From c1e6c98817f391e4419fca610ab8b804f14beb30 Mon Sep 17 00:00:00 2001 From: The Goofball Date: Tue, 7 Jan 2025 10:30:29 -0700 Subject: [PATCH] Create 9.0/official - v9.0.108, Promote 9.0 official to latest, Tag 9.0.108 release --- .github/workflows/build-latest.yml | 24 +-- .github/workflows/build-official.yml | 26 +-- 9.0/official/Dockerfile | 67 +++++++ 9.0/official/Dockerfile.alpine | 58 ++++++ 9.0/official/Dockerfile.alpine.mongo | 60 +++++++ 9.0/official/Dockerfile.debian | 75 ++++++++ 9.0/official/Dockerfile.debian.mongodb4 | 77 ++++++++ 9.0/official/Dockerfile.debian.mongodb5 | 78 ++++++++ 9.0/official/Dockerfile.debian.nomongo | 67 +++++++ 9.0/official/Dockerfile.ubuntu.nomongo | 64 +++++++ 9.0/official/Makefile | 72 ++++++++ 9.0/official/VERSION | 1 + 9.0/official/hooks/build | 10 ++ 9.0/official/root/etc/ld-musl-x86_64.path | 5 + .../usr/lib/unifi/system.properties.default | 44 +++++ .../root/usr/local/bin/docker-entrypoint.sh | 127 +++++++++++++ .../root/usr/local/bin/docker-healthcheck.sh | 34 ++++ .../usr/local/bin/entrypoint-functions.sh | 169 ++++++++++++++++++ CHANGELOG.md | 5 + README.md | 5 +- release/VERSION | 2 +- 21 files changed, 1042 insertions(+), 28 deletions(-) create mode 100644 9.0/official/Dockerfile create mode 100644 9.0/official/Dockerfile.alpine create mode 100644 9.0/official/Dockerfile.alpine.mongo create mode 100644 9.0/official/Dockerfile.debian create mode 100644 9.0/official/Dockerfile.debian.mongodb4 create mode 100644 9.0/official/Dockerfile.debian.mongodb5 create mode 100644 9.0/official/Dockerfile.debian.nomongo create mode 100644 9.0/official/Dockerfile.ubuntu.nomongo create mode 100644 9.0/official/Makefile create mode 100644 9.0/official/VERSION create mode 100755 9.0/official/hooks/build create mode 100644 9.0/official/root/etc/ld-musl-x86_64.path create mode 100644 9.0/official/root/usr/lib/unifi/system.properties.default create mode 100755 9.0/official/root/usr/local/bin/docker-entrypoint.sh create mode 100755 9.0/official/root/usr/local/bin/docker-healthcheck.sh create mode 100755 9.0/official/root/usr/local/bin/entrypoint-functions.sh diff --git a/.github/workflows/build-latest.yml b/.github/workflows/build-latest.yml index 49a5e54..9249735 100644 --- a/.github/workflows/build-latest.yml +++ b/.github/workflows/build-latest.yml @@ -6,7 +6,7 @@ on: branches: - main paths: - - 8.6/official/** + - 9.0/official/** - .github/workflows/build-latest.yml jobs: @@ -19,7 +19,7 @@ jobs: - name: Set up dynamic build ARGs id: getargs - run: echo "version=$(cat ./8.6/official/VERSION)" >> $GITHUB_OUTPUT + run: echo "version=$(cat ./9.0/official/VERSION)" >> $GITHUB_OUTPUT - name: Set up Docker metadata for Alpine id: meta-alpine @@ -30,7 +30,7 @@ jobs: ghcr.io/${{ github.repository }} tags: | type=raw,latest-alpine - type=raw,8.6-alpine + type=raw,9.0-alpine labels: | org.opencontainers.image.vendor=The Goofball - goofball222@gmail.com org.opencontainers.image.title=UniFi Controller @@ -46,7 +46,7 @@ jobs: ghcr.io/${{ github.repository }} tags: | type=raw,latest-debian - type=raw,8.6-debian + type=raw,9.0-debian labels: | org.opencontainers.image.vendor=The Goofball - goofball222@gmail.com org.opencontainers.image.title=UniFi Controller @@ -62,9 +62,9 @@ jobs: ghcr.io/${{ github.repository }} tags: | type=raw,latest - type=raw,8.6 + type=raw,9.0 type=raw,latest-ubuntu - type=raw,8.6-ubuntu + type=raw,9.0-ubuntu labels: | org.opencontainers.image.vendor=The Goofball - goofball222@gmail.com org.opencontainers.image.title=UniFi Controller @@ -93,8 +93,8 @@ jobs: name: Build and push Alpine Docker image uses: docker/build-push-action@v6 with: - context: ./8.6/official - file: ./8.6/official/Dockerfile.alpine + context: ./9.0/official + file: ./9.0/official/Dockerfile.alpine platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-alpine.outputs.tags }} @@ -104,8 +104,8 @@ jobs: name: Build and push Debian Docker image uses: docker/build-push-action@v6 with: - context: ./8.6/official - file: ./8.6/official/Dockerfile.debian + context: ./9.0/official + file: ./9.0/official/Dockerfile.debian platforms: linux/amd64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-debian.outputs.tags }} @@ -115,8 +115,8 @@ jobs: name: Build and push Ubuntu Docker image uses: docker/build-push-action@v6 with: - context: ./8.6/official - file: ./8.6/official/Dockerfile + context: ./9.0/official + file: ./9.0/official/Dockerfile platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-ubuntu.outputs.tags }} diff --git a/.github/workflows/build-official.yml b/.github/workflows/build-official.yml index f90ebf0..cfbdb54 100644 --- a/.github/workflows/build-official.yml +++ b/.github/workflows/build-official.yml @@ -6,8 +6,8 @@ on: branches: - main paths: - - 8.5/official/** - - .github/workflows/build-8.5-official.yml + - 8.6/official/** + - .github/workflows/build-8.6-official.yml jobs: build: @@ -19,7 +19,7 @@ jobs: - name: Set up dynamic build ARGs id: getargs - run: echo "version=$(cat ./8.5/official/VERSION)" >> $GITHUB_OUTPUT + run: echo "version=$(cat ./8.6/official/VERSION)" >> $GITHUB_OUTPUT - name: Set up Docker metadata for Alpine id: meta-alpine @@ -29,7 +29,7 @@ jobs: ${{ github.repository }} ghcr.io/${{ github.repository }} tags: | - type=raw,8.5-alpine + type=raw,8.6-alpine labels: | org.opencontainers.image.vendor=The Goofball - goofball222@gmail.com org.opencontainers.image.title=UniFi Controller @@ -44,7 +44,7 @@ jobs: ${{ github.repository }} ghcr.io/${{ github.repository }} tags: | - type=raw,8.5-debian + type=raw,8.6-debian labels: | org.opencontainers.image.vendor=The Goofball - goofball222@gmail.com org.opencontainers.image.title=UniFi Controller @@ -59,8 +59,8 @@ jobs: ${{ github.repository }} ghcr.io/${{ github.repository }} tags: | - type=raw,8.5 - type=raw,8.5-ubuntu + type=raw,8.6 + type=raw,8.6-ubuntu labels: | org.opencontainers.image.vendor=The Goofball - goofball222@gmail.com org.opencontainers.image.title=UniFi Controller @@ -89,8 +89,8 @@ jobs: name: Build and push Alpine Docker image uses: docker/build-push-action@v6 with: - context: ./8.5/official - file: ./8.5/official/Dockerfile.alpine + context: ./8.6/official + file: ./8.6/official/Dockerfile.alpine platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-alpine.outputs.tags }} @@ -100,8 +100,8 @@ jobs: name: Build and push Debian Docker image uses: docker/build-push-action@v6 with: - context: ./8.5/official - file: ./8.5/official/Dockerfile.debian + context: ./8.6/official + file: ./8.6/official/Dockerfile.debian platforms: linux/amd64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-debian.outputs.tags }} @@ -111,8 +111,8 @@ jobs: name: Build and push Ubuntu Docker image uses: docker/build-push-action@v6 with: - context: ./8.5/official - file: ./8.5/official/Dockerfile + context: ./8.6/official + file: ./8.6/official/Dockerfile platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-ubuntu.outputs.tags }} diff --git a/9.0/official/Dockerfile b/9.0/official/Dockerfile new file mode 100644 index 0000000..a040523 --- /dev/null +++ b/9.0/official/Dockerfile @@ -0,0 +1,67 @@ +FROM ubuntu:20.04 + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Ubuntu \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBIAN_FRONTEND=noninteractive \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && groupadd -r unifi -g $PGID \ + && useradd --no-log-init -r -u $PUID -g $PGID unifi \ + && apt-get -y update \ + && apt-get -y install apt-utils \ + && apt-get -y --no-install-recommends install \ + binutils curl dirmngr \ + gosu libcap2 libcap2-bin \ + procps tzdata \ + && apt-get -y --no-install-recommends install \ + ca-certificates-java openjdk-17-jre-headless \ + && apt-get -y --no-install-recommends install \ + mongodb-server-core \ + && rm -rf /usr/bin/mongos \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/unifi_sysvinit_all.deb -o /tmp/unifi-${VERSION}.deb \ + && apt-get -y purge \ + dirmngr \ + && apt-get -y autoremove --purge \ + && apt-get -y clean autoclean \ + && dpkg --force-all -i /tmp/unifi-${VERSION}.deb \ + && rm -rf data logs run \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.alpine b/9.0/official/Dockerfile.alpine new file mode 100644 index 0000000..5082b14 --- /dev/null +++ b/9.0/official/Dockerfile.alpine @@ -0,0 +1,58 @@ +FROM alpine:latest + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Alpine \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && delgroup ping \ + && addgroup -g $PGID unifi \ + && adduser -D -G unifi -u $PUID unifi \ + && apk add -q --no-cache \ + gcompat libc6-compat \ + && apk add -q --no-cache \ + bash binutils coreutils curl libcap \ + openjdk17-jre openssl shadow su-exec \ + tzdata \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/UniFi.unix.zip -o /tmp/UniFi.unix.${VERSION}.zip \ + && unzip -q /tmp/UniFi.unix.${VERSION}.zip -d /tmp \ + && mv /tmp/UniFi/* /usr/lib/unifi/ \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /tmp/* /var/tmp/* /var/cache/apk/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.alpine.mongo b/9.0/official/Dockerfile.alpine.mongo new file mode 100644 index 0000000..d6ce786 --- /dev/null +++ b/9.0/official/Dockerfile.alpine.mongo @@ -0,0 +1,60 @@ +FROM alpine:latest + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Alpine.mongo \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && delgroup ping \ + && addgroup -g $PGID unifi \ + && adduser -D -G unifi -u $PUID unifi \ + && apk add -q --no-cache \ + gcompat libc6-compat \ + && apk add -q --no-cache \ + bash binutils coreutils curl libcap \ + mongodb openjdk17-jre openssl shadow su-exec \ + tzdata \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/UniFi.unix.zip -o /tmp/UniFi.unix.${VERSION}.zip \ + && unzip -q /tmp/UniFi.unix.