summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey Volkov <av903u@att.com>2018-10-22 16:38:28 +0000
committerAndrey Volkov <av903u@att.com>2018-10-23 14:54:39 -0700
commit0f0bcb7fd3e59cf4346de8278d8312bb463116b3 (patch)
treeb8dfc0f79eb535db3deac554aa286bd4e642a31a
parent763fec9dddce2c026ef9174c156f57d6725684cb (diff)
Update readme
-rw-r--r--README.md131
1 files changed, 38 insertions, 93 deletions
diff --git a/README.md b/README.md
index 1efb900..74aad50 100644
--- a/README.md
+++ b/README.md
@@ -1,120 +1,65 @@
1# docker-aptly 1# docker-aptly
2 2
3**docker-aptly** is container w `aptly` backed by `nginx`. 3## Features
4 4
5**aptly** is a swiss army knife for Debian repository management: it allows you to mirror remote repositories, manage local package repositories, take snapshots, pull new versions of packages along with dependencies, publish as Debian repository. More info are on [aptly.info](http://aptly.info) and on [github](https://github.com/aptly-dev/aptly). 5- Packages are downloaded during the docker image build
6 6- GPG keys for signature may be generated during the docker image build or existing ones are used
7**nginx** is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev. More info is on [nginx.org](http://nginx.org/en/). 7- Nginx blacklist support at runtime
8 8
9## Quickstart 9## Quickstart
10 10
11The following command will run `aptly` and `nginx` in a container: 11The main difference with the upstream repo is packages saved inside a docker image.
12 12During the image building /opt/update_mirror_ubuntu.sh is called to create mirrors, update them,
13```bash 13merge all in one snapshot and publish it. By default, a new GPG key is generated for making a signature for repo.
14docker run \
15 --detach=true \
16 --log-driver=syslog \
17 --restart=always \
18 --name="aptly" \
19 --publish 80:80 \
20 --volume $(pwd)/aptly_files:/opt/aptly \
21 --env FULL_NAME="First Last" \
22 --env EMAIL_ADDRESS="youremail@example.com" \
23 --env GPG_PASSWORD="PickAPassword" \
24 --env HOSTNAME=aptly.example.com \
25 smirart/aptly:latest
26```
27
28### Explane of the flags
29
30Flag | Description
31--- | ---
32`--detach=true` | Run the container in the background
33`--log-driver=syslog` | Send nginx logs to syslog on the Docker host (requires Docker 1.6 or higher)
34`--restart=always` | Automatically start the container when the Docker daemon starts
35`--name="aptly"` | Name of the container
36`--volume $(pwd)/aptly:/opt/aptly` | Path that aptly will use to store its data : mapped path in the container
37`--publish 80:80` | Docker host port : mapped port in the container
38`--env FULL_NAME="First Last"` | The first and last name that will be associated with the GPG apt signing key
39`--env EMAIL_ADDRESS="your@email.com"` | The email address that will be associated with the GPG apt signing key
40`--env GPG_PASSWORD="PickAPassword"` | The password that will be used to encrypt the GPG apt signing key
41`--env HOSTNAME=aptly.example.com` | The hostname of the Docker host that this container is running on
42
43## Setup a client for use your repo
44 14
451. Fetch the public PGP key from your aptly repository and add it to your trusted repositories 15There are two modes: filtered build that fetches only packages specified in assets/packages and
16unfiltered build that fetches all packages. The filtered build is used by default.
46 17
47 ```bash 18To fetch all packages the following command can be used:
48 wget http://YOUR_HOST_FOR_APTLY/aptly_repo_signing.key
49 apt-key add aptly_repo_signing.key
50 ```
51
522. Backup then replace /etc/apt/sources.list
53
54 ```bash
55 cp /etc/apt/sources.list /etc/apt/sources.list.bak
56 echo "deb http://YOUR_HOST_FOR_APTLY/ ubuntu main" > /etc/apt/sources.list
57 apt-get update
58 ```
59
60 > `ubuntu` & `main` may be another. It's require from your repos on aptly.
