/
|
||||
|
||||
# Configure logging
|
||||
RUN mkdir -p /var/log/named \
|
||||
&& touch /var/log/named/named.log \
|
||||
&& chown -R ${BIND_USER}:${BIND_USER} /var/log/named
|
||||
|
||||
# Set capabilities for non-root port binding
|
||||
RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/named
|
||||
|
||||
# Expose DNS ports
|
||||
EXPOSE 53/tcp 53/udp
|
||||
|
||||
|
||||
# Switch to named user
|
||||
USER ${BIND_USER}
|
||||
|
||||
# Entrypoint script
|
||||
COPY entrypoint.sh /
|
||||
#RUN chmod +x /entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
CMD ["named", "-g", "-u", "named"]
|
||||
13
entrypoint.sh
Normal file
13
entrypoint.sh
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Set permissions
|
||||
chown -R named:named /etc/bind /var/log/named /var/cache/bind
|
||||
|
||||
# Generate rndc.key if missing
|
||||
if [ ! -f /etc/bind/rndc.key ]; then
|
||||
rndc-confgen -a -c /etc/bind/rndc.key -k rndc-key -A hmac-sha256
|
||||
fi
|
||||
|
||||
# Start BIND
|
||||
exec "$@"
|
||||
Loading…
Add table
Reference in a new issue