Replace pdns-admin-static and pdns-admin-uwsgi images with single pdn…

…s-admin
pschiffe · Jan 1, 2024 · 2b264c1 · 2b264c1
1 parent c18b7dc
commit 2b264c1
Show file tree

Hide file tree

Showing 24 changed files with 435 additions and 240 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,6 +9,6 @@ updates:
     schedule:
       interval: "monthly"
   - package-ecosystem: "docker"
-    directory: "/pdns-admin-base-ngoduykhanh"
+    directory: "/pdns-admin"
     schedule:
       interval: "monthly"
diff --git a/.github/workflows/docker-image-pr.yml b/.github/workflows/docker-image-pr.yml
@@ -86,70 +86,23 @@ jobs:
       - name: Image digest
         run: echo ${{ steps.docker_build_pdns_alpine.outputs.digest }}
 
-  test-admin-base:
+  test-pdns-admin:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Repo
         uses: actions/checkout@v4
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
-      - name: Build admin base
-        id: docker_build_admin_base
+      - name: Build pdns admin
+        id: docker_build_pdns_admin
         uses: docker/build-push-action@v5
         with:
-          context: ./pdns-admin-base-ngoduykhanh
-          file: ./pdns-admin-base-ngoduykhanh/Dockerfile
+          context: ./pdns-admin
+          file: ./pdns-admin/Dockerfile
           builder: ${{ steps.buildx.outputs.name }}
           push: false
           tags: |
-            pdns-admin-base:latest
-            pdns-admin-base:ngoduykhanh
+            pdns-admin:latest
       - name: Image digest
-        run: echo ${{ steps.docker_build_admin_base.outputs.digest }}
-
-  test-admin-uwsgi:
-    runs-on: ubuntu-latest
-    needs: test-admin-base
-    steps:
-      - name: Check Out Repo
-        uses: actions/checkout@v4
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Build admin uwsgi
-        id: docker_build_admin_uwsgi
-        uses: docker/build-push-action@v5
-        with:
-          context: ./pdns-admin-uwsgi-ngoduykhanh
-          file: ./pdns-admin-uwsgi-ngoduykhanh/Dockerfile
-          builder: ${{ steps.buildx.outputs.name }}
-          push: false
-          tags: |
-            pdns-admin-uwsgi:latest
-            pdns-admin-uwsgi:ngoduykhanh
-      - name: Image digest
-        run: echo ${{ steps.docker_build_admin_uwsgi.outputs.digest }}
-
-  test-admin-static:
-    runs-on: ubuntu-latest
-    needs: test-admin-base
-    steps:
-      - name: Check Out Repo
-        uses: actions/checkout@v4
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Build admin static
-        id: docker_build_admin_static
-        uses: docker/build-push-action@v5
-        with:
-          context: ./pdns-admin-static-ngoduykhanh
-          file: ./pdns-admin-static-ngoduykhanh/Dockerfile
-          builder: ${{ steps.buildx.outputs.name }}
-          push: false
-          tags: |
-            pdns-admin-static:latest
-            pdns-admin-static:ngoduykhanh
-      - name: Image digest
-        run: echo ${{ steps.docker_build_admin_static.outputs.digest }}
+        run: echo ${{ steps.docker_build_pdns_admin.outputs.digest }}
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -118,7 +118,7 @@ jobs:
       - name: Image digest
         run: echo ${{ steps.docker_build_pdns_alpine.outputs.digest }}
 
-  build-admin-base:
+  build-pdns-admin:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out Repo
@@ -133,79 +133,16 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-      - name: Build and push admin base
-        id: docker_build_admin_base
+      - name: Build and push pdns admin
+        id: docker_build_pdns_admin
         uses: docker/build-push-action@v5
         with:
-          context: ./pdns-admin-base-ngoduykhanh
-          file: ./pdns-admin-base-ngoduykhanh/Dockerfile
+          context: ./pdns-admin
+          file: ./pdns-admin/Dockerfile
           platforms: linux/amd64,linux/arm64
           builder: ${{ steps.buildx.outputs.name }}
           push: true
           tags: |
-            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin-base:latest
-            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin-base:ngoduykhanh
+            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin:latest
       - name: Image digest
-        run: echo ${{ steps.docker_build_admin_base.outputs.digest }}
-
-  build-admin-uwsgi:
-    runs-on: ubuntu-latest
-    needs: build-admin-base
-    steps:
-      - name: Check Out Repo
-        uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-      - name: Build and push admin uwsgi
-        id: docker_build_admin_uwsgi
-        uses: docker/build-push-action@v5
-        with:
-          context: ./pdns-admin-uwsgi-ngoduykhanh
-          file: ./pdns-admin-uwsgi-ngoduykhanh/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin-uwsgi:latest
-            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin-uwsgi:ngoduykhanh
-      - name: Image digest
-        run: echo ${{ steps.docker_build_admin_uwsgi.outputs.digest }}
-
-  build-admin-static:
-    runs-on: ubuntu-latest
-    needs: build-admin-base
-    steps:
-      - name: Check Out Repo
-        uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-      - name: Build and push admin static
-        id: docker_build_admin_static
-        uses: docker/build-push-action@v5
-        with:
-          context: ./pdns-admin-static-ngoduykhanh
-          file: ./pdns-admin-static-ngoduykhanh/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          builder: ${{ steps.buildx.outputs.name }}
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin-static:latest
-            ${{ secrets.DOCKER_HUB_USERNAME }}/pdns-admin-static:ngoduykhanh
-      - name: Image digest
-        run: echo ${{ steps.docker_build_admin_static.outputs.digest }}
+        run: echo ${{ steps.docker_build_pdns_admin.outputs.digest }}
diff --git a/README.md b/README.md
@@ -1,26 +1,24 @@
 # PowerDNS Docker Images
 
