Built-in nscd into the docker image (a better dns caching service) (#3472)
This commit is contained in:
		
							parent
							
								
									5ccf2d23fc
								
							
						
					
					
						commit
						a0203372ce
					
				
					 5 changed files with 193 additions and 8 deletions
				
			
		|  | @ -5,13 +5,29 @@ ARG TARGETPLATFORM | ||||||
| 
 | 
 | ||||||
| WORKDIR /app | WORKDIR /app | ||||||
| 
 | 
 | ||||||
| # Install Curl | # Specify --no-install-recommends to skip unused dependencies, make the base much smaller! | ||||||
| # Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv | # python3* = apprise's dependencies | ||||||
| # Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them, make the base even smaller than alpine! | # sqlite3 = for debugging | ||||||
|  | # iputils-ping = for ping | ||||||
|  | # util-linux = for setpriv (Should be dropped in 2.0.0?) | ||||||
|  | # dumb-init = avoid zombie processes (#480) | ||||||
|  | # curl = for debugging | ||||||
|  | # ca-certificates = keep the cert up-to-date | ||||||
|  | # sudo = for start service nscd with non-root user | ||||||
|  | # nscd = for better DNS caching | ||||||
|  | # (pip) apprise = for notifications | ||||||
| RUN apt-get update && \ | RUN apt-get update && \ | ||||||
|     apt-get --yes --no-install-recommends install python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \ |     apt-get --yes --no-install-recommends install  \ | ||||||
|         sqlite3 iputils-ping util-linux dumb-init git curl ca-certificates && \ |         python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \ | ||||||
|     pip3 --no-cache-dir install apprise==1.4.0 && \ |         sqlite3  \ | ||||||
|  |         iputils-ping  \ | ||||||
|  |         util-linux  \ | ||||||
|  |         dumb-init  \ | ||||||
|  |         curl  \ | ||||||
|  |         ca-certificates \ | ||||||
|  |         sudo \ | ||||||
|  |         nscd && \ | ||||||
|  |     pip3 --no-cache-dir install apprise==1.4.5 && \ | ||||||
|     rm -rf /var/lib/apt/lists/* && \ |     rm -rf /var/lib/apt/lists/* && \ | ||||||
|     apt --yes autoremove |     apt --yes autoremove | ||||||
| 
 | 
 | ||||||
|  | @ -26,3 +42,7 @@ RUN set -eux && \ | ||||||
|     rm -rf /var/lib/apt/lists/* && \ |     rm -rf /var/lib/apt/lists/* && \ | ||||||
|     apt --yes autoremove |     apt --yes autoremove | ||||||
| 
 | 
 | ||||||
|  | # For nscd | ||||||
|  | COPY ./docker/etc/nscd.conf /etc/nscd.conf | ||||||
|  | COPY ./docker/etc/sudoers /etc/sudoers | ||||||
|  | 
 | ||||||
|  |  | ||||||
							
								
								
									
										90
									
								
								docker/etc/nscd.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										90
									
