diff --git a/Dockerfile b/Dockerfile index 7465557..328a246 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,16 @@ FROM ubuntu:trusty -ADD start /start - -RUN chmod +x /start ;\ - locale-gen en_US en_US.UTF-8 ;\ +RUN locale-gen en_US en_US.UTF-8 ;\ apt-get update ;\ - apt-get install -y apt-transport-https curl supervisor inotify-tools ;\ + apt-get install -y apt-transport-https curl ;\ curl https://repo.varnish-cache.org/ubuntu/GPG-key.txt | apt-key add - ;\ echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.0" >> /etc/apt/sources.list.d/varnish-cache.list ;\ apt-get update ;\ DEBIAN_FRONTEND=noninteractive apt-get install -y varnish ;\ - rm /etc/varnish/secret - -ADD varnish.conf /etc/supervisor/conf.d/varnish.conf -ADD varnishlogger.conf /etc/supervisor/conf.d/varnishlogger.conf -ADD varnishlog.conf /etc/rsyslog.d/varnishlog.conf -ADD rsyslogd.conf /etc/supervisor/conf.d/rsyslogd.conf -ADD supervisor.conf /etc/supervisor/conf.d/supervisor.conf + echo '00000000-0000-0000-0000-000000000000' > /etc/varnish/secret WORKDIR /etc/varnish -CMD ["/start"] + +ENTRYPOINT ["/usr/sbin/varnishd", "-f", "/etc/varnish/default.vcl", "-a", "0.0.0.0:80", "-T", "0.0.0.0:6082", "-S", "/etc/varnish/secret", "-F"] EXPOSE 80 6082 diff --git a/README.md b/README.md index 171a541..79b9d3b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ docker-varnish ============== -Container for running [Varnish Cache](https://www.varnish-cache.org/). Automatically checks vcl validity before running varnish and reports compile errors in stdout. +Container for running [Varnish Cache](https://www.varnish-cache.org/). *Usage:* @@ -10,14 +10,14 @@ Container for running [Varnish Cache](https://www.varnish-cache.org/). Automatic *Advanced* -* Set memory size: `docker run` with `-e MEMSIZE=128m` -* Use pre-set secret: `-e SECRET=7d40f8f1-9107-4cce-a2b6-f5caf6fc7b9d` -* Set custom syslog target remote host: `-e LOGHOST=10.0.40.28` +* Set memory size - append: `-s malloc,256M` +* Set a secret - mount `-v /path/to/file/containg/uuid:/etc/varnish/secret` * Expose control terminal: `-p 1234:6082` *Extras* * test.vcl - example default.vcl file -* monitorvcl - example showing how reload varnish when the vcl is modified -* Apache-format logs are sent to the docker host with rsyslog with programname 'varnish', channel local6.notice -* Want to log to a file instead of syslog? In varnishlog.conf, change the @1.2.3.4 to a file path. + +*Notes* + +The default secret is `00000000-0000-0000-0000-000000000000`. This is INSECURE if you decide to expose the varnish control terminal. diff --git a/monitorvcl b/monitorvcl deleted file mode 100644 index 48b89d3..0000000 --- a/monitorvcl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -# Wait for the vcl to be modified then tell varnish to reload -while inotifywait -qq --event modify /etc/varnish/default.vcl; do - pkill -HUP varnishd -done \ No newline at end of file diff --git a/rsyslogd.conf b/rsyslogd.conf deleted file mode 100644 index 365f69f..0000000 --- a/rsyslogd.conf +++ /dev/null @@ -1,2 +0,0 @@ -[program:rsyslog] -command=rsyslogd -n diff --git a/start b/start deleted file mode 100644 index c55d402..0000000 --- a/start +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# Cleanly kill supervisor when container is stopped -trap 'kill $(jobs -p)' EXIT - -# Set default varnish memory cache size if not specified -if [ -z "$MEMSIZE" ]; then - export MEMSIZE=64M -fi - -# Set varnish secret if not specified -if [ ! -f /etc/varnish/secret ]; then - if [ -z "$SECRET" ]; then - SECRET=`cat /proc/sys/kernel/random/uuid` - fi - echo $SECRET > /etc/varnish/secret -fi -echo "Secret is $SECRET" - -# Set access syslog host if not specified -if [ -z "$LOGHOST" ]; then - LOGHOST=`ip route | grep default | awk '{print $3}'` -fi -sed -i -E "s/@.+/@$LOGHOST/" /etc/rsyslog.d/varnishlog.conf - -# Check vcl syntax -varnishd -C -f /etc/varnish/default.vcl > /dev/null || exit 1 - -supervisord diff --git a/supervisor.conf b/supervisor.conf deleted file mode 100644 index 54296b8..0000000 --- a/supervisor.conf +++ /dev/null @@ -1,2 +0,0 @@ -[supervisord] -nodaemon=true diff --git a/varnish.conf b/varnish.conf deleted file mode 100644 index 2bb9236..0000000 --- a/varnish.conf +++ /dev/null @@ -1,6 +0,0 @@ -[program:varnishd] -command=/usr/sbin/varnishd -f /etc/varnish/default.vcl -a 0.0.0.0:80 -T 0.0.0.0:6082 -S /etc/varnish/secret -s malloc,%(ENV_MEMSIZE)s -F -autostart=true -autorestart=true -redirect_stderr=true -startretries=2000000000 diff --git a/varnishlog.conf b/varnishlog.conf deleted file mode 100644 index 0af24f0..0000000 --- a/varnishlog.conf +++ /dev/null @@ -1,2 +0,0 @@ -if $programname == 'varnish' then @172.17.42.1 -& ~ \ No newline at end of file diff --git a/varnishlogger.conf b/varnishlogger.conf deleted file mode 100644 index 3e944b3..0000000 --- a/varnishlogger.conf +++ /dev/null @@ -1,6 +0,0 @@ -[program:varnishlogger] -command=bash -c "varnishncsa -F '%%{X-Real-IP}i %%l %%u %%t \"%%r\" %%s %%b \"%%{Referer}i\" \"%%{User-agent}i\"' | /usr/bin/logger -tvarnish -plocal6.notice" -autostart=true -autorestart=true -redirect_stderr=true -startretries=2000000000