-This repository contains four Docker images - pdns-mysql, pdns-recursor, pdns-admin-static and pdns-admin-uwsgi. Image **pdns-mysql** contains completely configurable [PowerDNS 4.x server](https://www.powerdns.com/) with mysql backend (without mysql server). Image **pdns-recursor** contains completely configurable [PowerDNS 4.x recursor](https://www.powerdns.com/). Images **pdns-admin-static** and **pdns-admin-uwsgi** contains fronted (nginx) and backend (uWSGI) for [PowerDNS Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) web app, written in Flask, for managing PowerDNS servers.
+This repository contains the following Docker images - pdns-mysql, pdns-recursor and pdns-admin. Image **pdns-mysql** contains completely configurable [PowerDNS 4.x server](https://www.powerdns.com/) with mysql backend (without mysql server). Image **pdns-recursor** contains completely configurable [PowerDNS 4.x recursor](https://www.powerdns.com/). Image **pdns-admin** contains fronted (Caddy) and backend (uWSGI) for the [PowerDNS Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) web app, which is written in Flask and used for managing PowerDNS servers.
 
-The pdns-mysql and pdns-recursor images have also the `alpine` tag thanks to the @PoppyPop .
+The pdns-mysql and pdns-recursor images also have the `alpine` tag, thanks to @PoppyPop.
 
 All images are available on Docker Hub:
 
 https://hub.docker.com/r/pschiffe/pdns-mysql/
 
 https://hub.docker.com/r/pschiffe/pdns-recursor/
 
-https://hub.docker.com/r/pschiffe/pdns-admin-uwsgi/
-
-https://hub.docker.com/r/pschiffe/pdns-admin-static/
+https://hub.docker.com/r/pschiffe/pdns-admin/
 
 ## pdns-mysql
 
 ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/pschiffe/pdns-mysql/latest?label=latest) ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/pschiffe/pdns-mysql/alpine?label=alpine) ![Docker Pulls](https://img.shields.io/docker/pulls/pschiffe/pdns-mysql)
 
 https://hub.docker.com/r/pschiffe/pdns-mysql/
 
-Docker image with [PowerDNS 4.x server](https://www.powerdns.com/) and mysql backend (without mysql server). For running, it needs external mysql server. Env vars for mysql configuration:
+Docker image with [PowerDNS 4.x server](https://www.powerdns.com/) and mysql backend (without mysql server). Requires external mysql server. Env vars for mysql configuration:
 ```
 (name=default value)
 
@@ -30,17 +28,18 @@ PDNS_gmysql_user=root
 PDNS_gmysql_password=powerdns
 PDNS_gmysql_dbname=powerdns
 ```
-If linked with official [mariadb](https://hub.docker.com/_/mariadb/) image with alias `mysql`, the connection can be automatically configured, so you don't need to specify any of the above. Also, DB is automatically initialized if tables are missing.
 
-PowerDNS server is configurable via env vars. Every variable starting with `PDNS_` will be inserted into `/etc/pdns/pdns.conf` conf file in the following way: prefix `PDNS_` will be stripped and every `_` will be replaced with `-`. For example, from above mysql config, `PDNS_gmysql_host=mysql` will became `gmysql-host=mysql` in `/etc/pdns/pdns.conf` file. This way, you can configure PowerDNS server any way you need within a `docker run` command.
+If linked with the official [mariadb](https://hub.docker.com/_/mariadb/) image using the alias `mysql`, the connection can be automatically configured, eliminating the need to specify any of the above. The DB is automatically initialized if tables are missing.
+
+The PowerDNS server is configurable via env vars. Every variable starting with `PDNS_` will be inserted into `/etc/pdns/pdns.conf` conf file in the following way: prefix `PDNS_` will be stripped away and every `_` will be replaced with `-`. For example, from the above mysql config, `PDNS_gmysql_host=mysql` will became `gmysql-host=mysql` in `/etc/pdns/pdns.conf` file. This way, you can configure PowerDNS server in any way you need within a `docker run` command.
 