								
								docker/etc/nscd.conf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,90 @@ | ||||||
|  | # | ||||||
|  | # /etc/nscd.conf | ||||||
|  | # | ||||||
|  | # An example Name Service Cache config file.  This file is needed by nscd. | ||||||
|  | # | ||||||
|  | # Legal entries are: | ||||||
|  | # | ||||||
|  | #       logfile                 <file> | ||||||
|  | #       debug-level             <level> | ||||||
|  | #       threads                 <initial #threads to use> | ||||||
|  | #       max-threads             <maximum #threads to use> | ||||||
|  | #       server-user             <user to run server as instead of root> | ||||||
|  | #               server-user is ignored if nscd is started with -S parameters | ||||||
|  | #       stat-user               <user who is allowed to request statistics> | ||||||
|  | #       reload-count            unlimited|<number> | ||||||
|  | #       paranoia                <yes|no> | ||||||
|  | #       restart-interval        <time in seconds> | ||||||
|  | # | ||||||
|  | #       enable-cache            <service> <yes|no> | ||||||
|  | #       positive-time-to-live   <service> <time in seconds> | ||||||
|  | #       negative-time-to-live   <service> <time in seconds> | ||||||
|  | #       suggested-size          <service> <prime number> | ||||||
|  | #       check-files             <service> <yes|no> | ||||||
|  | #       persistent              <service> <yes|no> | ||||||
|  | #       shared                  <service> <yes|no> | ||||||
|  | #       max-db-size             <service> <number bytes> | ||||||
|  | #       auto-propagate          <service> <yes|no> | ||||||
|  | # | ||||||
|  | # Currently supported cache names (services): passwd, group, hosts, services | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | #       logfile                 /var/log/nscd.log | ||||||
|  | #       threads                 4 | ||||||
|  | #       max-threads             32 | ||||||
|  | #        server-user             node | ||||||
|  | #       stat-user               somebody | ||||||
|  |         debug-level             0 | ||||||
|  | #       reload-count            5 | ||||||
|  |         paranoia                no | ||||||
|  | #       restart-interval        3600 | ||||||
|  | 
 | ||||||
|  |         enable-cache            passwd          no | ||||||
|  |         positive-time-to-live   passwd          600 | ||||||
|  |         negative-time-to-live   passwd          20 | ||||||
|  |         suggested-size          passwd          211 | ||||||
|  |         check-files             passwd          yes | ||||||
|  |         persistent              passwd          yes | ||||||
|  |         shared                  passwd          yes | ||||||
|  |         max-db-size             passwd          33554432 | ||||||
|  |         auto-propagate          passwd          yes | ||||||
|  | 
 | ||||||
|  |         enable-cache            group           no | ||||||
|  |         positive-time-to-live   group           3600 | ||||||
|  |         negative-time-to-live   group           60 | ||||||
|  |         suggested-size          group           211 | ||||||
|  |         check-files             group           yes | ||||||
|  |         persistent              group           yes | ||||||
|  |         shared                  group           yes | ||||||
|  |         max-db-size             group           33554432 | ||||||
|  |         auto-propagate          group           yes | ||||||
|  | 
 | ||||||
|  |         enable-cache            hosts           yes | ||||||
|  |         positive-time-to-live   hosts           3600 | ||||||
|  |         negative-time-to-live   hosts           20 | ||||||
|  |         suggested-size          hosts           211 | ||||||
|  |         check-files             hosts           yes | ||||||
|  |         persistent              hosts           yes | ||||||
|  | # Set shared to "no" to display stats in `nscd -g` | ||||||
|  | # Read more: https://stackoverflow.com/questions/40429245/nscdcentos7curl-0-dns-cache-hit-rate | ||||||
|  |         shared                  hosts           no | ||||||
|  |         max-db-size             hosts           33554432 | ||||||
|  | 
 | ||||||
|  |         enable-cache            services        no | ||||||
|  |         positive-time-to-live   services        28800 | ||||||
|  |         negative-time-to-live   services        20 | ||||||
|  |         suggested-size          services        211 | ||||||
|  |         check-files             services        yes | ||||||
|  |         persistent              services        yes | ||||||
|  |         shared                  services        yes | ||||||
|  |         max-db-size             services        33554432 | ||||||
|  | 
 | ||||||
|  |         enable-cache            netgroup        no | ||||||
|  |         positive-time-to-live   netgroup        28800 | ||||||
|  |         negative-time-to-live   netgroup        20 | ||||||
|  |         suggested-size          netgroup        211 | ||||||
|  |         check-files             netgroup        yes | ||||||
|  |         persistent              netgroup        yes | ||||||
|  |         shared                  netgroup        yes | ||||||
|  |         max-db-size             netgroup        33554432 | ||||||
							
								
								