${VERSION}.zip -d /tmp \ + && mv /tmp/UniFi/* /usr/lib/unifi/ \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm /usr/lib/unifi/bin/mongod \ + && ln -s /usr/bin/mongod /usr/lib/unifi/bin/mongod \ + && rm -rf /tmp/* /var/tmp/* /var/cache/apk/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.debian b/9.0/official/Dockerfile.debian new file mode 100644 index 0000000..202f832 --- /dev/null +++ b/9.0/official/Dockerfile.debian @@ -0,0 +1,75 @@ +FROM debian:bullseye-slim + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Debian \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBIAN_FRONTEND=noninteractive \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && groupadd -r unifi -g $PGID \ + && useradd --no-log-init -r -u $PUID -g $PGID unifi \ + && mkdir -p /usr/share/man/man1 \ + && apt-get -y update \ + && apt-get -y install apt-utils \ + && apt-get -y --no-install-recommends install \ + dirmngr gnupg2 \ + && apt-get -y --no-install-recommends install \ + binutils curl gosu \ + libcap2 libcap2-bin procps \ + tzdata \ + && apt-get -y --no-install-recommends install \ + ca-certificates-java \ + && apt-get -y --no-install-recommends install \ + openjdk-17-jre-headless \ + && echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 main" \ + > /etc/apt/sources.list.d/mongodb-org.list \ + && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 \ + && apt-get -y --allow-insecure-repositories update \ + && apt-get -y --no-install-recommends --allow-unauthenticated install \ + mongodb-org-server \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/unifi_sysvinit_all.deb -o /tmp/unifi-${VERSION}.deb \ + && apt-get -y purge \ + apt-utils dirmngr gnupg2 \ + && apt-get -y autoremove --purge \ + && apt-get -y clean autoclean \ + && dpkg --force-all -i /tmp/unifi-${VERSION}.deb \ + && rm -rf data logs run \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.debian.mongodb4 b/9.0/official/Dockerfile.debian.mongodb4 new file mode 100644 index 0000000..f6f1692 --- /dev/null +++ b/9.0/official/Dockerfile.debian.mongodb4 @@ -0,0 +1,77 @@ +FROM debian:bullseye-slim + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Debian \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBIAN_FRONTEND=noninteractive \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && groupadd -r unifi -g $PGID \ + && useradd --no-log-init -r -u $PUID -g $PGID unifi \ + && mkdir -p /usr/share/man/man1 \ + && apt-get -y update \ + && apt-get -y install apt-utils \ + && apt-get -y --no-install-recommends install \ + dirmngr gnupg2 \ + && apt-get -y update \ + && apt-get -y --no-install-recommends install \ + binutils curl gosu \ + libcap2 libcap2-bin procps \ + tzdata \ + && apt-get -y --no-install-recommends install \ + ca-certificates-java \ + && apt-get -y --no-install-recommends install \ + openjdk-17-jre-headless \ + && curl -fsSL https://www.mongodb.org/static/pgp/server-4.0.asc | \ + apt-key add - \ + && echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" \ + > /etc/apt/sources.list.d/mongodb-org-4.0.list \ + && apt-get -y update \ + && apt-get -y --no-install-recommends install \ + mongodb-org-server \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/unifi_sysvinit_all.deb -o /tmp/unifi-${VERSION}.deb \ + && apt-get -y purge \ + apt-utils dirmngr gnupg2 \ + && apt-get -y autoremove --purge \ + && apt-get -y clean autoclean \ + && dpkg --force-all -i /tmp/unifi-${VERSION}.deb \ + && rm -rf data logs run \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.debian.mongodb5 b/9.0/official/Dockerfile.debian.mongodb5 new file mode 100644 index 0000000..275faf0 --- /dev/null +++ b/9.0/official/Dockerfile.debian.mongodb5 @@ -0,0 +1,78 @@ +FROM debian:bullseye-slim + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Debian \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBIAN_FRONTEND=noninteractive \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && groupadd -r unifi -g $PGID \ + && useradd --no-log-init -r -u $PUID -g $PGID unifi \ + && mkdir -p /usr/share/man/man1 \ + && apt-get -y update \ + && apt-get -y install apt-utils \ + && apt-get -y --no-install-recommends install \ + dirmngr gnupg2 \ + && apt-get -y update \ + && apt-get -y --no-install-recommends install \ + binutils curl gosu \ + libcap2 libcap2-bin procps \ + tzdata \ + && apt-get -y --no-install-recommends install \ + ca-certificates-java \ + && apt-get -y --no-install-recommends install \ + openjdk-17-jre-headless \ + && curl -fsSL https://pgp.mongodb.com/server-5.0.asc | \ + gpg -o /usr/share/keyrings/mongodb-server-5.0.gpg \ + --dearmor \ + && echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-5.0.gpg] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \ + > /etc/apt/sources.list.d/mongodb-org-5.0.list \ + && apt-get -y update \ + && apt-get -y --no-install-recommends install \ + mongodb-org-server \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/unifi_sysvinit_all.deb -o /tmp/unifi-${VERSION}.deb \ + && apt-get -y purge \ + apt-utils dirmngr gnupg2 \ + && apt-get -y autoremove --purge \ + && apt-get -y clean autoclean \ + && dpkg --force-all -i /tmp/unifi-${VERSION}.deb \ + && rm -rf data logs run \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.debian.nomongo b/9.0/official/Dockerfile.debian.nomongo new file mode 100644 index 0000000..665ef23 --- /dev/null +++ b/9.0/official/Dockerfile.debian.nomongo @@ -0,0 +1,67 @@ +FROM debian:bullseye-slim + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Debian.nomongo \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBIAN_FRONTEND=noninteractive \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && groupadd -r unifi -g $PGID \ + && useradd --no-log-init -r -u $PUID -g $PGID unifi \ + && mkdir -p /usr/share/man/man1 \ + && apt-get -y update \ + && apt-get -y install apt-utils \ + && apt-get -y --no-install-recommends install \ + binutils curl gosu \ + libcap2 libcap2-bin procps \ + tzdata \ + && apt-get -y --no-install-recommends install \ + ca-certificates-java \ + && apt-get -y --no-install-recommends install \ + openjdk-17-jre-headless \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/unifi_sysvinit_all.deb -o /tmp/unifi-${VERSION}.deb \ + && apt-get -y purge \ + apt-utils \ + && apt-get -y autoremove --purge \ + && apt-get -y clean autoclean \ + && dpkg --force-all -i /tmp/unifi-${VERSION}.deb \ + && rm -rf data logs run \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Dockerfile.ubuntu.nomongo b/9.0/official/Dockerfile.ubuntu.nomongo new file mode 100644 index 0000000..41cc1f9 --- /dev/null +++ b/9.0/official/Dockerfile.ubuntu.nomongo @@ -0,0 +1,64 @@ +FROM ubuntu:20.04 + +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +LABEL \ + org.opencontainers.image.vendor="The Goofball - goofball222@gmail.com" \ + org.opencontainers.image.url="https://github.com/goofball222/unifi" \ + org.opencontainers.image.title="UniFi Controller" \ + org.opencontainers.image.description="UniFi Controller" \ + org.opencontainers.image.version=${VERSION}-Ubuntu.nomongo \ + org.opencontainers.image.source="https://github.com/goofball222/unifi" \ + org.opencontainers.image.revision=${VCS_REF} \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.licenses="Apache-2.0" + +ENV \ + BIND_PRIV=false \ + DEBIAN_FRONTEND=noninteractive \ + DEBUG=false \ + JVM_EXTRA_OPTS= \ + JVM_INIT_HEAP_SIZE= \ + JVM_MAX_HEAP_SIZE=1024M \ + PGID=999 \ + PUID=999 \ + RUN_CHOWN=true \ + RUNAS_UID0=false + +WORKDIR /usr/lib/unifi + +COPY root / + +RUN set -x \ + && groupadd -r unifi -g $PGID \ + && useradd --no-log-init -r -u $PUID -g $PGID unifi \ + && apt-get -y update \ + && apt-get -y install apt-utils \ + && apt-get -y --no-install-recommends install \ + binutils curl dirmngr gosu \ + libcap2 libcap2-bin procps \ + tzdata \ + && apt-get -y --no-install-recommends install \ + ca-certificates-java openjdk-17-jre-headless \ + && curl -sSL https://dl.ui.com/unifi/${VERSION}/unifi_sysvinit_all.deb -o /tmp/unifi-${VERSION}.deb \ + && apt-get -y purge \ + dirmngr \ + && apt-get -y autoremove --purge \ + && apt-get -y clean autoclean \ + && dpkg --force-all -i /tmp/unifi-${VERSION}.deb \ + && rm -rf data logs run \ + && bash -c 'mkdir -p {data,logs,run,cert}' \ + && chown -R unifi:unifi /usr/lib/unifi \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/log/* + +EXPOSE 3478/udp 6789/tcp 8080/tcp 8443/tcp 8843/tcp 8880/tcp 10001/udp + +VOLUME ["/usr/lib/unifi/cert", "/usr/lib/unifi/data", "/usr/lib/unifi/logs"] + +HEALTHCHECK --start-period=2m CMD /usr/local/bin/docker-healthcheck.sh + +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD ["unifi"] diff --git a/9.0/official/Makefile b/9.0/official/Makefile new file mode 100644 index 0000000..38cf90f --- /dev/null +++ b/9.0/official/Makefile @@ -0,0 +1,72 @@ +-include ../../*.mk +-include ../*.mk +-include *.mk + + + +NS ?= goofball222 + +IMAGE_NAME ?= unifi +CONTAINER_NAME ?= unifi +CONTAINER_INSTANCE ?= default + +VCS_REF := $(strip $(shell git rev-parse --short HEAD)) +BUILD_DATE := $(strip $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")) +VERSION := $(strip $(shell cat VERSION)) + +ifndef VERSION +$(error You need to create a VERSION file to build a release) +endif + +ifndef DOCKERFILE +$(error You need to set the DOCKERFILE path you want to build from) +endif + +ifndef TAG +TAG := $(notdir $(shell pwd)) +endif + + + +.PHONY: build shell debug run start stop rm rmi test clean + + + +default: build + + + +build: + docker buildx build \ + --build-arg VCS_REF=$(VCS_REF) \ + --build-arg BUILD_DATE=$(BUILD_DATE) \ + --build-arg VERSION=$(VERSION) \ + -f $(DOCKERFILE) \ + -t $(NS)/$(IMAGE_NAME):$(TAG) . + +shell: + -docker run -it --rm --name $(CONTAINER_NAME)_$(CONTAINER_INSTANCE) $(PORTS) $(VOLUMES) $(OTHER) $(ENV) $(NS)/$(IMAGE_NAME):$(TAG) /bin/bash + +run: + -docker run --rm --name $(CONTAINER_NAME)_$(CONTAINER_INSTANCE) $(PORTS) $(VOLUMES) $(OTHER) $(ENV) $(NS)/$(IMAGE_NAME):$(TAG) + +start: + -docker run -d --name $(CONTAINER_NAME)_$(CONTAINER_INSTANCE) $(PORTS) $(VOLUMES) $(OTHER) $(ENV) $(NS)/$(IMAGE_NAME):$(TAG) + +stop: + -docker stop $(CONTAINER_NAME)_$(CONTAINER_INSTANCE) + +rm: + -docker rm $(CONTAINER_NAME)_$(CONTAINER_INSTANCE) + +rmi: + -docker rmi $(NS)/$(IMAGE_NAME):$(TAG) + +test: + @echo docker build \ + --build-arg VCS_REF=$(VCS_REF) \ + --build-arg BUILD_DATE=$(BUILD_DATE) \ + --build-arg VERSION=$(VERSION) \ + -t $(NS)/$(IMAGE_NAME):$(TAG) . + +clean: stop rm rmi diff --git a/9.0/official/VERSION b/9.0/official/VERSION new file mode 100644 index 0000000..3716940 --- /dev/null +++ b/9.0/official/VERSION @@ -0,0 +1 @@ +9.0.108 diff --git a/9.0/official/hooks/build b/9.0/official/hooks/build new file mode 100755 index 0000000..b98cb82 --- /dev/null +++ b/9.0/official/hooks/build @@ -0,0 +1,10 @@ +#!