jhmaverick / hestiacp-docker Goto Github PK
View Code? Open in Web Editor NEWDockerized Hestia Control Panel
License: MIT License
Dockerized Hestia Control Panel
License: MIT License
Hi, I'm trying to generate a custom image but the persistent files look confusing to me.
I see during build
it does backup a selection of files in the container.
rootfs/usr/local/hstc/install/add-default-persistent-files.sh
After that during the boot there is another operation that updates more files persistence.
rootfs/etc/my_init.d/10_updates.sh
I'm confused about how that works specially in regard the /conf
persistent volume.
Can you give us some details about the purpose and operation?
By the way, many thanks for sharing the build environment.
The main reason one would use docker on a server is segregation! This means a flaw in mariadb only affects mariadb, not the whole system. Docker images with multiple services running is less than ideal because of this. While it is useful for a quick and dirty "does this work", it should never be used in a production environment. What would be great is seeing something built that segregates all services to their own containers.
There is also no way to disable insecure applications such as ftp - yes, you can not map the port, but the service is still running.
There is also the issue that host networking and the big ports like 80 and 443 are used, this could be circumvented by use of an edge router such as traefik, or use of nginx proxy manager. Both of these options would allow for easy mapping of domains to other docker services. Want to install plex too? Just throw in a docker-compose with labels to add it to traefik, or set it up with nginx proxy manager! Right now you can't run HestiaCP on a server with only a single IP address and use a useful application such as traefik to route to other containers - this project could improve on that.
The biggest security flaw right now is MARIADB_ROOT_HOST: "%" alongside a mapped port. This means that anybody who knows your server IP can bruteforce your mysql root pass with no issues! Ports that are not needed externally should NEVER be mapped!
I would highly recommend:
While this will be a little bit of work, I think it would make the project much more adoptable in a production environment.
We are a small company running Hestia in production and would like to run it in a kubernetes cluster soon.
Are you interested in working with us on improving this configuration and turning it into an enterprise-ready (but of course open-source) helm chart?
I get an error message when starting the container:
Starting domain name service...: bind9 failed!
Any idea how I can troubleshoot this?
TIA
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.