									
										31
									
								
								docker/etc/sudoers
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								docker/etc/sudoers
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,31 @@ | ||||||
|  | # | ||||||
|  | # This file MUST be edited with the 'visudo' command as root. | ||||||
|  | # | ||||||
|  | # Please consider adding local content in /etc/sudoers.d/ instead of | ||||||
|  | # directly modifying this file. | ||||||
|  | # | ||||||
|  | # See the man page for details on how to write a sudoers file. | ||||||
|  | # | ||||||
|  | Defaults        env_reset | ||||||
|  | Defaults        mail_badpass | ||||||
|  | Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | ||||||
|  | 
 | ||||||
|  | # Host alias specification | ||||||
|  | 
 | ||||||
|  | # User alias specification | ||||||
|  | 
 | ||||||
|  | # Cmnd alias specification | ||||||
|  | 
 | ||||||
|  | # User privilege specification | ||||||
|  | root    ALL=(ALL:ALL) ALL | ||||||
|  | 
 | ||||||
|  | # Allow members of group sudo to execute any command | ||||||
|  | %sudo   ALL=(ALL:ALL) ALL | ||||||
|  | 
 | ||||||
|  | # See sudoers(5) for more information on "#include" directives: | ||||||
|  | 
 | ||||||
|  | #includedir /etc/sudoers.d | ||||||
|  | 
 | ||||||
|  | # Allow `node` to control service (mainly for nscd) | ||||||
|  | node ALL=(root) NOPASSWD: /usr/sbin/nscdservice | ||||||
|  | node ALL=(root) NOPASSWD: /usr/sbin/service | ||||||
|  | @ -49,6 +49,7 @@ if (! process.env.NODE_ENV) { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| log.info("server", "Node Env: " + process.env.NODE_ENV); | log.info("server", "Node Env: " + process.env.NODE_ENV); | ||||||
|  | log.info("server", "Inside Container: " + process.env.UPTIME_KUMA_IS_CONTAINER === "1"); | ||||||
| 
 | 
 | ||||||
| log.info("server", "Importing Node libraries"); | log.info("server", "Importing Node libraries"); | ||||||
| const fs = require("fs"); | const fs = require("fs"); | ||||||
|  | @ -1589,6 +1590,8 @@ let needSetup = false; | ||||||
|         await shutdownFunction(); |         await shutdownFunction(); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|  |     server.start(); | ||||||
|  | 
 | ||||||
|     server.httpServer.listen(port, hostname, () => { |     server.httpServer.listen(port, hostname, () => { | ||||||
|         if (hostname) { |         if (hostname) { | ||||||
|             log.info("server", `Listening on ${hostname}:${port}`); |             log.info("server", `Listening on ${hostname}:${port}`); | ||||||
|  |  | ||||||
|  | @ -10,6 +10,7 @@ const util = require("util"); | ||||||
| const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent"); | const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent"); | ||||||
| const { Settings } = require("./settings"); | const { Settings } = require("./settings"); | ||||||
| const dayjs = require("dayjs"); | const dayjs = require("dayjs"); | ||||||
|  | const childProcess = require("child_process"); | ||||||
| // DO NOT IMPORT HERE IF THE MODULES USED `UptimeKumaServer.getInstance()`, put at the bottom of this file instead.
 | // DO NOT IMPORT HERE IF THE MODULES USED `UptimeKumaServer.getInstance()`, put at the bottom of this file instead.
 | ||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
|  | @ -334,9 +335,49 @@ class UptimeKumaServer { | ||||||
|         dayjs.tz.setDefault(timezone); |         dayjs.tz.setDefault(timezone); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /** Stop the server */ |     /** | ||||||
|     async stop() { |      * TODO: Listen logic should be moved to here | ||||||
|  |      * @returns {Promise<void>} | ||||||
|  |      */ | ||||||
|  |     async start() { | ||||||
|  |         this.startServices(); | ||||||
|  |     } | ||||||
| 
 | 
 | ||||||
|  |     /** | ||||||
|  |      * Stop the server | ||||||
|  |      * @returns {Promise<void>} | ||||||
|  |      */ | ||||||
|  |     async stop() { | ||||||
|  |         this.stopServices(); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Start all system services (e.g. nscd) | ||||||
|  |      * For now, only used in Docker | ||||||
|  |      */ | ||||||
|  |     startServices() { | ||||||
|  |         if (process.env.UPTIME_KUMA_IS_CONTAINER) { | ||||||
|  |             try { | ||||||
|  |                 log.info("services", "Starting nscd"); | ||||||
|  |                 childProcess.execSync("sudo service nscd start", { stdio: "pipe" }); | ||||||
|  |             } catch (e) { | ||||||
|  |                 log.info("services", "Failed to start nscd"); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Stop all system services | ||||||
|  |      */ | ||||||
|  |     stopServices() { | ||||||
|  |         if (process.env.UPTIME_KUMA_IS_CONTAINER) { | ||||||
|  |             try { | ||||||
|  |                 log.info("services", "Stopping nscd"); | ||||||
|  |                 childProcess.execSync("sudo service nscd stop"); | ||||||
|  |             } catch (e) { | ||||||
|  |                 log.info("services", "Failed to stop nscd"); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue