-
Notifications
You must be signed in to change notification settings - Fork 356
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Dockerfile-freeradius + init-freeradius.sh (#129)
* Create Dockerfile-freeradius * Create init-freeradius.sh
- Loading branch information
Showing
2 changed files
with
159 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
# Official daloRADIUS Dockerfile | ||
# GitHub: https://github.com/lirantal/daloradius | ||
# | ||
# Build image: | ||
# 1. git pull git@github.com:lirantal/daloradius.git | ||
# 2. docker build . -t lirantal/daloradius | ||
# | ||
# Run the container: | ||
# 1. docker run -p 80:80 -d lirantal/daloradius | ||
|
||
FROM ubuntu:16.04 | ||
MAINTAINER Liran Tal <liran.tal@gmail.com> | ||
|
||
LABEL Description="daloRADIUS Official Docker based on Ubuntu 16.04 LTS and PHP7." \ | ||
License="GPLv2" \ | ||
Usage="docker build . -t lirantal/daloradius && docker run -d -p 80:80 lirantal/daloradius" \ | ||
Version="1.0" | ||
|
||
# silence package installations to that debpkg doesn't prompt for mysql | ||
# passwords and other input | ||
ENV DEBIAN_FRONTEND "noninteractive" | ||
ENV mysql_pass "" | ||
ENV RADPASS radpass | ||
ENV CLIENT_NET "0.0.0.0/0" | ||
ENV CLIENT_SECRET 891011121314 | ||
|
||
# Local Ubuntu mirror Repository | ||
RUN echo "deb http://foobar.turbo.net.id/ubuntu xenial main universe multiverse restricted" > /etc/apt/sources.list && \ | ||
echo "deb http://foobar.turbo.net.id/ubuntu xenial-security main universe multiverse restricted" >> /etc/apt/sources.list && \ | ||
echo "deb http://foobar.turbo.net.id/ubuntu xenial-updates main universe multiverse restricted" >> /etc/apt/sources.list && \ | ||
echo "deb http://foobar.turbo.net.id/ubuntu xenial-backports main universe multiverse restricted" >> /etc/apt/sources.list | ||
|
||
|
||
# PHP,Apache2,MySQL and FreeRADIUS install | ||
RUN apt-get update && \ | ||
apt-get -y install php7.0 \ | ||
php7.0-cli \ | ||
php7.0-common \ | ||
php7.0-curl \ | ||
php7.0-gd \ | ||
php7.0-mcrypt \ | ||
php7.0-mysql \ | ||
php-mail \ | ||
php-mail-mime nano \ | ||
php-pear \ | ||
php-db \ | ||
freeradius-utils \ | ||
apache2 libapache2-mod-php7.0 \ | ||
mysql-server mysql-client \ | ||
freeradius freeradius-mysql \ | ||
cron | ||
|
||
|
||
# PHP Pear DB library install | ||
RUN pear install DB && rm -rf /var/cache/apk/* | ||
|
||
# Add current project directory which should be a clone of daloradius from: | ||
# git@github.com:lirantal/daloradius.git | ||
|
||
ADD . /var/www/html | ||
RUN chown www-data.www-data -R /var/www/html && mkdir -p /var/run/mysqld | ||
|
||
# Run MySQL server so that it initializes the database and seeds information | ||
#RUN chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; /usr/bin/mysqld_safe & \ | ||
# sleep 10s && \ | ||
# /usr/bin/mysql --host localhost --port 3306 -u root --password="" -e "CREATE DATABASE radius" && \ | ||
# /usr/bin/mysql -u root --password="" radius < /var/www/html/contrib/db/fr2-mysql-daloradius-and-freeradius.sql | ||
|
||
# Enable the .htaccess in /var/www/html | ||
RUN /bin/sed -i 's/AllowOverride\ None/AllowOverride\ All/g' /etc/apache2/apache2.conf | ||
|
||
# Enable PHP short tags | ||
RUN /bin/sed -i "s/short_open_tag\ \=\ Off/short_open_tag\ \=\ On/g" /etc/php/7.0/apache2/php.ini | ||
|
||
# Make init.sh script executable | ||
RUN chmod +x /var/www/html/init-freeradius.sh | ||
|
||
# Remove the original sample index.html file | ||
RUN rm -rf /var/www/html/index.html | ||
|
||
# Create daloRADIUS Log file | ||
RUN touch /var/log/daloradius.log && chown -R www-data:www-data /var/log/daloradius.log | ||
|
||
# Expose FreeRADIUS Ports, MySQL, and Web for daloRADIUS | ||
EXPOSE 1812 1813 80 443 3306 | ||
|
||
