perf: 优化 ssh 服务启动脚本

chore: Update Dockerfile to use Tencent Cloud mirror for Alpine package repository
chore: Update Dockerfile and bt.sh for security and dependency management improvements
2024-12-20 14:30:21 +08:00 · 2024-12-20 12:40:50 +08:00 · 2024-12-20 11:55:45 +08:00 · 2024-12-18 18:38:13 +08:00 · 2024-12-18 15:56:46 +08:00 · 2024-12-18 15:45:04 +08:00
4 changed files with 1584 additions and 102 deletions
--- a/.cnb.yml
+++ b/.cnb.yml
@ -6,84 +6,84 @@ $:
        build: 
          dockerfile: .ide/Dockerfile
  push:
-    - runner:
-        tags: cnb:arch:amd64
-      services:
-        - docker
-      imports: https://cnb.cool/btpanel/secret/-/blob/main/docker.yml
-      env:
-        IMAGE_TAG: btpanel/baota:latest-linux-amd64
-      stages:
-        - name: docker login
-          script: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWD"
-        - name: docker build
-          script: docker build -t ${IMAGE_TAG} .
-        - name: docker push
-          script: docker push ${IMAGE_TAG}
-        - name: resolve
-          type: cnb:resolve
-          options:
-            key: build-amd64 
+    # - runner:
+    #     tags: cnb:arch:amd64
+    #   services:
+    #     - docker
+    #   imports: https://cnb.cool/btpanel/secret/-/blob/main/docker.yml
+    #   env:
+    #     IMAGE_TAG: btpanel/baota:alpine-linux-amd64
+    #   stages:
+    #     - name: docker login
+    #       script: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWD"
+    #     - name: docker build
+    #       script: docker build -t ${IMAGE_TAG} .
+    #     - name: docker push
+    #       script: docker push ${IMAGE_TAG}
+    #     - name: resolve
+    #       type: cnb:resolve
+    #       options:
+    #         key: build-amd64 
          
-    - runner:
-        tags: cnb:arch:arm64:v8
-      services:
-        - docker
-      imports: https://cnb.cool/btpanel/secret/-/blob/main/docker.yml
-      env:
-        IMAGE_TAG: btpanel/baota:latest-linux-arm64
-      stages:
-        - name: docker login
-          script: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWD"
-        - name: docker build
-          script: docker build -t ${IMAGE_TAG} .
-        - name: docker push
-          script: docker push ${IMAGE_TAG}
-        - name: resolve
-          type: cnb:resolve
-          options:
-            key: build-arm64
+    # - runner:
+    #     tags: cnb:arch:arm64:v8
+    #   services:
+    #     - docker
+    #   imports: https://cnb.cool/btpanel/secret/-/blob/main/docker.yml
+    #   env:
+    #     IMAGE_TAG: btpanel/baota:alpine-linux-arm64
+    #   stages:
+    #     - name: docker login
+    #       script: docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWD"
+    #     - name: docker build
+    #       script: docker build -t ${IMAGE_TAG} .
+    #     - name: docker push
+    #       script: docker push ${IMAGE_TAG}
+    #     - name: resolve
+    #       type: cnb:resolve
+    #       options:
+    #         key: build-arm64

