Main files for making user envs
This commit is contained in:
parent
9a477f8b94
commit
e9e246a0cf
31
Dockerfile
Normal file
31
Dockerfile
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
FROM ubuntu:latest
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get install -y \
|
||||||
|
openssh-server \
|
||||||
|
xvfb \
|
||||||
|
x11vnc \
|
||||||
|
xfce4 \
|
||||||
|
xfce4-goodies \
|
||||||
|
sudo \
|
||||||
|
&& apt-get clean
|
||||||
|
|
||||||
|
RUN mkdir /var/run/sshd
|
||||||
|
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
# SSH login fix. Otherwise user is kicked off after login
|
||||||
|
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
|
||||||
|
|
||||||
|
# Enable X11 forwarding
|
||||||
|
RUN sed -i 's/#X11UseLocalhost yes/X11UseLocalhost no/' /etc/ssh/sshd_config
|
||||||
|
RUN echo "X11Forwarding yes" >> /etc/ssh/sshd_config
|
||||||
|
RUN echo "AddressFamily inet" >> /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
ENV NOTVISIBLE "in users profile"
|
||||||
|
RUN echo "export VISIBLE=now" >> /etc/profile
|
||||||
|
|
||||||
|
# Add script to create user
|
||||||
|
COPY create_ubuntu_user.sh /usr/local/bin/create_ubuntu_user.sh
|
||||||
|
RUN chmod +x /usr/local/bin/create_ubuntu_user.sh
|
||||||
|
|
||||||
|
EXPOSE 22 5901
|
||||||
|
CMD ["/usr/sbin/sshd", "-D"]
|
21
create_ubuntu_user.sh
Executable file
21
create_ubuntu_user.sh
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
USERNAME=$1
|
||||||
|
PASSWORD=$2
|
||||||
|
|
||||||
|
# Create user
|
||||||
|
useradd -m -s /bin/bash $USERNAME
|
||||||
|
|
||||||
|
# Set password
|
||||||
|
echo "$USERNAME:$PASSWORD" | chpasswd
|
||||||
|
|
||||||
|
# Add user to sudo group
|
||||||
|
usermod -aG sudo $USERNAME
|
||||||
|
|
||||||
|
# Set up VNC for the user
|
||||||
|
su - $USERNAME -c "mkdir -p ~/.vnc && x11vnc -storepasswd $PASSWORD ~/.vnc/passwd"
|
||||||
|
|
||||||
|
# Set up X11 forwarding for the user
|
||||||
|
echo "export DISPLAY=host.docker.internal:0" >> /home/$USERNAME/.bashrc
|
||||||
|
|
||||||
|
echo "User $USERNAME created with the provided password."
|
49
create_user.sh
Executable file
49
create_user.sh
Executable file
|
@ -0,0 +1,49 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
USER_NAME=$1
|
||||||
|
USER_ID=$2
|
||||||
|
SSH_PORT=$3
|
||||||
|
VNC_PORT=$4
|
||||||
|
PASSWORD=$5 # New parameter for password
|
||||||
|
|
||||||
|
# Create user directory
|
||||||
|
mkdir -p ./data/$USER_ID
|
||||||
|
|
||||||
|
# Create a docker-compose file for this user
|
||||||
|
cat << EOF > docker-compose.user_${USER_ID}.yml
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
user_${USER_ID}:
|
||||||
|
build: .
|
||||||
|
image: ubuntu_dev_env:latest
|
||||||
|
networks:
|
||||||
|
- frontend
|
||||||
|
- backend
|
||||||
|
volumes:
|
||||||
|
- ./data/${USER_ID}:/home/${USER_NAME}
|
||||||
|
environment:
|
||||||
|
- USER_NAME=${USER_NAME}
|
||||||
|
- USER_ID=${USER_ID}
|
||||||
|
- USER_PASSWORD=${PASSWORD}
|
||||||
|
ports:
|
||||||
|
- "${SSH_PORT}:22"
|
||||||
|
- "${VNC_PORT}:5901"
|
||||||
|
cap_add:
|
||||||
|
- SYS_ADMIN
|
||||||
|
security_opt:
|
||||||
|
- seccomp:unconfined
|
||||||
|
command: ["/bin/bash", "-c", "/usr/local/bin/create_ubuntu_user.sh ${USER_NAME} ${PASSWORD} && /usr/sbin/sshd -D"]
|
||||||
|
|
||||||
|
networks:
|
||||||
|
frontend:
|
||||||
|
external: true
|
||||||
|
name: frontend
|
||||||
|
backend:
|
||||||
|
external: true
|
||||||
|
name: backend
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Start the new service
|
||||||
|
docker-compose -f docker-compose.user_${USER_ID}.yml up -d
|
7
docker-compose.networks.yml
Normal file
7
docker-compose.networks.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
networks:
|
||||||
|
frontend:
|
||||||
|
name: frontend
|
||||||
|
backend:
|
||||||
|
name: backend
|
18
docker-compose.yml
Normal file
18
docker-compose.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
reverse_proxy:
|
||||||
|
image: nginx:latest
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
||||||
|
networks:
|
||||||
|
- frontend
|
||||||
|
|
||||||
|
networks:
|
||||||
|
frontend:
|
||||||
|
name: frontend
|
||||||
|
backend:
|
||||||
|
name: backend
|
Loading…
Reference in New Issue
Block a user