From a7b15d22224d6447bf59729ba28c328d452b063c Mon Sep 17 00:00:00 2001 From: tyranron Date: Thu, 1 Apr 2021 12:01:24 +0300 Subject: [PATCH] Bootstrap image --- .dockerignore | 20 +++ .gitignore | 2 +- docker/coturn/alpine/Dockerfile | 126 ++++++++++++++++++ docker/coturn/{Dockerfile => old.Dockerfile} | 0 .../usr/local/bin/detect-external-ip.sh | 7 + .../rootfs/usr/local/bin/docker-entrypoint.sh | 8 ++ docker/coturn/tests/main.bats | 100 ++++++++++++++ 7 files changed, 262 insertions(+), 1 deletion(-) create mode 100644 .dockerignore create mode 100644 docker/coturn/alpine/Dockerfile rename docker/coturn/{Dockerfile => old.Dockerfile} (100%) create mode 100644 docker/coturn/rootfs/usr/local/bin/detect-external-ip.sh create mode 100644 docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh create mode 100644 docker/coturn/tests/main.bats diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..7451c5ab --- /dev/null +++ b/.dockerignore @@ -0,0 +1,20 @@ +* + +!docker/coturn/alpine/ +!docker/coturn/debian/ +!docker/coturn/rootfs/ + +!cmake/ +!CMakeLists.txt +!configure +!examples/ +!INSTALL +!LICENSE +!LICENSE.OpenSSL +!make-man.sh +!Makefile.in +!man/ +!postinstall.txt +!README.turn* +!src/ +!turndb/ diff --git a/.gitignore b/.gitignore index 40b015a7..afd7bd3e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ Makefile -bin +/bin/ build include lib diff --git a/docker/coturn/alpine/Dockerfile b/docker/coturn/alpine/Dockerfile new file mode 100644 index 00000000..f570a20a --- /dev/null +++ b/docker/coturn/alpine/Dockerfile @@ -0,0 +1,126 @@ +# +# Dockerfile of coturn/coturn:alpine Docker image. +# + +ARG alpine_ver=3.13 +ARG coturn_git_ref=- + + + + +# +# Stage 'dist-coturn' creates Coturn distribution. +# + +# https://hub.docker.com/_/alpine +FROM alpine:${alpine_ver} AS dist-coturn + +# Install tools for building. +RUN apk update \ + && apk add --no-cache --virtual .tool-deps \ + autoconf coreutils g++ git libtool make + +# Install Coturn build dependencies. +RUN apk add --no-cache --virtual .build-deps \ + linux-headers \ + libevent-dev \ + openssl-dev \ + postgresql-dev mariadb-connector-c-dev sqlite-dev \ + hiredis-dev \ + mongo-c-driver-dev + +# Prepare local Coturn sources for building. +COPY CMakeLists.txt \ + configure \ + INSTALL \ + LICENSE LICENSE.OpenSSL \ + make-man.sh Makefile.in \ + postinstall.txt \ + README.turn* \ + /app/ +COPY cmake/ /app/cmake/ +COPY examples/ /app/examples/ +COPY man/ /app/man/ +COPY src/ /app/src/ +COPY turndb/ /app/turndb/ +WORKDIR /app/ + +# Use Coturn sources from Git if `coturn_git_ref` is specified. +RUN if [ ! "${coturn_git_ref}" = '-' ]; then true \ + && rm -rf /app/* \ + && git init \ + && git remote add origin https://github.com/coturn/coturn \ + && git pull origin "${coturn_git_ref}" \ + && true; fi + + +# Build Coturn from sources. +RUN ./configure --prefix=/usr \ + --turndbdir=/var/lib/coturn \ + --disable-rpath \ + --sysconfdir=/etc/coturn \ + # No documentation included to keep image size smaller. + --mandir=/tmp/coturn/man \ + --docsdir=/tmp/coturn/docs \ + --examplesdir=/tmp/coturn/examples \ + && make + +# Install and configure Coturn. +RUN mkdir -p /out/ \ + && DESTDIR=/out make install \ + # Remove redundant files. + && rm -rf /out/tmp/ \ + # Preserve license file. + && mkdir -p /out/usr/share/licenses/coturn/ \ + && cp LICENSE /out/usr/share/licenses/coturn/ \ + # Remove default config file. + && rm -f /out/etc/coturn/turnserver.conf.default + +# Install helper tools of Docker image. +COPY docker/coturn/rootfs/ /out/ +RUN chmod +x /out/usr/local/bin/docker-entrypoint.sh \ + /out/usr/local/bin/detect-external-ip.sh \ + && ln -s /usr/local/bin/detect-external-ip.sh \ + /out/usr/local/bin/detect-external-ip + + + + +# +# Stage 'runtime' creates final Docker image to use in runtime. +# + +# https://hub.docker.com/_/alpine +FROM alpine:${alpine_ver} AS runtime + +# Update system packages. +RUN apk update \ + && apk upgrade \ + && apk add --no-cache ca-certificates \ + && update-ca-certificates \ + # Install Coturn dependencies. + && apk add --no-cache \ + libevent \ + libcrypto1.1 libssl1.1 \ + libpq mariadb-connector-c sqlite-libs \ + hiredis \ + mongo-c-driver \ + # Cleanup unnecessary stuff. + && rm -rf /var/cache/apk/* + +# Install Coturn distribution. +COPY --from=dist-coturn /out/ / + +# Allow non-root using privileged ports. +RUN apk add --no-cache libcap \ + && setcap CAP_NET_BIND_SERVICE=+ep /usr/bin/turnserver \ + # Cleanup unnecessary stuff. + && rm -rf /var/cache/apk/* + +EXPOSE 3478 3478/udp + +VOLUME ["/var/lib/coturn"] + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["--log-file=stdout", "--external-ip=$(detect-external-ip)"] diff --git a/docker/coturn/Dockerfile b/docker/coturn/old.Dockerfile similarity index 100% rename from docker/coturn/Dockerfile rename to docker/coturn/old.Dockerfile diff --git a/docker/coturn/rootfs/usr/local/bin/detect-external-ip.sh b/docker/coturn/rootfs/usr/local/bin/detect-external-ip.sh new file mode 100644 index 00000000..b4e4c572 --- /dev/null +++ b/docker/coturn/rootfs/usr/local/bin/detect-external-ip.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ -z "$REAL_EXTERNAL_IP" ]; then + export REAL_EXTERNAL_IP="$(curl -4 https://icanhazip.com 2>/dev/null)" +fi + +exec echo "$REAL_EXTERNAL_IP" diff --git a/docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh b/docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh new file mode 100644 index 00000000..b4774bb1 --- /dev/null +++ b/docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# If command starts with an option, prepend it with a `turnserver` binary. +if [ "${1:0:1}" == '-' ]; then + set -- turnserver "$@" +fi + +exec $(eval "echo $@") diff --git a/docker/coturn/tests/main.bats b/docker/coturn/tests/main.bats new file mode 100644 index 00000000..e2836b0f --- /dev/null +++ b/docker/coturn/tests/main.bats @@ -0,0 +1,100 @@ +#!/usr/bin/env bats + + +@test "Coturn is installed" { + run docker run --rm --entrypoint sh $IMAGE -c 'which turnserver' + [ "$status" -eq 0 ] +} + +@test "Coturn runs ok" { + run docker run --rm --entrypoint sh $IMAGE -c 'turnserver -h' + [ "$status" -eq 0 ] +} + +@test "Coturn has correct version" { + run sh -c "grep 'ARG coturn_ver=' Dockerfile | cut -d '=' -f2" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] + expected="$output" + + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'Version Coturn' | cut -d ' ' -f2 \ + | cut -d '-' -f2" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] + actual="$output" + + [ "$actual" = "$expected" ] +} + + +@test "TLS supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'TLS supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "DTLS supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'DTLS supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "DTLS 1.2 supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'DTLS 1.2 supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "TURN/STUN ALPN supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'TURN/STUN ALPN supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "oAuth supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep '(oAuth) supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + + +@test "SQLite supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'SQLite supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "Redis supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'Redis supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "PostgreSQL supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'PostgreSQL supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "MySQL supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'MySQL supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +} + +@test "MongoDB supported" { + run docker run --rm --entrypoint sh $IMAGE -c \ + "turnserver -o | grep 'MongoDB supported'" + [ "$status" -eq 0 ] + [ ! "$output" = '' ] +}