From ae3b73a73f655e9a5f36f08fa862fba316212732 Mon Sep 17 00:00:00 2001 From: DDSRem <1448139087@qq.com> Date: Fri, 8 Sep 2023 19:49:10 +0800 Subject: [PATCH 1/4] =?UTF-8?q?feat:=20=E4=BC=98=E5=8C=96=E9=87=8D?= =?UTF-8?q?=E5=90=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 3 ++- app/utils/system.py | 2 +- entrypoint | 4 ++++ haproxy.cfg | 52 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 haproxy.cfg diff --git a/Dockerfile b/Dockerfile index d245e254..e9386c95 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,7 @@ RUN apt-get update \ busybox \ dumb-init \ jq \ + haproxy \ && \ if [ "$(uname -m)" = "x86_64" ]; \ then ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1; \ @@ -82,5 +83,5 @@ RUN apt-get update \ /var/lib/apt/lists/* \ /var/tmp/* EXPOSE 3000 -VOLUME ["/config", "/var/run/docker.sock"] +VOLUME [ "/config" ] ENTRYPOINT [ "/entrypoint" ] diff --git a/app/utils/system.py b/app/utils/system.py index 72c96a39..86c54b1f 100644 --- a/app/utils/system.py +++ b/app/utils/system.py @@ -309,7 +309,7 @@ class SystemUtils: """ try: # 创建 Docker 客户端 - client = docker.from_env() + client = docker.DockerClient(base_url='tcp://127.0.0.1:2375') # 获取当前容器的 ID container_id = open("/proc/self/cgroup", "r").read().split("/")[-1] if not container_id: diff --git a/entrypoint b/entrypoint index 3e3e5975..2335a875 100644 --- a/entrypoint +++ b/entrypoint @@ -26,6 +26,10 @@ chown moviepilot:moviepilot /etc/hosts /tmp gosu moviepilot:moviepilot playwright install chromium # 启动前端nginx服务 nginx +# 启动haproxy +if [ -f "/var/run/docker.sock" ]; then + haproxy -f /etc/haproxy/haproxy.cfg +fi # 设置后端服务权限掩码 umask ${UMASK} # 启动后端服务 diff --git a/haproxy.cfg b/haproxy.cfg new file mode 100644 index 00000000..87a5dd94 --- /dev/null +++ b/haproxy.cfg @@ -0,0 +1,52 @@ +global + log stdout format raw daemon info + + user root + group root + + daemon + + pidfile /run/haproxy.pid + maxconn 4000 + + # Turn on stats unix socket + server-state-file /var/lib/haproxy/server-state + +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 10m + timeout server 10m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + + # Allow seamless reloads + load-server-state-from-file global + + # Use provided example error pages + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +backend dockerbackend + server dockersocket /var/run/docker.sock + +frontend dockerfrontend + bind :2375 + http-request allow + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } + http-request deny + default_backend dockerbackend \ No newline at end of file From 55dce26cb8826ef218f723354b20537401a486c6 Mon Sep 17 00:00:00 2001 From: DDSRem <1448139087@qq.com> Date: Fri, 8 Sep 2023 19:55:03 +0800 Subject: [PATCH 2/4] test: restart --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d73fadbb..3fb09cc0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,6 @@ jobs: file: Dockerfile platforms: | linux/amd64 - linux/arm64 push: true build-args: | MOVIEPILOT_VERSION=${{ env.app_version }} From c8bc6a46181b6c50bc4c3b9507177cf0cce70fc7 Mon Sep 17 00:00:00 2001 From: DDSRem <1448139087@qq.com> Date: Fri, 8 Sep 2023 20:33:23 +0800 Subject: [PATCH 3/4] =?UTF-8?q?fix:=20=E9=87=8D=E5=90=AF=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 22 ++++++++++++---------- .github/workflows/release.yml | 2 +- Dockerfile | 2 +- entrypoint | 4 ++-- haproxy.cfg | 14 +++++++++++--- 5 files changed, 27 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3fb09cc0..c90548b2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,13 +14,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ secrets.DOCKER_USERNAME }}/moviepilot + uses: actions/checkout@v4 - name: Release version @@ -29,6 +23,16 @@ jobs: app_version=$(cat version.py |sed -ne "s/APP_VERSION\s=\s'v\(.