Add better docs and comments, complete configs, change nginx & cgi user to nexus, add example scripts

.gitignore

@@ -0,0 +1 @@
+test

Dockerfile

@@ -2,28 +2,33 @@ FROM ubuntu:trusty
 MAINTAINER Dave P
 
 # Create nexus user
-RUN useradd --create-home nexus ; \
-    echo "nexus:nexus" | chpasswd
-
-# Install nginx
-RUN apt-get update ;\
-    apt-get install -y nginx-light fcgiwrap supervisor openssh-server cron ;\
-    mkdir /start.d /nexus /var/run/sshd ;\
-    chown nexus /nexus
-
-# Configure nginx
-RUN echo "daemon off;" >> /etc/nginx/nginx.conf ; cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf
+RUN useradd --create-home nexus && \
+    echo "nexus:nexus" | chpasswd && \
+    apt-get update && \
+    apt-get install -y nginx-light fcgiwrap supervisor openssh-server cron && \
+    mkdir /start.d /nexus /var/run/sshd && \
+    chown nexus /nexus && \
+    cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf
 
+# Supervisor confs
 ADD supervisor.conf /etc/supervisor/conf.d/supervisor.conf
-ADD nginx.conf /etc/supervisor/conf.d/nginx.conf
-ADD fcgiwrap.conf /etc/supervisor/conf.d/fcgiwrap.conf
-ADD sshd.conf /etc/supervisor/conf.d/sshd.conf
-ADD cron.conf /etc/supervisor/conf.d/cron.conf
-ADD default /etc/nginx/sites-available/default
+ADD supervisor-nginx.conf /etc/supervisor/conf.d/nginx.conf
+ADD supervisor-fcgiwrap.conf /etc/supervisor/conf.d/fcgiwrap.conf
+ADD supervisor-sshd.conf /etc/supervisor/conf.d/sshd.conf
+ADD supervisor-cron.conf /etc/supervisor/conf.d/cron.conf
+
+# nginx confs
+ADD nginx.conf /etc/nginx/nginx.conf
+ADD nginx-default /etc/nginx/sites-available/default
+
+# Startup tasks
 ADD clear-sockets /start.d/clear-sockets
 ADD gen-ssh /start.d/gen-ssh
 ADD start /start
 
-RUN chmod +x /start.d/clear-sockets
+RUN chmod +x /start.d/clear-sockets /start
+
+ENTRYPOINT ["/start"]
 
 EXPOSE 80
+EXPOSE 22

README.md

@@ -0,0 +1,35 @@
+# docker-nexus
+
+**A nginx/cgi/sshd server for prototyping services or data hubs.**
+
+## Quick start
+
+* Clone: `git clone ssh://git@gitlab.xmopx.net:222/dave/docker-nexus.git`
+* Build: `cd docker-nexus ; docker build -t nexus .`
+* Run: `docker run nexus`
+
+
+## Usage
+
+Nexus offers a couple services:
+
+### SSHD
+
+For shell related activities, an sshd daemonr runs on the standard port. Username and password, by default, is `nexus`.
+
+### Nginx
+
+For accessing data or calling CGI scripts, nginx runs on the standard port. The document root is `/nexus/`.
+
+### CGI
+
+Standard CGI scripts can be placed in `/nexus/cgi-bin/`. Some sample scripts exist in `./examples/cgi-scripts/`.
+
+### Cron
+
+Cron is present in the container.
+
+## TODO
+
+* Allow ssh password to be set by passing an env var
+* More sample CGI scripts

clear-sockets

@@ -1,3 +1,5 @@
 #!/bin/sh
-rm -f /tmp/fcgiwrap.socket
 
+# Clear any stranded pid/socket files that could cause issues
+
+rm -f /tmp/fcgiwrap.socket

examples/cgi-scripts/basic.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+
+import os
+from urllib.parse import parse_qs
+import traceback
+
+def start_response(content_type="text/html", status_code=("200", "OK",)):
+    print('Status: %s %s' % (status_code))
+    print("Content-Type: %s" % content_type)
+    print()
+
+if __name__ == "__main__":
+    try:
+        
+        data = parse_qs(os.environ["QUERY_STRING"])
+        
+        assert "yo" in data, "Must pass parameter 'yo' in query string"
+        
+        start_response()
+        print("you passed: ?yo=%s" % data["yo"][0])
+        
+    except Exception as e:
+        start_response(status_code=('500', "you fucked up"))
+        tb = traceback.format_exc()
+        print('<pre>{}</pre>'.format(tb))

gen-ssh

@@ -1,4 +1,7 @@
+#!/bin/sh
+
 # Regenerate ssh key per container
+
 dpkg-reconfigure openssh-server
 
 rm /start.d/gen-ssh

nginx-default

@@ -19,5 +19,8 @@ server {
         fastcgi_pass  unix:/tmp/fcgiwrap.socket;
         include /etc/nginx/fastcgi_params;
         fastcgi_param SCRIPT_FILENAME  /nexus$fastcgi_script_name;
+        fastcgi_read_timeout 600s;
+        fastcgi_send_timeout 600s;
+        client_max_body_size 1024m;
     }
 }

nginx.conf

@@ -1,3 +1,74 @@
-[program:nginx]
-command=/usr/sbin/nginx
-autorestart=true
+user nexus;
+worker_processes 4;
+pid /run/nginx.pid;
+daemon off;
+
+events {
+    worker_connections 768;
+    # multi_accept on;
+}
+
+http {
+
+    ##
+    # Basic Settings
+    ##
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    # server_tokens off;
+
+    # server_names_hash_bucket_size 64;
+    # server_name_in_redirect off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ##
+    # Logging Settings
+    ##
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+    gzip_disable "msie6";
+
+    # gzip_vary on;
+    # gzip_proxied any;
+    # gzip_comp_level 6;
+    # gzip_buffers 16 8k;
+    # gzip_http_version 1.1;
+    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+    ##
+    # nginx-naxsi config
+    ##
+    # Uncomment it if you installed nginx-naxsi
+    ##
+
+    #include /etc/nginx/naxsi_core.rules;
+
+    ##
+    # nginx-passenger config
+    ##
+    # Uncomment it if you installed nginx-passenger
+    ##
+
+    #passenger_root /usr;
+    #passenger_ruby /usr/bin/ruby;
+
+    ##
+    # Virtual Host Configs
+    ##
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}

supervisor-fcgiwrap.conf

@@ -1,4 +1,4 @@
 [program:fcgiwrap]
-user=www-data
+user=nexus
 command=/usr/sbin/fcgiwrap -f -s unix:/tmp/fcgiwrap.socket
 autorestart=true

supervisor-nginx.conf

@@ -0,0 +1,3 @@
+[program:nginx]
+command=/usr/sbin/nginx
+autorestart=true