61
62## Configure the container
63
64For attach to the container and start to configure your aptly use:
65 19
66```bash 20```bash
67docker exec -it aptly /bin/bash 21git clone https://github.com/urpylka/docker-aptly.git
22docker build docker-aptly --build-arg MODE=all
68``` 23```
69 24
70Read [the official documentation](https://www.aptly.info/doc/overview/) for learn more about aptly. 25By default GPG key for making package signature are generated during the build.
71 26You may configure GPG key params via build arguments: FULL_NAME, EMAIL_ADDRESS, and GPG_PASSWORD, like:
72For stop container use:
73 27
74```bash 28```bash
75docker stop aptly 29docker build docker-aptly \
30 --build-arg FULL_NAME="First Last" \
31 --build-arg EMAIL_ADDRESS="youremail@example.com" \
32 --build-arg GPG_PASSWORD="PickAPassword"
76``` 33```
77 34
78### Create a mirror of Ubuntu's main repository 35If you have a GPG key already you can put private and public key in assets/gpg dir.
79 36Keys must have special names: aptly.sec and aptly.pub
801. Attach to the container. How attach? See [Configure the container](#configure-the-container). 37For example:
812. Run `/opt/update_mirror_ubuntu.sh`.
82 38
83By default, this script will automate the creation of an Ubuntu 14.04 Trusty repository with the main and universe components, you can adjust the variables in the script to suit your needs. 39```bash
84 40cp <my private key> docker-aptly/assets/gpg/aptly.sec
85> If the script fails due to network disconnects etc, just re-run it. 41cp <my public key> docker-aptly/assets/gpg/aptly.pub
86
87 The initial download of the repository may take quite some time depending on your bandwidth limits, it may be in your best interest to open a screen, tmux or byobu session before proceeding.
88
89> For host a mirror of Ubuntu's main repository, you'll need upwards of 80GB+ (x86_64 only) of free space as of Feb 2016, plan for growth.
90
91When the script completes, you should have a functional mirror that you can point a client to.
92
93For create Debian's mirror use `/opt/update_mirror_debian.sh`.
94 42
95## Building the container 43docker build docker-aptly \
44 --build-arg GPG_PASSWORD="GPG passphrase for my private key"
45```
96 46
97If you want to customize image or build the container locally, check out this repository and build after: 47To use the Nginx blacklist feature a volume with Nginx config has to be mounted at runtime.
48By default, the following keywords are blocked: telnet, ftp.
49If no volume is mounted then no blacklist will be used.
98 50
99```bash 51```bash
100git clone https://github.com/urpylka/docker-aptly.git 52docker run \
101docker build docker-aptly 53 --name aptly \
54 --detach \
55 --publish 8080:80 \
56 --volume $(pwd)/assets/nginx:/opt/nginx \
57 aptly:test
102``` 58```
103
104## How this image/container works
105
106**Data**
107All of aptly's data (including PGP keys and GPG keyrings) is bind mounted outside of the container to preserve it if the container is removed or rebuilt.
108
109**Networking**
110By default, Docker will map port 80 on the Docker host to port 80 within the container where nginx is configured to listen. You can change the external listening port to map to any port you like. (See [Explane of the flags](#explane-of-the-flags)).
111
112**Security**
113The GPG password which you specified in `GPG_PASSWORD` is stored in plain text and visible as an environment variable inside the container.
114It is set as an enviornment variable to allow for automation of repository updates without user interaction. The GPG password can be removed completely but it is safer to encrypt the GPG keyrings because they are bind mounted outside the container to avoid the necessity of regenerating/redistributing keys if the container is removed or rebuilt.
115
116___ 59___
117 60
61For additional docs see https://github.com/amadev/docker-aptly
62
118* Copyright 2018 Artem B. Smirnov 63* Copyright 2018 Artem B. Smirnov
119* Copyright 2016 Bryan J. Hong 64* Copyright 2016 Bryan J. Hong
120* Licensed under the Apache License, Version 2.0 65* Licensed under the Apache License, Version 2.0