-    - services:
-        - docker
-      imports: https://cnb.cool/btpanel/secret/-/blob/main/docker.yml
-      env:
-        IMAGE_TAG: btpanel/baota:latest
-      stages:
-        - name: await the amd64
-          type: cnb:await
-          options:
-            key: build-amd64
-        - name: await the arm64
-          type: cnb:await
-          options:
-            key: build-arm64
-        - name: manifest
-          image: cnbcool/manifest
-          settings:
-            username: $DOCKER_USERNAME
-            password: $DOCKER_PASSWD
-            target: ${IMAGE_TAG}
-            template: ${IMAGE_TAG}-OS-ARCH
-            platforms:
-              - linux/amd64
-              - linux/arm64
-        - name: clear
-          image: lumir/remove-dockerhub-tag
-          args:
-            - --user
-            - $DOCKER_USERNAME
-            - --password
-            - $DOCKER_PASSWD
-            - ${IMAGE_TAG}-linux-amd64
-            - ${IMAGE_TAG}-linux-arm64
+    # - services:
+    #     - docker
+    #   imports: https://cnb.cool/btpanel/secret/-/blob/main/docker.yml
+    #   env:
+    #     IMAGE_TAG: btpanel/baota:alpine
+    #   stages:
+    #     - name: await the amd64
+    #       type: cnb:await
+    #       options:
+    #         key: build-amd64
+    #     - name: await the arm64
+    #       type: cnb:await
+    #       options:
+    #         key: build-arm64
+    #     - name: manifest
+    #       image: cnbcool/manifest
+    #       settings:
+    #         username: $DOCKER_USERNAME
+    #         password: $DOCKER_PASSWD
+    #         target: ${IMAGE_TAG}
+    #         template: ${IMAGE_TAG}-OS-ARCH
+    #         platforms:
+    #           - linux/amd64
+    #           - linux/arm64
+    #     - name: clear
+    #       image: lumir/remove-dockerhub-tag
+    #       args:
+    #         - --user
+    #         - $DOCKER_USERNAME
+    #         - --password
+    #         - $DOCKER_PASSWD
+    #         - ${IMAGE_TAG}-linux-amd64
+    #         - ${IMAGE_TAG}-linux-arm64

    - runner:
        tags: cnb:arch:amd64
      services:
        - docker
      env:
-        IMAGE_TAG: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:latest-linux-amd64
+        IMAGE_TAG: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:alpine-linux-amd64
      stages:
        - name: docker login
          script: docker login -u ${CNB_TOKEN_USER_NAME} -p "${CNB_TOKEN}" ${CNB_DOCKER_REGISTRY}
@ -101,7 +101,7 @@ $:
      services:
        - docker
      env:
-        IMAGE_TAG: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:latest-linux-arm64
+        IMAGE_TAG: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:alpine-linux-arm64
      stages:
        - name: docker login
          script: docker login -u ${CNB_TOKEN_USER_NAME} -p "${CNB_TOKEN}" ${CNB_DOCKER_REGISTRY}
@ -120,7 +120,7 @@ $:
      services:
        - docker
      env:
-        IMAGE_TAG: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:latest
+        IMAGE_TAG: ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:alpine
      stages:
        - name: await the amd64
          type: cnb:await
@ -145,6 +145,6 @@ $:
          options:
            name: ${CNB_REPO_NAME}
            tags:
-              - latest-linux-amd64
-              - latest-linux-arm64
+              - alpine-linux-amd64
+              - alpine-linux-arm64
            type: docker
--- a/46
+++ b/46
@ -1,48 +1,40 @@
-FROM debian:bookworm
+FROM python:3.7.16-alpine

-# 切换 Debian 镜像源为腾讯云源，更新包列表并安装依赖
-RUN sed -i 's/deb.debian.org/mirrors.tencent.com/g' /etc/apt/sources.list.d/debian.sources \
-    && apt update && apt upgrade -y \
-    && apt install -y \
-    locales \
-    wget iproute2 openssh-server libgd-dev cmake make gcc g++ autoconf \
-    libsodium-dev libonig-dev libssh2-1-dev libc-ares-dev libaio-dev sudo curl dos2unix \
-    build-essential re2c cron bzip2 libzip-dev libc6-dev bison file rcconf flex vim m4 gawk less cpp binutils \
-    diffutils unzip tar libbz2-dev libncurses5 libncurses5-dev libtool libevent-dev libssl-dev libsasl2-dev \
-    libltdl-dev zlib1g-dev libglib2.0-0 libglib2.0-dev libkrb5-dev libpq-dev libpq5 gettext libcap-dev \
-    libc-client2007e-dev psmisc patch git e2fsprogs libxslt1-dev xz-utils libgd3 libwebp-dev libvpx-dev \
-    libfreetype6-dev libjpeg62-turbo libjpeg62-turbo-dev iptables libudev-dev libldap2-dev \
-    && apt clean \
-    && rm -rf /var/lib/apt/lists/* 
+# 切换 alpine 镜像源为腾讯云源，更新包列表并安装依赖
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tencent.com/g' /etc/apk/repositories \
+    && apk update && apk upgrade \
+    && apk add openrc openssh curl curl-dev libffi-dev openssl-dev shadow bash zlib-dev g++ make sqlite-dev libpcap-dev jpeg-dev dos2unix libev-dev build-base linux-headers gd-dev \
+    && apk cache clean \
+    && rm -rf /var/cache/apk/*