-There is also a `SUPERMASTER_IPS` env var supported, which can be used to configure supermasters for slave dns server. [Docs](https://doc.powerdns.com/md/authoritative/modes-of-operation/#supermaster-automatic-provisioning-of-slaves). Multiple ip addresses separated by space should work.
+The `SUPERMASTER_IPS` env var is also supported, which can be used to configure supermasters for a slave DNS server. [Docs](https://doc.powerdns.com/md/authoritative/modes-of-operation/#supermaster-automatic-provisioning-of-slaves). Multiple IP addresses separated by spaces should work.
 
-You can find [here](https://doc.powerdns.com/md/authoritative/) all available settings.
+You can find all the available settings [here](https://doc.powerdns.com/md/authoritative/).
 
 ### Examples
 
-Master server with API enabled and with one slave server configured:
+Example of a master server with the API enabled and one slave server configured:
 ```
 docker run -d -p 53:53 -p 53:53/udp --name pdns-master \
   --hostname ns1.example.com --link mariadb:mysql \
@@ -57,7 +56,7 @@ docker run -d -p 53:53 -p 53:53/udp --name pdns-master \
   pschiffe/pdns-mysql
 ```
 
-Slave server with supermaster:
+Example of a slave server with a supermaster:
 ```
 docker run -d -p 53:53 -p 53:53/udp --name pdns-slave \
   --hostname ns2.example.com --link mariadb:mysql \
@@ -78,11 +77,11 @@ https://hub.docker.com/r/pschiffe/pdns-recursor/
 
 Docker image with [PowerDNS 4.x recursor](https://www.powerdns.com/).
 
-PowerDNS recursor is configurable via env vars. Every variable starting with `PDNS_` will be inserted into `/etc/pdns/recursor.conf` conf file in the following way: prefix `PDNS_` will be stripped and every `_` will be replaced with `-`. For example, from above mysql config, `PDNS_gmysql_host=mysql` will became `gmysql-host=mysql` in `/etc/pdns/recursor.conf` file. This way, you can configure PowerDNS recursor any way you need within a `docker run` command.
+PowerDNS recursor is configurable via env vars. Every variable starting with `PDNS_` will be inserted into `/etc/pdns/recursor.conf` conf file in the following way: prefix `PDNS_` will be stripped away and every `_` will be replaced with `-`. For example, from the above mysql config, `PDNS_gmysql_host=mysql` will became `gmysql-host=mysql` in `/etc/pdns/recursor.conf` file. This way, you can configure PowerDNS recursor any way you need within a `docker run` command.
 
-You can find [here](https://doc.powerdns.com/md/recursor/settings/) all available settings.
+You can find all available settings [here](https://doc.powerdns.com/md/recursor/settings/).
 
-### Examples
+### Example
 
 Recursor server with API enabled:
 ```
@@ -94,13 +93,17 @@ docker run -d -p 53:53 -p 53:53/udp --name pdns-recursor \
   pschiffe/pdns-recursor
 ```
 
-## pdns-admin-uwsgi
+## pdns-admin
+
+![Docker Image Size (tag)](https://img.shields.io/docker/image-size/pschiffe/pdns-admin/latest?label=latest) ![Docker Pulls](https://img.shields.io/docker/pulls/pschiffe/pdns-admin)
+
+https://hub.docker.com/r/pschiffe/pdns-admin/
 
-![Docker Image Size (tag)](https://img.shields.io/docker/image-size/pschiffe/pdns-admin-uwsgi/latest?label=latest) ![Docker Pulls](https://img.shields.io/docker/pulls/pschiffe/pdns-admin-uwsgi)
+Docker image with [PowerDNS Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) web app, written in Flask, for managing PowerDNS servers. It needs external mysql server.
 
-https://hub.docker.com/r/pschiffe/pdns-admin-uwsgi/
+There is also an official image for the pdns-admin on [Docker Hub](https://hub.docker.com/r/powerdnsadmin/pda-legacy). That image contains only gunicorn process that handles both - static files and the python app. Image in this repo contains uWSGI server handling requests for python app and Caddy web server handling static files and optionally HTTPS with Let's Encrypt.
 
-Docker image with backend of [PowerDNS Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) web app, written in Flask, for managing PowerDNS servers. This image contains the python part of the app running under uWSGI. It needs external mysql server. Env vars for mysql configuration:
+Env vars for mysql configuration:
 ```
 (name=default value)
 