*\)'/\1/gp") echo "app_version=$app_version" >> $GITHUB_ENV + - + name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ secrets.DOCKER_USERNAME }}/moviepilot + tags: | + type=raw,value=${{ env.app_version }} + type=raw,value=latest + - name: Set Up QEMU uses: docker/setup-qemu-action@v2 @@ -55,7 +59,5 @@ jobs: push: true build-args: | MOVIEPILOT_VERSION=${{ env.app_version }} - tags: | - ${{ secrets.DOCKER_USERNAME }}/moviepilot:latest - ${{ secrets.DOCKER_USERNAME }}/moviepilot:${{ env.app_version }} + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ad6f9149..1e42c769 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Release Version diff --git a/Dockerfile b/Dockerfile index e9386c95..64ea4ff1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,7 +59,7 @@ RUN apt-get update \ && cp -f /app/update /usr/local/bin/mp_update \ && cp -f /app/entrypoint /entrypoint \ && chmod +x /entrypoint /usr/local/bin/mp_update \ - && mkdir -p ${HOME} \ + && mkdir -p ${HOME} /var/lib/haproxy/server-state \ && groupadd -r moviepilot -g 911 \ && useradd -r moviepilot -g moviepilot -d ${HOME} -s /bin/bash -u 911 \ && apt-get install -y build-essential \ diff --git a/entrypoint b/entrypoint index 2335a875..0ef5a81b 100644 --- a/entrypoint +++ b/entrypoint @@ -27,8 +27,8 @@ gosu moviepilot:moviepilot playwright install chromium # 启动前端nginx服务 nginx # 启动haproxy -if [ -f "/var/run/docker.sock" ]; then - haproxy -f /etc/haproxy/haproxy.cfg +if [ -S "/var/run/docker.sock" ]; then + haproxy -f /app/haproxy.cfg fi # 设置后端服务权限掩码 umask ${UMASK} diff --git a/haproxy.cfg b/haproxy.cfg index 87a5dd94..5e01d837 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -12,6 +12,11 @@ global # Turn on stats unix socket server-state-file /var/lib/haproxy/server-state + setenv POST 1 + setenv ALLOW_RESTARTS 1 + setenv CONTAINERS 1 + setenv VERSION 1 + defaults mode http log global @@ -46,7 +51,10 @@ backend dockerbackend frontend dockerfrontend bind :2375 - http-request allow - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } + http-request deny unless METH_GET || { env(POST) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool } http-request deny - default_backend dockerbackend \ No newline at end of file + default_backend dockerbackend + From c4898d04aa07ee31b65ab939c61fe8028535283d Mon Sep 17 00:00:00 2001 From: DDSRem <1448139087@qq.com> Date: Fri, 8 Sep 2023 20:38:07 +0800 Subject: [PATCH 4/4] docs: update --- .github/workflows/build.yml | 1 + README.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c90548b2..8b5c08ec 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -56,6 +56,7 @@ jobs: file: Dockerfile platforms: | linux/amd64 + linux/arm64/v8 push: true build-args: | MOVIEPILOT_VERSION=${{ env.app_version }} diff --git a/README.md b/README.md index d22f7d8a..b54d88f8 100644 --- a/README.md +++ b/README.md @@ -227,7 +227,7 @@ docker pull jxxghp/moviepilot:latest - 通过微信/Telegram/Slack远程管理,其中微信/Telegram将会自动添加操作菜单(微信菜单条数有限制,部分菜单不显示),微信需要在官方页面设置回调地址,地址相对路径为:`/api/v1/message/`。 - 设置媒体服务器Webhook,通过MoviePilot发送播放通知等。Webhook回调相对路径为`/api/v1/webhook?token=moviepilot`(`3001`端口),其中`moviepilot`为设置的`API_TOKEN`。 - 将MoviePilot做为Radarr或Sonarr服务器添加到Overseerr或Jellyseerr(`3001`端口),可使用Overseerr/Jellyseerr浏览订阅。 -- 映射宿主机docker.sock文件到容器`/var/run/docker.sock`,以支持内建重启操作(需要root权限)。 +- 映射宿主机docker.sock文件到容器`/var/run/docker.sock`,以支持内建重启操作。实例:`-v /var/run/docker.sock:/var/run/docker.sock:ro` **注意**