 # 复制脚本
-COPY ["bt.sh", "init_mysql.sh", "/"]
+COPY ["bt.sh", "init_mysql.sh", "install_panel.sh", "/"]

 # 转换启动脚本
-RUN dos2unix /bt.sh && dos2unix /init_mysql.sh
+RUN dos2unix /bt.sh && dos2unix /init_mysql.sh && dos2unix /install_panel.sh

 # 下载并安装宝塔面板及 lnmp 环境
-RUN curl -sSO https://download.bt.cn/install/install_panel.sh \
-    && echo y | bash install_panel.sh -P 8888 --ssl-disable \
+RUN echo y | bash /install_panel.sh -P 8888 --ssl-disable \
    && rm -rf /www/server/data/* \
-    && echo "docker_bt_d12" > /www/server/panel/data/o.pl \
+    && echo "docker_bt_alpine" > /www/server/panel/data/o.pl \
    && echo '["memuA", "memuAsite", "memuAdatabase", "memuAcontrol", "memuAfiles", "memuAlogs", "memuAxterm", "memuAcrontab", "memuAsoft", "memuAconfig", "dologin", "memu_btwaf", "memuAssl"]' > /www/server/panel/config/show_menu.json \
-    && apt clean \
-    && rm -rf /var/lib/apt/lists/* \
    && chmod +x /bt.sh \
-    && chmod +x /init_mysql.sh
-    
+    && chmod +x /init_mysql.sh \
+    && apk cache clean \
+    && rm -rf /var/cache/apk/*

 # 配置宝塔面板安全入口和用户名及密码，以及 SSH 密码
 RUN echo btpanel | bt 6 \
    && echo btpaneldocker | bt 5 \
    && echo "/btpanel" > /www/server/panel/data/admin_path.pl \
-    && echo "root:btpaneldocker" | chpasswd
+    && echo "root:btpaneldocker" | chpasswd \
+    && echo "PermitRootLogin yes" | tee -a /etc/ssh/sshd_config
+

 ENTRYPOINT ["/bin/sh","-c","/bt.sh"]

-# 暴漏所有端口
-EXPOSE 0-65535
+# 暴漏指定端口
+EXPOSE 22 80 443 888 3306 8888

 # 健康检查
 HEALTHCHECK --interval=5s --timeout=3s CMD prot="http"; if [ -f "/www/server/panel/data/ssl.pl" ]; then prot="https"; fi; curl -k -i $prot://127.0.0.1:$(cat /www/server/panel/data/port.pl)$(cat /www/server/panel/data/admin_path.pl) | grep -E '(200|404)' || exit 1
--- a/bt.sh
+++ b/bt.sh
@ -32,7 +32,8 @@ soft_start(){