@@ -110,9 +113,9 @@ PDNS_ADMIN_SQLA_DB_USER="root"
 PDNS_ADMIN_SQLA_DB_PASSWORD="powerdnsadmin"
 PDNS_ADMIN_SQLA_DB_NAME="powerdnsadmin"
 ```
-If linked with official [mariadb](https://hub.docker.com/_/mariadb/) image with alias `mysql`, the connection can be automatically configured, so you don't need to specify any of the above. Also, DB is automatically initialized if tables are missing.
+If linked with official [mariadb](https://hub.docker.com/_/mariadb/) image with alias `mysql`, the connection can be automatically configured, so you don't need to specify any of the above. The DB is automatically initialized if tables are missing.
 
-Similar to the pdns-mysql, pdns-admin is also completely configurable via env vars. Prefix in this case is `PDNS_ADMIN_`, configuration will be written to the `/opt/powerdns-admin/config.py` file.
+Similar to the pdns-mysql, pdns-admin is also completely configurable via env vars. Prefix in this case is `PDNS_ADMIN_`, configuration will be written to the `/opt/powerdns-admin/powerdnsadmin/default_config.py` file.
 
 ### Connecting to the PowerDNS server
 
@@ -144,34 +147,35 @@ python3 -c 'import bcrypt; print(bcrypt.gensalt().decode("utf-8"));'
 ```
 Example value looks like `$2b$12$xxxxxxxxxxxxxxxxxxxxxx` - remember that when using docker-compose, literal `$` must be specified as `$$`.
 
+### SSL with Let's Encrypt
+
+Included Caddy server can optionally handle HTTPS with certificates from Let's Encrypt. To make this work, add `SSL_MAIN_DOMAIN` env var with your primary domain for HTTPS. The `SSL_EXTRA_DOMAINS` env var can contain list of comma-separated domains that will be redirected to the `SSL_MAIN_DOMAIN`. Public DNS must be properly configured and pdns-admin ports `8080`, `8443` and `8443/udp` must be exposed as `80`, `443` and `443/udp` (`443/udp` is for HTTP/3 traffic).
+
+Finally, make the `/var/lib/caddy` dir inside of the pdns-admin container persistent - that's where the generated certificates will be stored.
+
 ### Persistent data
 
-There is a directory with user uploads which should be persistent: `/opt/powerdns-admin/upload`
+There is also a directory with user uploads which should be persistent: `/opt/powerdns-admin/upload`
 
-### Example
+### Examples
 
-When linked with pdns-mysql from this repo and with LDAP auth:
+When linked with pdns-mysql from this repo:
 ```
-docker run -d --name pdns-admin-uwsgi \
+docker run -d -p 8080:8080 --name pdns-admin \
   --link mariadb:mysql --link pdns-master:pdns \
   -v pdns-admin-upload:/opt/powerdns-admin/upload \
-  pschiffe/pdns-admin-uwsgi
+  pschiffe/pdns-admin
 ```
 
-## pdns-admin-static
-
-![Docker Image Size (tag)](https://img.shields.io/docker/image-size/pschiffe/pdns-admin-static/latest?label=latest) ![Docker Pulls](https://img.shields.io/docker/pulls/pschiffe/pdns-admin-static)
-
-https://hub.docker.com/r/pschiffe/pdns-admin-static/
-
-Fronted image with nginx and static files for [PowerDNS Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin). Exposes port 80 for connections, expects uWSGI backend image under `pdns-admin-uwsgi` alias.
-
-### Example
-
+The same with HTTPS:
 ```
-docker run -d -p 8080:80 --name pdns-admin-static \
-  --link pdns-admin-uwsgi:pdns-admin-uwsgi \
-  pschiffe/pdns-admin-static
+docker run -d -p 80:8080 -p 443:8443 -p 443:8443/udp --name pdns-admin \
+  --link mariadb:mysql --link pdns-master:pdns \
+  -v pdns-admin-caddy:/var/lib/caddy \
+  -v pdns-admin-upload:/opt/powerdns-admin/upload \
+  -e SSL_MAIN_DOMAIN=www.pdns-admin.com \
+  -e SSL_EXTRA_DOMAINS=pdns-admin.com,pdns-admin.eu \
+  pschiffe/pdns-admin
 ```
 
 ## ansible-playbook.yml
@@ -180,3 +184,10 @@ Included ansible playbook can be used to build and run the containers from this
 ```
 ansible-playbook ansible-playbook.yml
 ```
+
+## docker-compose.yml
+
+Included docker compose file contains example configuration of how to use these containers:
+```
+docker-compose up -d
+```