kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-02-09 01:06:00 +00:00
Code Issues Projects Releases Wiki Activity
freeswitch/docker/master/Dockerfile
tmancill 0cea9811cd
[Docker] Change default freeswitch UID and GID to 499 in docker/master/Dockerfile 
On several installs on recent Debian and Ubuntu systems, I have noticed
that GID 999 is already allocated on the system running the container,
making it a minor hassle to share a common freeswitch UID and GID
between the Docker host and the container.

The conflicting group id varies, but is typically either one of the systemd
groups or polkitd, which are dynamically created when those packages are
installed.  The behavior stems from the range of system GIDs being
between 100-999 ([see Debian Policy 9.2.2](https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes))
and the fact that system installation dynamically allocates from this
range.  I didn't track down exactly why these daemons are allocating
from the top of the range, since the default behavior of `adduser` and
`addgroup` ([link](6c04aa701a/adduser (L1255-1269)))
is to search from the bottom of the range, and the manpage for
`groupadd` says that it's default is also to use the smallest id,
but perhaps it was to avoid (other) conflicts.

The approach taken in this PR is to default to 499, more in the middle
of the range, which should reduce the chance of conflicting with an
existing system UID and GID.  The values are also now exposed as ARGs
and so can be explicitly set during the build with
`--build-arg="FREESWITCH_UID=xxx"` and `--build-arg="FREESWITCH_GID=yyy"`
if desired.
2024-01-05 18:42:58 +03:00

77 lines
2.8 KiB
Docker
Raw Blame History

# vim:set ft=dockerfile:
ARG DEBIAN_VERSION=bookworm
FROM debian:${DEBIAN_VERSION}
# ARGs are cleared after every FROM
# see: https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
ARG DEBIAN_VERSION
ARG TOKEN
# By default, install the full set of FreeSWITCH packages. Specify an alternative with:
# --build-arg="FS_META_PACKAGE=freeswitch-meta-vanilla"
# alternatives include:
# freeswitch-meta-bare
# freeswitch-meta-vanilla
# freeswitch-meta-sorbet
# freeswitch-meta-all-dbg
ARG FS_META_PACKAGE=freeswitch-meta-all
# Source Dockerfile:
# https://github.com/docker-library/postgres/blob/master/9.4/Dockerfile
# explicitly set user/group IDs
ARG FREESWITCH_UID=499
ARG FREESWITCH_GID=499
RUN groupadd -r freeswitch --gid=${FREESWITCH_GID} && useradd -r -g freeswitch --uid=${FREESWITCH_UID} freeswitch
# make the "en_US.UTF-8" locale so freeswitch will be utf-8 enabled by default
RUN apt-get update -qq \
&& apt-get install -y --no-install-recommends ca-certificates gnupg2 gosu locales wget \
&& localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
ENV LANG en_US.utf8
# https://freeswitch.org/confluence/display/FREESWITCH/Debian
# https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Installation/Linux/Debian_67240088/
RUN wget --no-verbose --http-user=signalwire --http-password=${TOKEN} \
-O /usr/share/keyrings/signalwire-freeswitch-repo.gpg \
https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg \
&& echo "machine freeswitch.signalwire.com login signalwire password ${TOKEN}" > /etc/apt/auth.conf \
&& echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ ${DEBIAN_VERSION} main" > /etc/apt/sources.list.d/freeswitch.list \
&& apt-get -qq update \
&& apt-get install -y ${FS_META_PACKAGE} \
&& apt-get purge -y --auto-remove \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
COPY docker-entrypoint.sh /
# Add anything else here
## Ports
# Document ports used by this container
### 8021 fs_cli, 5060 5061 5080 5081 sip and sips, 5066 ws, 7443 wss, 8081 8082 verto, 16384-32768, 64535-65535 rtp
EXPOSE 8021/tcp
EXPOSE 5060/tcp 5060/udp 5080/tcp 5080/udp
EXPOSE 5061/tcp 5061/udp 5081/tcp 5081/udp
EXPOSE 5066/tcp
EXPOSE 7443/tcp
EXPOSE 8081/tcp 8082/tcp
EXPOSE 64535-65535/udp
EXPOSE 16384-32768/udp
# Volumes
## Freeswitch Configuration
VOLUME ["/etc/freeswitch"]
## Tmp so we can get core dumps out
VOLUME ["/tmp"]
# Limits Configuration
COPY build/freeswitch.limits.conf /etc/security/limits.d/
# Healthcheck to make sure the service is running
SHELL ["/bin/bash", "-c"]
HEALTHCHECK --interval=15s --timeout=5s \
CMD fs_cli -x status | grep -q ^UP || exit 1
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["freeswitch"]
Reference in New Issue View Git Blame Copy Permalink