# Run the script which executes Apache2 in the foreground as a running process | ||
CMD ["/var/www/html/init-freeradius.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
#!/bin/bash | ||
# Executable process script for daloRADIUS docker image: | ||
# GitHub: git@github.com:lirantal/daloradius.git | ||
mkdir -p /var/run/mysqld && chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; /usr/bin/mysqld_safe & \ | ||
sleep 10s && \ | ||
|
||
mysql -u root --password=$MYSQLTMPROOT -e \ | ||
"CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY '$RADPASS'; \ | ||
flush privileges;" | ||
mysql -uradius --password=$RADPASS radius < /etc/freeradius/sql/mysql/schema.sql | ||
mysql -uradius --password=$RADPASS radius < /etc/freeradius/sql/mysql/nas.sql | ||
mysql -uradius --password=$RADPASS radius < /var/www/html/contrib/db/mysql-daloradius.sql | ||
|
||
sed -i 's/password = "radpass"/password = "'$RADPASS'"/' /etc/freeradius/sql.conf | ||
sed -i 's/#port = 3306/port = 3306/' /etc/freeradius/sql.conf | ||
sed -i -e 's/$INCLUDE sql.conf/\n$INCLUDE sql.conf/g' /etc/freeradius/radiusd.conf | ||
sed -i -e 's|$INCLUDE sql/mysql/counter.conf|\n$INCLUDE sql/mysql/counter.conf|g' /etc/freeradius/radiusd.conf | ||
sed -i -e 's|authorize {|authorize {\nsql|' /etc/freeradius/sites-available/inner-tunnel | ||
sed -i -e 's|session {|session {\nsql|' /etc/freeradius/sites-available/inner-tunnel | ||
sed -i -e 's|authorize {|authorize {\nsql|' /etc/freeradius/sites-available/default | ||
sed -i -e 's|session {|session {\nsql|' /etc/freeradius/sites-available/default | ||
sed -i -e 's|accounting {|accounting {\nsql|' /etc/freeradius/sites-available/default | ||
|
||
sed -i -e 's|auth_badpass = no|auth_badpass = yes|g' /etc/freeradius/radiusd.conf | ||
sed -i -e 's|auth_goodpass = no|auth_goodpass = yes|g' /etc/freeradius/radiusd.conf | ||
sed -i -e 's|auth = no|auth = yes|g' /etc/freeradius/radiusd.conf | ||
|
||
sed -i -e 's|\t# See "Authentication Logging Queries" in sql.conf\n\t#sql|#See "Authentication Logging Queries" in sql.conf\n\tsql|g' /etc/freeradius/sites-available/inner-tunnel | ||
sed -i -e 's|\t# See "Authentication Logging Queries" in sql.conf\n\t#sql|#See "Authentication Logging Queries" in sql.conf\n\tsql|g' /etc/freeradius/sites-available/default | ||
|
||
sed -i -e 's|sqltrace = no|sqltrace = yes|g' /etc/freeradius/sql.conf | ||
|
||
sed -i -e "s/readclients = yes/nreadclients = yes/" /etc/freeradius/sql.conf | ||
echo -e "\nATTRIBUTE Usage-Limit 3000 string\nATTRIBUTE Rate-Limit 3001 string" >> /etc/freeradius/dictionary | ||
|
||
sed -i "s/$configValues\['CONFIG_DB_PASS'\] = '';/$configValues\['CONFIG_DB_PASS'\] = '"$RADPASS"';/" /var/www/html/library/daloradius.conf.php | ||
sed -i "s/$configValues\['CONFIG_DB_USER'\] = 'root';/$configValues\['CONFIG_DB_USER'\] = 'radius';/" /var/www/html/library/daloradius.conf.php | ||
|
||
if [ -n "$CLIENT_NET" ]; then | ||
echo "client $CLIENT_NET { | ||
secret = $CLIENT_SECRET | ||
shortname = clients | ||
}" >> /etc/freeradius/clients.conf | ||
fi | ||
|
||
|
||
#======== DELETE INIT CODE == | ||
echo "#!/bin/bash | ||
#(while : | ||
#do | ||
# mysqld_safe >/dev/null | ||
#done) & | ||
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld | ||
/etc/init.d/mysql start | ||
sleep 3 | ||
# Start Apache2 in the foreground and in debug mode | ||
/usr/sbin/apachectl -DFOREGROUND -k start -e debug & | ||
/usr/sbin/freeradius -X" > /init-freeradius.sh | ||
|
||
|
||
# Start the MySQL service | ||
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld | ||
/etc/init.d/mysql start | ||
sleep 3 | ||
|
||
# Start Apache2 in the foreground and in debug mode | ||
/usr/sbin/apachectl -DFOREGROUND -k start & | ||
/usr/sbin/freeradius -X | ||
# Or with the local httpd.conf use | ||
#&>/dev/null /usr/sbin/apachectl -DFOREGROUND -k start -e debug -d . -f httpd.conf |