    pkill crond
    /sbin/crond
-
+    
+    ssh-keygen -A
    chmod 600 /etc/ssh/ssh_host_*
    /usr/sbin/sshd -D &
 }
--- a/install_panel.sh
+++ b/install_panel.sh
Author	SHA1	Message	Date
xiao	1d7a4ee67e	perf: 优化 ssh 服务启动脚本	2024-12-20 14:30:21 +08:00
xiao	a4b7ce1866	chore: Update Dockerfile to use Tencent Cloud mirror for Alpine package repository	2024-12-20 12:40:50 +08:00
xiao	ef8503af3b	chore: Update Dockerfile and bt.sh for security and dependency management improvements	2024-12-20 11:55:45 +08:00
xiao	355c6796b7	chore: Update Dockerfile to include gd-dev for improved image functionality	2024-12-18 18:38:13 +08:00
xiao	8eb725a33a	chore: Optimize Dockerfile by removing unnecessary build dependencies for improved build efficiency	2024-12-18 15:56:46 +08:00
xiao	ead95a61fc	chore: Refactor Dockerfile to expose specific ports for improved security	2024-12-18 15:45:04 +08:00
xiao	cf879b1378	chore: Refactor Dockerfile to optimize dependencies and improve build efficiency	2024-12-18 15:19:14 +08:00
xiao	ab31965d13	chore: Optimize Dockerfile by removing unnecessary dependencies for improved build efficiency	2024-12-18 15:14:44 +08:00
xiao	8a4cbdcb08	chore: Refactor install_panel.sh to streamline Python dependency installations	2024-12-18 14:54:46 +08:00
xiao	b17b8b4a32	chore: Update install_panel.sh to remove deprecated 'pycrypto' and add 'paramiko' for Python dependencies management	2024-12-18 14:48:19 +08:00
xiao	dc893c2517	chore: Update Dockerfile and scripts for improved security and dependency management	2024-12-18 14:34:45 +08:00
xiao	2a3fc39c55	fix: Corrected typo in 'openssh-sever' to 'openssh-server' in Dockerfile	2024-12-18 11:55:53 +08:00
xiao	934b6f9be3	chore: Update Dockerfile and install_panel.sh for Python environment setup and dependencies management	2024-12-18 11:53:55 +08:00
xiao	e39e9e91f8	chore: Update Dockerfile and install_panel.sh for Python environment setup	2024-12-18 11:31:11 +08:00
xiao	fa843d4333	style: 修正脚本中的语法错误	2024-12-18 10:59:48 +08:00
cnb.ZYsjO8G6wGA	87f2692768	style: 修正脚本中的语法错误在 Ubuntu 系统检查部分，修正了变量赋值的语法错误。	2024-12-18 10:39:36 +08:00
xiao	d7469277ef	style: 修正脚本中的语法错误修复了脚本中的一处语法错误，确保脚本能够正常运行。	2024-12-18 09:18:14 +08:00
xiao	9354ec597c	style: 修正脚本中的语法错误	2024-12-18 09:11:13 +08:00
xiao	a927740af1	style: 修正脚本中的语法错误	2024-12-18 09:09:51 +08:00
xiao	231b5e37df	style: 修正脚本中的语法错误	2024-12-18 09:05:58 +08:00
xiao	b68b92accf	chore: 移除创建虚拟环境和安装Python包的步骤	2024-12-18 09:04:48 +08:00
xiao	e16c54c01b	chore: 更新 Dockerfile 中的权限设置	2024-12-18 08:57:10 +08:00
