Built-in nscd into the docker image (a better dns caching service) (#3472)
This commit is contained in:
parent
5ccf2d23fc
commit
a0203372ce
|
@ -5,13 +5,29 @@ ARG TARGETPLATFORM
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Install Curl
|
# Specify --no-install-recommends to skip unused dependencies, make the base much smaller!
|
||||||
# Install Apprise, add sqlite3 cli for debugging in the future, iputils-ping for ping, util-linux for setpriv
|
# python3* = apprise's dependencies
|
||||||
# Stupid python3 and python3-pip actually install a lot of useless things into Debian, specify --no-install-recommends to skip them, make the base even smaller than alpine!
|
# sqlite3 = for debugging
|
||||||
|
# iputils-ping = for ping
|
||||||
|
# util-linux = for setpriv (Should be dropped in 2.0.0?)
|
||||||
|
# dumb-init = avoid zombie processes (#480)
|
||||||
|
# curl = for debugging
|
||||||
|
# ca-certificates = keep the cert up-to-date
|
||||||
|
# sudo = for start service nscd with non-root user
|
||||||
|
# nscd = for better DNS caching
|
||||||
|
# (pip) apprise = for notifications
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get --yes --no-install-recommends install python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \
|
apt-get --yes --no-install-recommends install \
|
||||||
sqlite3 iputils-ping util-linux dumb-init git curl ca-certificates && \
|
python3 python3-pip python3-cryptography python3-six python3-yaml python3-click python3-markdown python3-requests python3-requests-oauthlib \