/bin/bash + +# $IMAGE_NAME var is injected into the build so the tag is correct. + +#echo "Build hook running" +docker build \ + --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \ + --build-arg VCS_REF=`git rev-parse --short HEAD` \ + --build-arg VERSION=`cat VERSION` \ + -f $DOCKERFILE_PATH -t $DOCKER_REPO:${DOCKER_TAG//,/ -t $DOCKER_REPO:} . diff --git a/9.0/official/root/etc/ld-musl-x86_64.path b/9.0/official/root/etc/ld-musl-x86_64.path new file mode 100644 index 0000000..45b41f6 --- /dev/null +++ b/9.0/official/root/etc/ld-musl-x86_64.path @@ -0,0 +1,5 @@ +/lib +/usr/lib +/usr/local/lib +/usr/lib/jvm/java-17-openjdk/jre/lib +/usr/lib/jvm/java-17-openjdk/jre/lib/server diff --git a/9.0/official/root/usr/lib/unifi/system.properties.default b/9.0/official/root/usr/lib/unifi/system.properties.default new file mode 100644 index 0000000..c65fbb2 --- /dev/null +++ b/9.0/official/root/usr/lib/unifi/system.properties.default @@ -0,0 +1,44 @@ +## system.properties +# +# each unifi instance requires a set of ports: +# +## device inform +# unifi.http.port=8080 +## controller UI / API +# unifi.https.port=8443 +## portal redirect port for HTTP +# portal.http.port=8880 +## portal redirect port for HTTPs +# portal.https.port=8843 +## local-bound port for DB server +# unifi.db.port=27117 +## UDP port used for STUN +# unifi.stun.port=3478 +# +## the IP devices should be talking to for inform +# system_ip=a.b.c.d +## disable mongodb journaling +# unifi.db.nojournal=false +## extra mongod args +# unifi.db.extraargs +# +## HTTPS options +# unifi.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA +# unifi.https.sslEnabledProtocols=TLSv1,SSLv2Hello +# unifi.https.hsts=false +# unifi.https.hsts.max_age=31536000 +# unifi.https.hsts.preload=false +# unifi.https.hsts.subdomain=false +# +# Ports reserved for device redirector. There is no need to open +# firewall for these ports on controller, however do NOT set +# controller to use these ports. +# +# portal.redirector.port=8881 +# portal.redirector.port.wired=8882 +# +# Port used for throughput measurement. +# unifi.throughput.port=6789 +# +unifi.logStdout=true +unifi.config.readEnv=true diff --git a/9.0/official/root/usr/local/bin/docker-entrypoint.sh b/9.0/official/root/usr/local/bin/docker-entrypoint.sh new file mode 100755 index 0000000..ec7d26d --- /dev/null +++ b/9.0/official/root/usr/local/bin/docker-entrypoint.sh @@ -0,0 +1,127 @@ +#!/usr/bin/env bash + +# docker-entrypoint.sh script for UniFi Docker container +# License: Apache-2.0 +# Github: https://github.com/goofball222/unifi +SCRIPT_VERSION="1.1.3" +# Last updated date: 2024-03-01 + +set -Eeuo pipefail + +if [ "${DEBUG}" == 'true' ]; then + set -x + LOGSTDOUT="true" +fi + +. /usr/local/bin/entrypoint-functions.sh + +BASEDIR="/usr/lib/unifi" +CERTDIR=${BASEDIR}/cert +DATADIR=${BASEDIR}/data +LOGDIR=${BASEDIR}/logs +RUNDIR=${BASEDIR}/run + +LOGSTDOUT=${LOGSTDOUT:-"false"} +READENV=${READENV:-"true"} + +f_log "INFO - Entrypoint script version ${SCRIPT_VERSION}" +f_log "INFO - Entrypoint functions version ${ENTRYPOINT_FUNCTIONS_VERSION}" + +[ ! -z "${JVM_MAX_HEAP_SIZE}" ] && JVM_EXTRA_OPTS="${JVM_EXTRA_OPTS} -Xmx${JVM_MAX_HEAP_SIZE}" +[ ! -z "${JVM_INIT_HEAP_SIZE}" ] && JVM_EXTRA_OPTS="${JVM_EXTRA_OPTS} -Xms${JVM_INIT_HEAP_SIZE}" + +JVM_EXTRA_OPTS="${JVM_EXTRA_OPTS} -Dunifi.datadir=${DATADIR} -Dunifi.logdir=${LOGDIR} -Dunifi.rundir=${RUNDIR}" + +JVM_OPTS="${JVM_EXTRA_OPTS} -Djava.awt.headless=true -Dfile.encoding=UTF-8 --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/sun.security.util=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED" + +cd ${BASEDIR} + +f_exit_handler() { + f_log "INFO - Exit signal received, commencing shutdown" + exec /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar stop & + for i in `seq 0 25`; do + [ -z "$(pgrep -f ${BASEDIR}/lib/ace.jar)" ] && break + # graceful shutdown + [ $i -gt 0 ] && [ -d ${RUNDIR} ] && touch ${RUNDIR}/server.stop || true + # savage shutdown + [ $i -gt 19 ] && pkill -f ${BASEDIR}/lib/ace.jar || true + sleep 1 + done + f_log "INFO - Shutdown complete. Nothing more to see here. Have a nice day!" + f_log "INFO - Exit with status code ${?}" + exit ${?}; +} + +f_idle_handler() { + if [ "$LOGSTDOUT" = 'true' ]; then + while true + do + tail -f /dev/null & wait ${!} + done + else + while true + do + tail -F -n0 ${LOGDIR}/server.log & wait ${!} + done + fi +} + +trap 'kill ${!}; f_exit_handler' SIGHUP SIGINT SIGQUIT SIGTERM + +if [ "$(id -u)" = '0' ]; then + f_log "INFO - Entrypoint running with UID 0 (root)" + if [[ "${@}" == 'unifi' ]]; then + f_giduid + f_mongo + f_sysprop + f_ssl + f_bindpriv + f_chown + if [ "${RUNAS_UID0}" == 'true' ]; then + f_log "INFO - RUNAS_UID0=true - running UniFi processes as UID 0 (root)" + f_log "WARN - ======================================================================" + f_log "WARN - *** Running as UID 0 (root) is an insecure configuration ***" + f_log "WARN - ======================================================================" + f_log "EXEC - /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start" + exec /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start & + f_idle_handler + else + if [ -x "/sbin/su-exec" ]; then + f_log "INFO - Use su-exec to drop privileges and start Java/UniFi as GID=${PGID}, UID=${PUID}" + f_log "EXEC - su-exec unifi:unifi /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start" + exec su-exec unifi:unifi /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start & + f_idle_handler + elif [ -x "/usr/sbin/gosu" ]; then + f_log "INFO - Use gosu to drop privileges and start Java/UniFi as GID=${PGID}, UID=${PUID}" + f_log "EXEC - gosu unifi:unifi /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start" + exec gosu unifi:unifi /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start & + f_idle_handler + else + f_log "ERROR - su-exec/gosu NOT FOUND. Run state is invalid. Exiting." + exit 1; + fi + fi + else + f_log "EXEC - ${@} as UID 0 (root)" + exec "${@}" + fi +else + f_log "WARN - Container/entrypoint not started as UID 0 (root)" + f_log "WARN - Unable to change permissions or set custom GID/UID if configured" + f_log "WARN - Process will be spawned with GID=$(id -g), UID=$(id -u)" + f_log "WARN - Depending on permissions requested command may not work" + if [[ "${@}" == 'unifi' ]]; then + f_mongo + f_sysprop + f_ssl + f_log "EXEC - /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start" + exec /usr/bin/java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start & + f_idle_handler + else + f_log "EXEC - ${@}" + exec "${@}" + fi +fi + +# Script should never make it here, but just in case exit with a generic error code if it does +exit 1; diff --git a/9.0/official/root/usr/local/bin/docker-healthcheck.sh b/9.0/official/root/usr/local/bin/docker-healthcheck.sh new file mode 100755 index 0000000..d90fe93 --- /dev/null +++ b/9.0/official/root/usr/local/bin/docker-healthcheck.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +# entrypoint-functions.sh script for UniFi Docker container +# License: Apache-2.0 +# Github: https://github.com/goofball222/unifi +HEALTHCHECK_VERSION="1.0.1" +# Last updated date: 2019-12-06 + +BASEDIR="/usr/lib/unifi" +DATADIR=${BASEDIR}/data + +[ ! -f ${DATADIR}/system.properties ] || api_port=$(grep "^[^#;]" ${DATADIR}/system.properties | sed -n 's/unifi.http.port=\([0-9]\+\)/\1/p') + +api_port=${api_port:-8080} + +http_code=$(curl -s --connect-timeout 1 -o /dev/null -w "%{http_code}" http://localhost:${api_port}/status) + +#MAX_WAIT=25 + +#for i in `seq 1 ${MAX_WAIT}` ; do +# if [ "${http_code}" != "200" ]; then +# sleep 1 http_code=$(curl -s --connect-timeout 1 -o /dev/null -w "%{http_code}" http://localhost:${api_port}/status) +# else +# break +# fi +#done + +if [ "${http_code}" != "200" ]; then + echo "Error: UniFi API http status code ${http_code}, expecting 200" + exit 1 + else + echo "UniFi API http status code ${http_code}: OK" + exit 0 +fi diff --git a/9.0/official/root/usr/local/bin/entrypoint-functions.sh b/9.0/official/root/usr/local/bin/entrypoint-functions.sh new file mode 100755 index 0000000..141c3d2 --- /dev/null +++ b/9.0/official/root/usr/local/bin/entrypoint-functions.sh @@ -0,0 +1,169 @@ +#!/usr/bin/env bash + +# entrypoint-functions.sh script for UniFi Docker container +# License: Apache-2.0 +# Github: https://github.com/goofball222/unifi +ENTRYPOINT_FUNCTIONS_VERSION="1.1.0" +# Last updated date: 2024-01-18 + +f_bindpriv() { + JAVABIN=$(readlink -f /usr/bin/java) + if [ "${BIND_PRIV}" == 'true' ] && [ "${RUNAS_UID0}" == 'false' ]; then + f_log "INFO - Support binding ports <1024 'setcap 'cap_net_bind_service=+ep' ${JAVABIN}'" + if setcap 'cap_net_bind_service=+ep' ${JAVABIN}; then + sleep 1 + else + f_log "ERROR - BIND_PRIV=true and 'setcap' command failed on this Docker host" + f_log "ERROR - If binding ports <1024 required on this Docker host use RUNAS_UID0=true instead" + f_log "ERROR - Container run state is invalid, exiting..." + exit 1; + fi + fi +} + +f_chown() { + if [ "${RUN_CHOWN}" == 'false' ] && [ "${RUNAS_UID0}" == 'false' ]; then + if [ ! "$(stat -c %u ${BASEDIR})" = "${PUID}" ] || [ ! "$(stat -c %u ${CERTDIR})" = "${PUID}" ] \ + || [ ! "$(stat -c %u ${DATADIR})" = "${PUID}" ] || [ ! "$(stat -c %u ${LOGDIR})" = "${PUID}" ] \ + || [ ! "$(stat -c %u ${RUNDIR})" = "${PUID}" ]; then + f_log "WARN - Configured PUID doesn't match owner of a required directory. Ignoring RUN_CHOWN=false" + f_log "INFO - Ensuring permissions are correct before continuing - 'chown -R unifi:unifi ${BASEDIR}'" + f_log "INFO - Running recursive 'chown' on Docker overlay2 storage is **really** slow. This may take a bit." + chown -R unifi:unifi ${BASEDIR} + else + f_log "INFO - Explicitly setting owner on '${LOGDIR}/*.log' and '${DATADIR}/system.properties'" + chown unifi:unifi ${DATADIR}/system.properties + chown unifi:unifi ${LOGDIR}/*.log + f_log "INFO - RUN_CHOWN=false - Not running 'chown -R unifi:unifi ${BASEDIR}', assume subdir/file permissions OK" + fi + elif [ "${RUNAS_UID0}" == 'true' ]; then + f_log "INFO - RUNAS_UID0=true - Not running 'chown -R unifi:unifi ${BASEDIR}', no need to worry about permissions." + else + f_log "INFO - Ensuring permissions are correct before continuing - 'chown -R unifi:unifi ${BASEDIR}'" + f_log "INFO - Running recursive 'chown' on Docker overlay2 storage is **really** slow. This may take a bit." + chown -R unifi:unifi ${BASEDIR} + fi +} + +f_giduid() { + UNIFI_GID=${UNIFI_GID:-} + UNIFI_UID=${UNIFI_UID:-} + if [ ! -z "${UNIFI_GID}" ]; then + f_log "INFO - UNIFI_GID is set. Please use the updated PGID variable. Automatically converting to PGID." + PGID=${UNIFI_GID} + fi + if [ ! -z "${UNIFI_UID}" ]; then + f_log "INFO - UNIFI_UID is set. Please use the updated PUID variable. Automatically converting to PUID." + PUID=${UNIFI_UID} + fi + if [ "$(id unifi -g)" != "${PGID}" ] || [ "$(id unifi -u)" != "${PUID}" ]; then + f_log "INFO - Setting custom unifi GID/UID: GID=${PGID}, UID=${PUID}" + groupmod -o -g ${PGID} unifi + usermod -o -u ${PUID} unifi + else + f_log "INFO - GID/UID for unifi are unchanged: GID=${PGID}, UID=${PUID}" + fi +} + +f_log() { + echo "$(date +"[%Y-%m-%d %T,%3N]") $*" | tee -a ${BASEDIR}/logs/server.log +} + +f_mongo() { + DB_MONGO_LOCAL=${DB_MONGO_LOCAL:-} + DB_MONGO_URI=${DB_MONGO_URI:-} + STATDB_MONGO_URI=${STATDB_MONGO_URI:-} + UNIFI_DB_NAME=${UNIFI_DB_NAME:-} + if [ -x "/usr/bin/mongod" ]; then + if [ -z "${DB_MONGO_LOCAL}" ] || [ -z "${DB_MONGO_URI}" ] || [ -z "${STATDB_MONGO_URI}" ] \ + || [ -z "${UNIFI_DB_NAME}" ]; then + f_log "WARN - ======================================================================" + f_log "WARN - One or more of: 'DB_MONGO_LOCAL', 'DB_MONGO_URI', 'STATDB_MONGO_URI', or 'UNIFI_DB_NAME' is unset." + f_log "WARN - In the future you should consider running UniFi on Docker with an external Mongo DB instance defined." + f_log "WARN - *** Please check the README.md and examples at https://github.com/goofball222/unifi ***" + f_log "WARN - ======================================================================" + fi + else + if [ -z "${DB_MONGO_LOCAL}" ] || [ -z "${DB_MONGO_URI}" ] || [ -z "${STATDB_MONGO_URI}" ] \ + || [ -z "${UNIFI_DB_NAME}" ]; then + f_log "ERROR - ======================================================================" + f_log "ERROR - One or more of: 'DB_MONGO_LOCAL', 'DB_MONGO_URI', 'STATDB_MONGO_URI', or 'UNIFI_DB_NAME' is unset." + f_log "ERROR - This container cannot run UniFi without all Mongo external env variables defined correctly." + f_log "ERROR - They must be pointed to a valid external Mongo DB container or host instance." + f_log "ERROR - *** Please check the README.md and examples at https://github.com/goofball222/unifi ***" + f_log "ERROR - ======================================================================" + f_log "ERROR - Container run environment is invalid, exiting..." + exit 1; + fi + fi +} + +f_ssl() { + if [ -e ${CERTDIR}/privkey.pem ] && [ -e ${CERTDIR}/cert.pem ]; then + if `/usr/bin/sha256sum -c ${CERTDIR}/unificert.sha256 &> /dev/null`; then + f_log "INFO - SSL: certificate files unchanged, continuing with UniFi startup" + f_log "INFO - SSL: To force rerun import process: delete '${CERTDIR}/unificert.sha256' and restart the container" + else + if [ ! -e ${DATADIR}/keystore ]; then + f_log "WARN - SSL: keystore does not exist, generating it with Java keytool" + keytool -genkey -keyalg RSA -alias unifi -keystore ${DATADIR}/keystore \ + -storepass aircontrolenterprise -keypass aircontrolenterprise -validity 1825 \ + -keysize 4096 -dname "cn=UniFi" + else + f_log "INFO - SSL: backup existing '${DATADIR}/keystore' to '${DATADIR}/keystore-$(date +%s)'" + cp ${DATADIR}/keystore ${DATADIR}/keystore-$(date +%s) + fi + f_log "INFO - SSL: custom certificate keystore update" + f_log "INFO - SSL: openssl combine custom private key and certificate into temporary PKCS12 file" + openssl pkcs12 -export \ + -inkey ${CERTDIR}/privkey.pem \ + -in ${CERTDIR}/cert.pem \ + -out ${CERTDIR}/certtemp.p12 \ + -name unifi -password pass:temppass + f_log "INFO - SSL: Java keytool import PKCS12 '${CERTDIR}/certtemp.p12' file into '${DATADIR}/keystore'" + keytool -importkeystore -deststorepass aircontrolenterprise \ + -destkeypass aircontrolenterprise -destkeystore ${DATADIR}/keystore \ + -srckeystore ${CERTDIR}/certtemp.p12 -srcstoretype PKCS12 \ + -srcstorepass temppass -alias unifi -noprompt + f_log "INFO - SSL: Removing temporary PKCS12 file" + rm ${CERTDIR}/certtemp.p12 + f_log "INFO - SSL: Store SHA256 hash of private key and certificate file" + /usr/bin/sha256sum ${CERTDIR}/privkey.pem > ${CERTDIR}/unificert.sha256 + /usr/bin/sha256sum ${CERTDIR}/cert.pem >> ${CERTDIR}/unificert.sha256 + f_log "INFO - SSL: completed update of custom certificate in '${DATADIR}/keystore'" + f_log "INFO - SSL: Check above ***here*** for errors if your custom certificate import isn't working" + f_log "INFO - SSL: To force rerun import process: delete '${CERTDIR}/unificert.sha256' and restart the container" + fi + else + [ -f ${CERTDIR}/privkey.pem ] || f_log "WARN - Custom SSL: missing '${CERTDIR}/privkey.pem'" + [ -f ${CERTDIR}/cert.pem ] || f_log "WARN - Custom SSL: missing '${CERTDIR}/cert.pem'" + if [ -e ${CERTDIR}/fullchain.pem ]; then + f_log "WARN - UniFi v7.3+ Custom SSL: *********** '${CERTDIR}/fullchain.pem' IS DEPRECATED ***********" + f_log "WARN - UniFi v7.3+ Custom SSL: Use a single / non-chain cert file named '${CERTDIR}/cert.pem' moving forward" + f_log "WARN - UniFi v7.3+ Custom SSL: Failure to update current setup may result in constant errors" + fi + f_log "WARN - Custom SSL: certificate import was NOT performed" + fi +} + +f_sysprop() { + # UniFi system.properties container mode setup (echo logs to STDOUT, support ENV read) + f_log "INFO - Checking system.properties setup for container" + if [ ! -e ${DATADIR}/system.properties ]; then + f_log "INFO - '${DATADIR}/system.properties' doesn't exist, copying from '${BASEDIR}/system.properties.default'" + cp ${BASEDIR}/system.properties.default ${DATADIR}/system.properties + else + f_log "INFO - Existing '${DATADIR}/system.properties' found, ensuring container mode options are enabled" + if ! grep -q "unifi.logStdout" "${DATADIR}/system.properties"; then + echo "unifi.logStdout=${LOGSTDOUT}" >> ${DATADIR}/system.properties + else + sed -i "/unifi.logStdout/c\unifi.logStdout=${LOGSTDOUT}" ${DATADIR}/system.properties + fi + + if ! grep -q "unifi.config.readEnv" "${DATADIR}/system.properties"; then + echo "unifi.config.readEnv=${READENV}" >> ${DATADIR}/system.properties + else + sed -i "/unifi.config.readEnv/c\unifi.config.readEnv=${READENV}" ${DATADIR}/system.properties + fi + fi +} diff --git a/CHANGELOG.md b/CHANGELOG.md index c856ddc..1055428 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +* **2025-01-06:** + * Create 9.0/official, v[9.0.108](https://community.ui.com/releases/UniFi-Network-Application-9-0-108/4e4c885a-311f-41b1-ad5d-9b6afcee77f7) + * Promote 9.0 official to "latest", "latest-alpine" and "latest-ubuntu" tags + * Tag 9.0.108 release +--- * **2024-12-27:** * Update 9.0/beta to [9.0.108](https://community.ui.com/releases/UniFi-Network-Application-9-0-108/248de26a-ad59-4d01-b8eb-33556fa9683b) --- diff --git a/README.md b/README.md index f91204b..648bf81 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,10 @@ ## Docker tags: | Tag | UniFi Version | Description | Release Date | | --- | :---: | --- | :---: | -| [8.6, 8.6-alpine, 8.6-debian, 8.6-ubuntu, latest, latest-alpine, latest-debian, latest-ubuntu](https://github.com/goofball222/unifi/blob/main/8.6/official/Dockerfile) | [8.6.9](https://community.ui.com/releases/UniFi-Network-Application-8-6-9/e4bd3f71-a2c4-4c98-b12a-a8b0b1c2178e) | UniFi Network Application official release | 2024-11-07 | +| [9.0, 9.0-alpine, 9.0-debian, 9.0-ubuntu, latest, latest-alpine, latest-debian, latest-ubuntu](https://github.com/goofball222/unifi/blob/main/9.0/official/Dockerfile) | [9.0.108](https://community.ui.com/releases/UniFi-Network-Application-9-0-108/4e4c885a-311f-41b1-ad5d-9b6afcee77f7) | UniFi Network Application official release | 2025-01-06 | | [9.0-beta, 9.0-alpine-beta, 9.0-debian-beta, 9.0-ubuntu-beta, latest-beta, latest-alpine-beta, latest-debian-beta, latest-ubuntu-beta](https://github.com/goofball222/unifi/blob/main/9.0/beta/Dockerfile) | [9.0.108](https://community.ui.com/releases/UniFi-Network-Application-9-0-108/248de26a-ad59-4d01-b8eb-33556fa9683b) | UniFi Network Application beta/release candidate | 2024-12-27 | -| [8.5, 8.5-alpine, 8.5-debian, 8.5-ubuntu](https://github.com/goofball222/unifi/blob/main/8.5/official/Dockerfile) | [8.5.6](https://community.ui.com/releases/UniFi-Network-Application-8-5-6/bfa15dd8-8b58-4d40-9d83-73ebe8c9a955) | UniFi Network Application official release | 2024-10-09 | +| [8.6, 8.6-alpine, 8.6-debian, 8.6-ubuntu](https://github.com/goofball222/unifi/blob/main/8.6/official/Dockerfile) | [8.6.9](https://community.ui.com/releases/UniFi-Network-Application-8-6-9/e4bd3f71-a2c4-4c98-b12a-a8b0b1c2178e) | UniFi Network Application official release | 2024-11-07 | +| [9.0.108](https://github.com/goofball222/unifi/releases/tag/9.0.108) | [9.0.108](https://community.ui.com/releases/UniFi-Network-Application-9-0-108/4e4c885a-311f-41b1-ad5d-9b6afcee77f7) | Static official release tag/image | 2025-01-06 | | [8.6.9](https://github.com/goofball222/unifi/releases/tag/8.6.9) | [8.6.9](https://community.ui.com/releases/UniFi-Network-Application-8-6-9/e4bd3f71-a2c4-4c98-b12a-a8b0b1c2178e) | Static official release tag/image | 2024-11-07 | | [8.5.6](https://github.com/goofball222/unifi/releases/tag/8.5.6) | [8.5.6](https://community.ui.com/releases/UniFi-Network-Application-8-5-6/bfa15dd8-8b58-4d40-9d83-73ebe8c9a955) | Static official release tag/image | 2024-10-09 | | [8.4.62](https://github.com/goofball222/unifi/releases/tag/8.4.62) | [8.4.62](https://community.ui.com/releases/UniFi-Network-Application-8-4-62/40240312-bb43-4648-adab-5b05f3d4354e) | Static official release tag/image | 2024-09-11 | diff --git a/release/VERSION b/release/VERSION index 888d4d2..3716940 100644 --- a/release/VERSION +++ b/release/VERSION @@ -1 +1 @@ -8.6.9 +9.0.108