Merge pull request #6 from biolds/master

add chromium image

Author: regit

chromium/Dockerfile

@@ -0,0 +1,100 @@
+FROM debian:buster
+env DEBIAN_FRONTEND noninteractive
+env FILEBEAT_DEB_URL https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.5.2-amd64.deb
+env FILEBEAT_RPM_URL https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.5.2-x86_64.rpm
+env METRICBEAT_DEB_URL https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-5.5.2-amd64.deb
+env METRICBEAT_RPM_URL https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-5.5.2-x86_64.rpm
+
+run  echo 'APT::Default-Release "buster";' > /etc/apt/apt.conf.d/00apt_default_release
+add  sources.list /etc/apt/sources.list
+
+run  apt-get update -qy
+run  apt-get install -y supervisor git sudo ssh \
+        rabbitmq-server easy-rsa sshpass rsync suricata wget jq curl nginx \
+        tigervnc-standalone-server x11-apps xterm postgresql-11 postgresql-client libpq-dev \
+        build-essential python3-dev libffi-dev libldap2-dev libsasl2-dev libssl-dev virtualenv python3-virtualenv \
+        python2-dev chromium chromium-driver
+
+run  mkdir /data /var/run/sshd
+run  useradd -m -d /home/admin -p sa1aY64JOY94w admin
+run  adduser admin sudo
+run  adduser admin www-data
+user admin
+run cat /dev/zero | ssh-keygen -q -N ""
+add  config /home/admin/.ssh/config
+
+user root
+# Set VNC password to admin123
+run  mkdir -p /root/.vnc && echo 'ZrO3AaiJtEI=' | base64 -d > /root/.vnc/passwd && chmod 600 /root/.vnc/passwd
+
+run  sed -Ei 's/^(\%sudo.*)ALL/\1NOPASSWD:ALL/' /etc/sudoers
+
+run  mkdir -p /var/log/celery/ && chown admin:admin /var/log/celery/
+
+user admin
+run touch /var/log/celery/ansible.log /var/log/celery/beat.log /var/log/celery/django-auth.log /var/log/celery/django-error.log /var/log/celery/django-security.log /var/log/celery/django-sql.log /var/log/celery/django.log
+run  touch /home/admin/django-debug.log
+run  mkdir -p /home/admin/ansible /home/admin/git-sources /home/admin/backups /home/admin/django \
+    /home/admin/packages/deb /home/admin/packages/rpm /home/admin/upgrade /home/admin/coverage /home/admin/generated
+
+# Add packages for log shipping
+user admin
+run cd /home/admin/packages/deb && wget "$FILEBEAT_DEB_URL"
+run cd /home/admin/packages/rpm && wget "$FILEBEAT_RPM_URL"
+run cd /home/admin/packages/deb && wget "$METRICBEAT_DEB_URL"
+run cd /home/admin/packages/rpm && wget "$METRICBEAT_RPM_URL"
+
+# Install Scirius packages
+run virtualenv -p python3 /home/admin/venv
+add requirements.txt /home/admin/requirements.txt
+run /home/admin/venv/bin/pip install -r /home/admin/requirements.txt --upgrade
+run /home/admin/venv/bin/pip install coverage pylint pylint-django
+
+# Robotframework
+user root
+add requirements-rf.txt /root/requirements-rf.txt
+run virtualenv -p python3 /root/rf/
+run /root/rf/bin/pip install -r /root/requirements-rf.txt --upgrade
+
+# vnc2flv installation requires python2
+run virtualenv -p python2 /root/vnc2flv/
+run /root/vnc2flv/bin/pip install vnc2flv
+
+run mkdir /root/.ssh
+run mkdir -p /etc/ansible
+
+# Postgresql installation
+run mkdir -p /var/run/postgresql/11-main.pg_stat_tmp/ && chown postgres:postgres /var/run/postgresql -R
+user postgres
+run /etc/init.d/postgresql start && \
+    psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'scient';" && \
+    createdb -O docker scient && \
+    /etc/init.d/postgresql stop
+user root
+run echo "host all  all    127.0.0.0/8  md5" >> /etc/postgresql/11/main/pg_hba.conf
+run sed -e "s/^log_line_prefix .*/log_line_prefix = '%t [%p]: [%l-1] '/" -i /etc/postgresql/11/main/postgresql.conf
+run (echo 'log_min_duration_statement = 0' && \
+    echo 'log_checkpoints = on' && \
+    echo 'log_connections = on' && \
+    echo 'log_disconnections = on' && \
+    echo 'log_lock_waits = on' && \
+    echo 'log_temp_files = 0' && \
+    echo 'log_autovacuum_min_duration = 0' && \
+    echo 'log_error_verbosity = default') >> /etc/postgresql/11/main/postgresql.conf
+
+# Install pgbadger
+env PGBADGER_VER 11.2
+run cd /root && wget https://github.com/darold/pgbadger/archive/v${PGBADGER_VER}.tar.gz
+run cd /root && tar xzf v${PGBADGER_VER}.tar.gz && mv pgbadger-${PGBADGER_VER} pgbadger && rm v${PGBADGER_VER}.tar.gz
+
+# nginx configuration
+add nginx.conf /etc/nginx/sites-enabled/default
+run touch /var/log/gunicorn-error.log /var/log/gunicorn-access.log && \
+    chown admin:admin /var/log/gunicorn-error.log /var/log/gunicorn-access.log
+
+run make-cadir /etc/nginx/ca && \
+    cd /etc/nginx/ca && bash -c "./easyrsa init-pki && \
+        echo | ./easyrsa build-ca nopass && \
+        ./easyrsa build-server-full stamus nopass"
+run mkdir -p /etc/nginx/ssl/ && cp /etc/nginx/ca/pki/issued/stamus.crt /etc/nginx/ssl/manager.crt && \
+    cp /etc/nginx/ca/pki/private/stamus.key /etc/nginx/ssl/manager.key

chromium/config

@@ -0,0 +1,4 @@
+Host *
+ProtocolKeepAlives 10
+ServerAliveInterval 10
+ServerAliveCountMax 1

chromium/nginx.conf

@@ -0,0 +1,105 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+        listen 443 default_server;
+
+        ssl on;
+        ssl_certificate /etc/nginx/ssl/manager.crt;
+        ssl_certificate_key /etc/nginx/ssl/manager.key;
+
+        # SSL configuration
+        #
+        # listen 443 ssl default_server;
+        # listen [::]:443 ssl default_server;
+        #
+        # Self signed certs generated by the ssl-cert package
+        # Don't use them in a production server!
+        #
+        # include snippets/snakeoil.conf;
+
+        root /var/www/html;
+
+        # Add index.php to the list if you are using PHP
+        index index.html index.htm index.nginx-debian.html;
+
+        server_name _;
+
+        #location / {
+        #       # First attempt to serve request as file, then
+        #       # as directory, then fall back to displaying a 404.
+        #       try_files $uri $uri/ =404;
+        #}
+
+        location /static/ { # STATIC_URL
+            alias /var/www/html/static/;
+        }
+
+        location /media/ { # MEDIA_URL
+            alias /var/www/html/static/;
+        }
+
+        location / {
+            proxy_pass http://127.0.0.1:8080;
+            proxy_read_timeout 600;
+
+            # Header to identify
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # Headers used by django-rest-framework to build urls
+            proxy_set_header X-Forwarded-Host $http_host;
+            proxy_set_header X-Forwarded-Proto https;
+
+            client_max_body_size 450M;
+        }
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #       include snippets/fastcgi-php.conf;
+        #
+        #       # With php5-cgi alone:
+        #       fastcgi_pass 127.0.0.1:9000;
+        #       # With php5-fpm:
+        #       fastcgi_pass unix:/var/run/php5-fpm.sock;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #       deny all;
+        #}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+#       listen 80;
+#       listen [::]:80;
+#
+#       server_name example.com;
+#
+#       root /var/www/example.com;
+#       index index.html;
+#
+#       location / {
+#               try_files $uri $uri/ =404;
+#       }
+#}

chromium/requirements-rf.txt

@@ -0,0 +1,15 @@
+bcrypt==3.1.7
+cffi==1.14.0
+cryptography==2.9.2
+paramiko==2.7.1
+pkg-resources==0.0.0
+pycparser==2.20
+PyNaCl==1.4.0
+robotframework==3.2.1
+robotframework-selenium2library==3.0.0
+robotframework-seleniumlibrary==4.4.0
+robotframework-sshlibrary==3.4.0
+scp==0.13.2
+selenium==3.141.0
+six==1.15.0
+urllib3==1.25.9

chromium/requirements.txt

@@ -0,0 +1,81 @@
+amqp==2.6.0
+ansible==2.9.10
+anyjson==0.3.3
+arrow==0.15.7
+async==0.6.2
+bcrypt==3.1.7
+billiard==3.6.3.0
+celery==4.4.6
+certifi==2020.6.20
+cffi==1.14.0
+chardet==3.0.4
+cheroot==8.3.0
+click==7.1.2
+cryptography==2.9.2
+Django==2.2.13
+django-auth-ldap==2.2.0
+django-bootstrap3==14.0.0
+django-celery-results==1.2.1
+django-chunked-upload==1.1.3
+django-cprofile-middleware==1.0.5
+django-dbbackup==2.5.0
+django-filter==2.3.0
+django-ipware==2.1.0
+django-mass-edit==3.2.0
+django-revproxy==0.10.0
+django-tables2==2.3.1
+django-webpack-loader==0.7.0
+djangorestframework==3.7.7
+ecdsa==0.15
+elasticsearch==6.8.1
+elasticsearch-curator==3.5.1
+enum34==1.1.10
+flup==1.0.3
+future==0.18.2
+gevent==20.6.2
+gitdb==4.0.5
+GitPython==3.1.3
+greenlet==0.4.16
+gunicorn==20.0.4
+httplib2==0.18.1
+idna==2.9
+idstools==0.6.3
+importlib-metadata==1.6.1
+influxdb==5.3.0
+IPy==1.0
+jaraco.functools==3.0.1
+Jinja2==2.11.2
+kombu==4.6.11
+Markdown==3.2.2
+MarkupSafe==1.1.1
+medusa==0.5.4
+more-itertools==8.4.0
+msgpack==0.6.1
+paramiko==2.7.1
+pkg-resources==0.0.0
+psutil==5.7.0
+psycopg2==2.8.5
+psycopg2-binary==2.8.5
+pyasn1==0.4.8
+pyasn1-modules==0.2.8
+pycparser==2.20
+pycrypto==2.6.1
+Pygments==2.6.1
+PyNaCl==1.4.0
+python-dateutil==2.8.1
+python-gnupg==0.4.6
+python-ldap==3.3.0
+pytz==2020.1
+PyYAML==5.3.1
+requests==2.24.0
+six==1.15.0
+smmap==3.0.4
+sqlparse==0.3.1
+subprocess32==3.5.4
+tornado==6.0.4
+urllib3==1.17
+vine==1.3.0
+web.py==0.51
+zipp==3.1.0
+zope.event==4.4
+zope.interface==5.1.0

chromium/sources.list

@@ -0,0 +1,3 @@
+deb http://deb.debian.org/debian buster main contrib non-free
+deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
+deb http://deb.debian.org/debian buster-updates main contrib non-free