|
||||||
pip3 --no-cache-dir install apprise==1.4.0 && \
|
sqlite3 \
|
||||||
|
iputils-ping \
|
||||||
|
util-linux \
|
||||||
|
dumb-init \
|
||||||
|
curl \
|
||||||
|
ca-certificates \
|
||||||
|
sudo \
|
||||||
|
nscd && \
|
||||||
|
pip3 --no-cache-dir install apprise==1.4.5 && \
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
apt --yes autoremove
|
apt --yes autoremove
|
||||||
|
|
||||||
|
@ -26,3 +42,7 @@ RUN set -eux && \
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
apt --yes autoremove
|
apt --yes autoremove
|
||||||
|
|
||||||
|
# For nscd
|
||||||
|
COPY ./docker/etc/nscd.conf /etc/nscd.conf
|
||||||
|
COPY ./docker/etc/sudoers /etc/sudoers
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,90 @@
|
||||||
|
#
|
||||||
|
# /etc/nscd.conf
|
||||||
|
#
|
||||||
|
# An example Name Service Cache config file. This file is needed by nscd.
|
||||||
|
#
|
||||||
|
# Legal entries are:
|
||||||
|
#
|
||||||
|
# logfile <file>
|
||||||
|
# debug-level <level>
|
||||||
|
# threads <initial #threads to use>
|
||||||
|
# max-threads <maximum #threads to use>
|
||||||
|
# server-user <user to run server as instead of root>
|
||||||
|
# server-user is ignored if nscd is started with -S parameters
|
||||||
|
# stat-user <user who is allowed to request statistics>
|
||||||
|
# reload-count unlimited|<number>
|
||||||
|
# paranoia <yes|no>
|
||||||
|
# restart-interval <time in seconds>
|
||||||
|
#
|
||||||
|
# enable-cache <service> <yes|no>
|
||||||
|
# positive-time-to-live <service> <time in seconds>
|
||||||
|
# negative-time-to-live <service> <time in seconds>
|
||||||
|
# suggested-size <service> <prime number>
|
||||||
|
# check-files <service> <yes|no>
|
||||||
|
# persistent <service> <yes|no>
|
||||||
|
# shared <service> <yes|no>
|
||||||
|
# max-db-size <service> <number bytes>
|
||||||
|
# auto-propagate <service> <yes|no>
|
||||||
|
#
|
||||||
|
# Currently supported cache names (services): passwd, group, hosts, services
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# logfile /var/log/nscd.log
|
||||||
|
# threads 4
|
||||||
|
# max-threads 32
|
||||||
|
# server-user node
|
||||||
|
# stat-user somebody
|
||||||
|
debug-level 0
|
||||||
|
# reload-count 5
|
||||||
|
paranoia no
|
||||||
|
# restart-interval 3600
|
||||||
|
|
||||||
|
enable-cache passwd no
|
||||||
|
positive-time-to-live passwd 600
|
||||||
|
negative-time-to-live passwd 20
|
||||||
|
suggested-size passwd 211
|
||||||
|
check-files passwd yes
|
||||||
|
persistent passwd yes
|
||||||
|
shared passwd yes
|
||||||
|
max-db-size passwd 33554432
|
||||||
|
auto-propagate passwd yes
|
||||||
|
|
||||||
|
enable-cache group no
|
||||||
|
positive-time-to-live group 3600
|
||||||
|
negative-time-to-live group 60
|
||||||
|
suggested-size group 211
|
||||||
|
check-files group yes
|
||||||
|
persistent group yes
|
||||||
|
shared group yes
|
||||||
|
max-db-size group 33554432
|
||||||
|
auto-propagate group yes
|
||||||
|
|
||||||
|
enable-cache hosts yes
|
||||||
|
positive-time-to-live hosts 3600
|
||||||
|
negative-time-to-live hosts 20
|
||||||
|
suggested-size hosts 211
|
||||||
|
check-files hosts yes
|
||||||
|
persistent hosts yes
|
||||||
|
# Set shared to "no" to display stats in `nscd -g`
|
||||||
|
# Read more: https://stackoverflow.com/questions/40429245/nscdcentos7curl-0-dns-cache-hit-rate
|
||||||
|
shared hosts no
|
||||||
|
max-db-size hosts 33554432
|
||||||
|
|
||||||
|
enable-cache services no
|
||||||
|
positive-time-to-live services 28800
|
||||||
|
negative-time-to-live services 20
|
||||||
|
suggested-size services 211
|
||||||
|
check-files services yes
|
||||||
|
persistent services yes
|
||||||
|
shared services yes
|
||||||
|
max-db-size services 33554432
|
||||||
|
|
||||||
|
enable-cache netgroup no
|
||||||
|
positive-time-to-live netgroup 28800
|
||||||
|
negative-time-to-live netgroup 20
|
||||||
|
suggested-size netgroup 211
|
||||||
|
check-files netgroup yes
|
||||||
|
persistent netgroup yes
|
||||||
|
shared netgroup yes
|
||||||
|
max-db-size netgroup 33554432
|
|
@ -0,0 +1,31 @@
|
||||||
|
#
|
||||||
|
# This file MUST be edited with the 'visudo' command as root.
|
||||||
|
#
|
||||||
|
# Please consider adding local content in /etc/sudoers.d/ instead of
|
||||||
|
# directly modifying this file.
|
||||||
|
#
|
||||||
|
# See the man page for details on how to write a sudoers file.
|
||||||
|
#
|
||||||
|
Defaults env_reset
|
||||||
|
Defaults mail_badpass
|
||||||
|
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
|
# Host alias specification
|
||||||
|
|
||||||
|
# User alias specification
|
||||||
|
|
||||||
|
# Cmnd alias specification
|
||||||
|
|
||||||
|
# User privilege specification
|
||||||
|
root ALL=(ALL:ALL) ALL
|
||||||
|
|
||||||
|
# Allow members of group sudo to execute any command
|
||||||
|
%sudo ALL=(ALL:ALL) ALL
|
||||||
|
|
||||||
|
# See sudoers(5) for more information on "#include" directives:
|
||||||
|
|
||||||
|
#includedir /etc/sudoers.d
|
||||||
|
|
||||||
|
# Allow `node` to control service (mainly for nscd)
|
||||||
|
node ALL=(root) NOPASSWD: /usr/sbin/nscdservice
|
||||||
|
node ALL=(root) NOPASSWD: /usr/sbin/service
|
|
@ -49,6 +49,7 @@ if (! process.env.NODE_ENV) {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.info("server", "Node Env: " + process.env.NODE_ENV);
|
log.info("server", "Node Env: " + process.env.NODE_ENV);
|
||||||
|
log.info("server", "Inside Container: " + process.env.UPTIME_KUMA_IS_CONTAINER === "1");
|
||||||
|
|
||||||
log.info("server", "Importing Node libraries");
|
log.info("server", "Importing Node libraries");
|
||||||
const fs = require("fs");
|
const fs = require("fs");
|
||||||
|
@ -1589,6 +1590,8 @@ let needSetup = false;
|
||||||
await shutdownFunction();
|
await shutdownFunction();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
server.start();
|
||||||
|
|
||||||
server.httpServer.listen(port, hostname, () => {
|
server.httpServer.listen(port, hostname, () => {
|
||||||
if (hostname) {
|
if (hostname) {
|
||||||
log.info("server", `Listening on ${hostname}:${port}`);
|
log.info("server", `Listening on ${hostname}:${port}`);
|
||||||
|
|
|
@ -10,6 +10,7 @@ const util = require("util");
|
||||||
const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent");
|
const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent");
|
||||||
const { Settings } = require("./settings");
|
const { Settings } = require("./settings");
|
||||||
const dayjs = require("dayjs");
|
const dayjs = require("dayjs");
|
||||||
|
const childProcess = require("child_process");
|
||||||
// DO NOT IMPORT HERE IF THE MODULES USED `UptimeKumaServer.getInstance()`, put at the bottom of this file instead.
|
// DO NOT IMPORT HERE IF THE MODULES USED `UptimeKumaServer.getInstance()`, put at the bottom of this file instead.
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -334,9 +335,49 @@ class UptimeKumaServer {
|
||||||
dayjs.tz.setDefault(timezone);
|
dayjs.tz.setDefault(timezone);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Stop the server */
|
/**
|
||||||
async stop() {
|
* TODO: Listen logic should be moved to here
|
||||||
|
* @returns {Promise<void>}
|
||||||
|
*/
|
||||||
|
async start() {
|
||||||
|
this.startServices();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Stop the server
|
||||||
|
* @returns {Promise<void>}
|
||||||
|
*/
|
||||||
|
async stop() {
|
||||||
|
this.stopServices();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Start all system services (e.g. nscd)
|
||||||
|
* For now, only used in Docker
|
||||||
|
*/
|
||||||
|
startServices() {
|
||||||
|
if (process.env.UPTIME_KUMA_IS_CONTAINER) {
|
||||||
|
try {
|
||||||
|
log.info("services", "Starting nscd");
|
||||||
|
childProcess.execSync("sudo service nscd start", { stdio: "pipe" });
|
||||||
|
} catch (e) {
|
||||||
|
log.info("services", "Failed to start nscd");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Stop all system services
|
||||||
|
*/
|
||||||
|
stopServices() {
|
||||||
|
if (process.env.UPTIME_KUMA_IS_CONTAINER) {
|
||||||
|
try {
|
||||||
|
log.info("services", "Stopping nscd");
|
||||||
|
childProcess.execSync("sudo service nscd stop");
|
||||||
|
} catch (e) {
|
||||||
|
log.info("services", "Failed to stop nscd");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue