Mirrors/go-inbucket
1
0
Fork 0
mirror of https://github.com/jhillyerd/inbucket.git synced 2025-12-17 17:47:03 +00:00
Code Issues Releases Wiki Activity

Docker image should run non-root (#153)

Browse Source 
Changed the Dockerfile so that there is a Inbucket user (and group). This will allow the container to be executed a the Inbucket user in stead of ROOT (security best practices)

If the user wants to use a different greeting.html file he can use the environment variable to define a different one. For now we just use the greeting.html from the defaults directory.

* Permissions for /start-inbucket.sh file
* Added timezone data so you can set the timezone in the image
* Updated Docker greeting.html file to include some basic instructions
* Updated to alpine 3.11
* Updated to golang 1.14
* Updated the required packages
This commit is contained in:
Martijn Suijlen
2020-06-26 17:38:27 +02:00
committed by GitHub
parent 62dd540be5
commit 3372ade61b
3 changed files with 33 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerfile
View File

@@ -25,6 +25,7 @@ RUN npm run build
# Run in minimal image # Run in minimal image
FROM alpine:3.11 FROM alpine:3.11
RUN apk --no-cache add tzdata
WORKDIR /opt/inbucket WORKDIR /opt/inbucket
RUN mkdir bin defaults ui RUN mkdir bin defaults ui
COPY --from=builder /build/inbucket bin COPY --from=builder /build/inbucket bin
@@ -36,7 +37,7 @@ COPY etc/docker/defaults/start-inbucket.sh /
ENV INBUCKET_SMTP_DISCARDDOMAINS bitbucket.local ENV INBUCKET_SMTP_DISCARDDOMAINS bitbucket.local
ENV INBUCKET_SMTP_TIMEOUT 30s ENV INBUCKET_SMTP_TIMEOUT 30s
ENV INBUCKET_POP3_TIMEOUT 30s ENV INBUCKET_POP3_TIMEOUT 30s
ENV INBUCKET_WEB_GREETINGFILE /config/greeting.html ENV INBUCKET_WEB_GREETINGFILE /opt/inbucket/defaults/greeting.html
ENV INBUCKET_WEB_COOKIEAUTHKEY secret-inbucket-session-cookie-key ENV INBUCKET_WEB_COOKIEAUTHKEY secret-inbucket-session-cookie-key
ENV INBUCKET_WEB_UIDIR=ui ENV INBUCKET_WEB_UIDIR=ui
ENV INBUCKET_STORAGE_TYPE file ENV INBUCKET_STORAGE_TYPE file
@@ -54,5 +55,9 @@ EXPOSE 2500 9000 1100
VOLUME /config VOLUME /config
VOLUME /storage VOLUME /storage
RUN addgroup -g 1000 inbucket && adduser -G inbucket -u 1000 -D inbucket && chown -R inbucket:inbucket /opt/inbucket/ && chmod 774 /opt/inbucket/ -R && chown /start-inbucket.sh && chmod +x /start-inbucket.sh
USER inbucket
ENTRYPOINT ["/start-inbucket.sh"] ENTRYPOINT ["/start-inbucket.sh"]
CMD ["-logjson"] CMD ["-logjson"]

34
etc/docker/defaults/greeting.html
View File

@@ -1,17 +1,35 @@
<h1>Welcome to Inbucket</h1> <h1>Welcome to Inbucket</h1>
<p>Inbucket is an email testing service; it will accept email for any email <p>Inbucket is an email testing service; it will accept email for any email
address and make it available to view without a password.</p> address and make it available to view without a password.
</p>
<p>To view messages for a particular address, enter the username portion <p>To view messages for a particular address, enter the username portion
of the address into the box on the upper right and click <em>View</em>.</p> of the address into the box on the upper right and click <em>View</em>.
</p>
<p>This instance of Inbucket is running inside of a <a <p>This instance of Inbucket is running inside of a <a
href="https://www.docker.com/" target="_blank">Docker</a> container. It is href="https://www.docker.com/" target="_blank">Docker</a> container. It is
configured to retain messages for a maximum of 3 days, and will enforce a limit configured to retain messages for a maximum of 3 days, and </br>
of 300 messages per mailbox - the oldest messages will be deleted to stay under will enforce a limit of 300 messages per mailbox - the oldest messages will
that limit.</p> be deleted to stay under that limit.
</p>
<p>Messages addressed to any recipient in the <code>@bitbucket.local</code> <p>
domain will be accepted but not written to disk. Use this domain for load or Messages addressed to any recipient in the <code>@bitbucket.local</code>
soak testing your application.</p> domain will be accepted but not written to disk. </br>Use this domain for load or
soak testing your application.
</p>
<p> You can modify this greetings page by changing the Docker environment variable
'INBUCKET_WEB_GREETINGFILE' </br>to point to a different greetings.html. If for
example you have a greetings file on your local machine and want to mount that
you could </br>that file using the docker '--volume' parameter to add your local
greetings.html file to the directory '/custom/greetings.html'. </br>You will then
set the environment variable INBUCKET_WEB_GREETINGFILE to
'/custom/greetings.html'. </br>Your customized file will then be loaded after you
start the Docker container.</p>
<p>
This exact greetings file can be found at:
https://github.com/inbucket/inbucket/blob/master/etc/docker/defaults/greeting.html.
</p>

15
etc/docker/defaults/start-inbucket.sh
View File

@@ -3,22 +3,7 @@
# description: start inbucket (runs within a docker container) # description: start inbucket (runs within a docker container)
INBUCKET_HOME="/opt/inbucket" INBUCKET_HOME="/opt/inbucket"
CONF_SOURCE="$INBUCKET_HOME/defaults"
CONF_TARGET="/config"
set -eo pipefail set -eo pipefail
install_default_config() {
local file="$1"
local source="$CONF_SOURCE/$file"
local target="$CONF_TARGET/$file"
if [ ! -e "$target" ]; then
echo "Installing default $file to $CONF_TARGET"
install "$source" "$target"
fi
}
install_default_config "greeting.html"
exec "$INBUCKET_HOME/bin/inbucket" $* exec "$INBUCKET_HOME/bin/inbucket" $*