xiao	878cd098e7	chore: 更新 Dockerfile 以修正虚拟环境路径和符号链接创建	2024-12-17 23:40:29 +08:00
xiao	9227111abb	chore: 更新 Dockerfile 以优化虚拟环境路径设置和符号链接创建	2024-12-17 23:28:03 +08:00
xiao	6363792157	chore: 更新 Dockerfile 以优化缓存清理方式和虚拟环境权限设置	2024-12-17 23:21:46 +08:00
xiao	26f1abe052	chore: 更新 Dockerfile 以优化虚拟环境权限设置	2024-12-17 23:16:48 +08:00
xiao	969f22937e	chore: 更新 Dockerfile 以优化虚拟环境权限和 Python 库安装	2024-12-17 23:12:03 +08:00
xiao	cf4851b942	chore: 更新 Dockerfile 以创建新的符号链接优化宝塔面板工具路径chore: 更新 Dockerfile 以创建新的 Python 符号链接chore: 更新 Dockerfile 以创建新的符号链接优化宝塔面板工具路径	2024-12-17 23:07:17 +08:00
xiao	ac5b5fd7d7	chore: 更新 Dockerfile 以修复 Python 库列表并优化虚拟环境权限	2024-12-17 22:59:14 +08:00
xiao	c3fd5565d2	chore: 更新 Dockerfile 以优化宝塔面板安装脚本和下载方式	2024-12-17 22:51:11 +08:00
xiao	2802324b7c	chore: 更新 Dockerfile 以创建虚拟环境并激活，优化 Python 符号链接路径	2024-12-17 22:48:25 +08:00
xiao	67695e56c3	chore: 更新 Dockerfile 以优化 Python 虚拟环境和宝塔面板安装脚本	2024-12-17 22:34:53 +08:00
xiao	b458b9c594	chore: 更新 Dockerfile 以修复 Python 符号链接并优化宝塔面板安装脚本	2024-12-17 22:28:33 +08:00
xiao	4b8fa5349d	chore: 更新 Dockerfile 中的 pyenv 符号链接路径以使用系统 pip 和 Python	2024-12-17 22:18:37 +08:00
xiao	4765d71044	chore: 更新 Dockerfile 以添加 install_panel.sh 并优化宝塔面板安装过程	2024-12-17 22:03:40 +08:00
xiao	67f983518c	chore: 更新 Dockerfile 以跳过宝塔面板安装过程中的 Python 库安装并添加替代逻辑	2024-12-17 21:57:25 +08:00
xiao	3ebc860f20	chore: 更新 Dockerfile 以修改宝塔面板安装脚本，跳过 Python 库安装	2024-12-17 21:51:25 +08:00
xiao	181b1899c3	featchore: 更新 Dockerfile 以跳过宝塔面板安装过程中的 Python 库安装	2024-12-17 21:44:55 +08:00
xiao	8df047e27b	chore: 修正 Dockerfile 中的 pyenv 符号链接路径并添加全局 pip 和 Python 别名	2024-12-17 21:37:25 +08:00
xiao	06ac3158a3	chore: 更新 Dockerfile 以创建虚拟环境并优化 Python 环境和依赖项	2024-12-17 21:29:07 +08:00
xiao	cbec5d9ee0	chore: 更新 Dockerfile 以优化 Python 环境和依赖项	2024-12-17 21:23:02 +08:00
xiao	9683a63c0f	chore: 更新 Dockerfile 以添加 py3-gevent 并优化依赖项	2024-12-17 20:11:50 +08:00
xiao	0a70c8778d	chore: 更新 Dockerfile 以添加 libuv 并优化依赖项	2024-12-17 19:34:45 +08:00
xiao	90752dad5e	chore: 更新 Dockerfile 以添加缺失的库并优化依赖项	2024-12-17 18:13:05 +08:00
xiao	9674437fec	chore: 更新 Dockerfile 以添加 build-base 并保持其他依赖不变	2024-12-17 17:43:34 +08:00
xiao	95e23e9c29	chore: 注释掉多架构构建和推送相关配置	2024-12-17 16:30:48 +08:00
xiao	9d712fc253	chore: 优化 Dockerfile 清理缓存命令	2024-12-17 16:27:52 +08:00
xiao	a1ee787098	chore: 更新 Dockerfile 以添加 curl 并保持其他依赖不变	2024-12-17 16:04:04 +08:00
xiao	dfe54ae93d	chore: 优化 Dockerfile 中的依赖安装命令	2024-12-17 16:03:00 +08:00
xiao	7629413a31	Update Docker image tags and base image to Alpine Linux	2024-12-17 16:01:42 +08:00