Added version 25.

Signed-off-by: Hermann Mayer <hermann.mayer92@gmail.com>

Author: Jack12816

.github/workflows/package.yml

@@ -20,6 +20,7 @@ jobs:
       matrix:
         version:
           - latest
+          - 25
           - 24
           - 22
     steps:

25/Dockerfile

@@ -0,0 +1,25 @@
+FROM node:25
+LABEL org.opencontainers.image.authors="containers@hausgold.de"
+
+# You can change this environment variable on run's with -e
+ENV MDNS_HOSTNAME=node.local
+ENV NODE_OPTIONS="--max_old_space_size=8192"
+
+# Install system packages
+RUN apt-get update -yqqq && \
+  apt-get install -y \
+    dbus avahi-daemon avahi-utils libnss-mdns haproxy supervisor
+
+# Copy custom scripts
+COPY config/*.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/*
+
+# Configure haproxy
+COPY config/haproxy.conf /etc/haproxy/haproxy.cfg
+
+# Configure supervisord
+COPY config/supervisor/* /etc/supervisor/conf.d/
+RUN mkdir -p /var/log/supervisor
+
+# Define the command to run per default
+CMD ["/usr/bin/supervisord", "-nc", "/etc/supervisor/supervisord.conf"]

25/Makefile

@@ -0,0 +1,63 @@
+MAKEFLAGS += --warn-undefined-variables
+SHELL := bash
+.SHELLFLAGS := -eu -o pipefail -c
+.DEFAULT_GOAL := all
+.DELETE_ON_ERROR:
+.SUFFIXES:
+.PHONY:
+
+# Environment switches
+REGISTRY ?=
+CANONICAL_NAME ?= node
+IMAGE_NAME ?= hausgold/$(CANONICAL_NAME)
+IMAGE_REF ?= 25
+IMAGE_URI := $(IMAGE_NAME):$(IMAGE_REF)
+
+# Host binaries
+CURL ?= curl
+DOCKER ?= docker
+EXIT ?= exit
+GREP ?= grep
+SLEEP ?= sleep
+TEST ?= test
+TIME ?= time
+
+# Define a retry helper
+define retry
+	if eval "$(1)"; then exit 0; fi; \
+	for i in 1; do sleep 10s; echo "Retrying $$i..."; \
+		if eval "$(1)"; then exit 0; fi; \
+	done; \
+	exit 1
+endef
+
+all:
+	# mDNS enabled official/node
+	#
+	# build          Build a development snapshot of the image
+	# test           Test the built Docker image
+	# publish        Push the new Docker image to the registry
+	#
+	# shell          You can start an individual session of the image for tests
+	# clean          Clean the current development snapshot
+
+build: clean
+	# Build the Docker image
+	@$(TIME) $(DOCKER) build --no-cache -t "$(IMAGE_URI)" .
+
+test:
+	# Test the built Docker image
+	#
+	# Not yet implemented.
+
+publish:
+	# Push the new Docker image to the registry
+	@$(call retry,$(TIME) $(SHELL) -c '$(DOCKER) push $(IMAGE_URI)')
+
+shell:
+	# Start an individual test session of the image
+	@$(DOCKER) run --rm -it "$(IMAGE_URI)" bash
+
+clean:
+	# Clean the current development snapshot
+	@$(DOCKER) rmi --force "$(IMAGE_URI)" || true

25/config/avahi.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+NSS_MDNS=$(dpkg -s libnss-mdns | grep Version: \
+  | cut -d: -f2 | cut -d- -f1 | tr -d ' ')
+
+if [ "${NSS_MDNS}" != '0.10' ]; then
+  # After nss-mdns >0.10 we need to reconfigure the allowed hosts to support
+  # multiple sub-domain resolution
+  cat > /etc/mdns.allow <<EOF
+.local.
+.local
+EOF
+
+  # And we need to make use of the +mdns+ nss module, not the minimal one so
+  # that the above configuration will be used (see:
+  # https://github.com/lathiat/nss-mdns)
+  sed -i 's/mdns4_minimal/mdns4/' /etc/nsswitch.conf
+fi
+
+# Configure the mDNS hostname on avahi
+if [ -n "${MDNS_HOSTNAME}" ]; then
+
+  # MDNS_HOSTNAME could be node.local or node.sub.local
+  IFS='.' read -ra MDNS_HOSTNAME_PARTS <<< "${MDNS_HOSTNAME}"
+
+  # Save the first part as host part
+  HOST_PART="${MDNS_HOSTNAME_PARTS[0]}"
+
+  # Shift the first part
+  MDNS_HOSTNAME_PARTS=("${MDNS_HOSTNAME_PARTS[@]:1}")
+
+  # Join the rest to the domain part
+  DOMAIN_PART=$(IFS='.'; echo "${MDNS_HOSTNAME_PARTS[*]}")
+
+  # Set the host and domain part on the avahi config
+  sed \
+    -e "s/.*\(host-name=\).*/\1${HOST_PART}/g" \
+    -e "s/.*\(domain-name=\).*/\1${DOMAIN_PART}/g" \
+    -e "s/.*\(enable-dbus=\).*/\1yes/g" \
+    -i /etc/avahi/avahi-daemon.conf
+
+  echo "Configured mDNS hostname to ${MDNS_HOSTNAME}"
+fi
+
+# Configure all mDNS CNAMEs on avahi
+if [ -n "${MDNS_CNAMES}" ]; then
+
+  # MDNS_CNAMES could be a single domain, or a comma-separated list
+  IFS=',' read -ra CNAMES <<< "${MDNS_CNAMES}"
+
+  for CNAME in "${CNAMES[@]}"; do
+    # Construct the command
+    COMMAND='/usr/bin/avahi-publish -f -a -R'
+    COMMAND+=" \"${CNAME}\" \`hostname -i\`"
+
+    # Write a new supervisord unit file
+    cat > "/etc/supervisor/conf.d/${CNAME}.conf" <<EOF
+[program:${CNAME}]
+priority=20
+directory=/tmp
+command=/bin/sh -c '${COMMAND}'
+user=root
+autostart=false
+autorestart=true
+stopsignal=KILL
+stopwaitsecs=1
+EOF
+
+    # Reload the supervisord config files and start
+    # the current publish service
+    supervisorctl update
+    supervisorctl start "${CNAME}"
+  done
+fi
+
+# Disable the rlimits from default debian
+sed \
+  -e 's/^\(rlimit\)/#\1/g' \
+  -i /etc/avahi/avahi-daemon.conf
+
+# If a avahi daemon is running, kill it
+avahi-daemon -c && avahi-daemon -k
+
+# Clean up orphans
+rm -rf /run/avahi-daemon/{pid,socket}
+
+# Start avahi
+exec avahi-daemon --no-rlimits

25/config/dbus.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# dbus-daemon tries to reads passwd/group data, and on an non-systemd system,
+# where systemd is configured for NSS it causes a 90 second hang. So we drop
+# the systemd configuration for NSS.
+#
+# See: https://github.com/systemd/systemd/issues/16471#issuecomment-662377106
+sed -i 's/ systemd//g' /etc/nsswitch.conf
+
+# Prepare the environment for dbus
+rm -rf /var/run/dbus /run/dbus
+mkdir -p /var/run/dbus/ /run/dbus
+chmod ugo+rwx /var/run/dbus/ /run/dbus
+
+# systemd service activation makes no sense on a non-systemd system.
+# Looks like this is not needed currently/anymore.
+# cat >/etc/dbus-1/system.d/no-systemd.conf <<EOF
+# <!DOCTYPE busconfig PUBLIC
+#  "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+#  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+# <busconfig>
+#   <limit name="service_start_timeout">1</limit>
+#   <servicehelper>/bin/true</servicehelper>
+# </busconfig>
+# EOF
+
+# Start dbus
+exec /usr/bin/dbus-daemon --system --nofork

25/config/haproxy.conf

@@ -0,0 +1,44 @@
+global
+  log /dev/log  local0
+  log /dev/log  local1 notice
+  chroot /var/lib/haproxy
+  stats socket /run/haproxy/admin.sock mode 660 level admin
+  stats timeout 30s
+  user haproxy
+  group haproxy
+  # daemon
+
+  # Default SSL material locations
+  ca-base /etc/ssl/certs
+  crt-base /etc/ssl/private
+
+  # Default ciphers to use on SSL-enabled listening sockets.
+  # For more information, see ciphers(1SSL). This list is from:
+  #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+  ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
+  ssl-default-bind-options no-sslv3
+
+defaults
+  log global
+  mode  http
+  option  httplog
+  option  dontlognull
+  timeout connect 5000
+  timeout client  300000
+  timeout server  300000
+  errorfile 400 /etc/haproxy/errors/400.http
+  errorfile 403 /etc/haproxy/errors/403.http
+  errorfile 408 /etc/haproxy/errors/408.http
+  errorfile 500 /etc/haproxy/errors/500.http
+  errorfile 502 /etc/haproxy/errors/502.http
+  errorfile 503 /etc/haproxy/errors/503.http
+  errorfile 504 /etc/haproxy/errors/504.http
+
+frontend http-in
+  bind *:80
+  option forwardfor
+  option http-server-close
+  use_backend rest
+
+backend rest
+  server localhost 127.0.0.1:3000

25/config/supervisor/avahi.conf

@@ -0,0 +1,14 @@
+[program:avahi]
+priority=10
+startretries=20
+directory=/tmp
+command=/usr/local/bin/avahi.sh
+user=root
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=KILL
+stopwaitsecs=1

25/config/supervisor/dbus.conf

@@ -0,0 +1,13 @@
+[program:dbus]
+priority=0
+directory=/tmp
+command=/usr/local/bin/dbus.sh
+user=root
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=KILL
+stopwaitsecs=1

25/config/supervisor/haproxy.conf

@@ -0,0 +1,13 @@
+[program:haproxy]
+priority=10
+directory=/tmp
+command=/bin/sh -c "mkdir -p /run/haproxy/ && exec /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg"
+user=root
+autostart=true
+autorestart=true
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
+# stderr_logfile=/dev/stderr
+# stderr_logfile_maxbytes=0
+stopsignal=KILL
+stopwaitsecs=1

latest

@@ -1 +1 @@
-24
+25