dalmosantos/Amazon Linux - Apache httpd

## Amazon Linux - Apache httpd
FROM amazonlinux:2.0.20200722.0 AS builder
USER root

WORKDIR /tmp

RUN yum repolist && yum update -y && \
    yum install -y --setopt=tsflags=nodocs httpd-devel tar gcc gcc-c++ perl make libtool hostname nss_wrapper gettext jq curl bind-utils httpd mod_ssl openssl && \
    # Install mod_jk
    curl -SL http://mirror.nbtelecom.com.br/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz -o tomcat-connectors-1.2.48-src.tar.gz &&  \
    tar -xzf tomcat-connectors-1.2.48-src.tar.gz && \
    cd tomcat-connectors-1.2.48-src/native/ && \
    ./configure --with-apxs=/bin/apxs && \
    make && \
    libtool --finish /usr/lib64/httpd/modules/ && \
    make install && \
    ls -ltr /usr/lib64/httpd/modules/

FROM amazonlinux:2.0.20200722.0
USER root
WORKDIR /usr/lib64/httpd/modules/

RUN yum repolist && yum update -y && \
    yum install -y --setopt=tsflags=nodocs tar yum-utils nss_wrapper gettext jq curl bind-utils httpd-tools httpd mod_ssl openssl && \
    # Configure SSL
    # Fix SSL 'SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty'
    # Fix SSL 'SSLCertificateKeyFile: file '/etc/pki/tls/private/localhost.key' does not exist or is empty'
    openssl req -x509 -nodes -days 365 -subj "/C=BR/ST=Sao Paulo/L=Sao Paulo/O=Itau Unibanco CA/CN=CA CERTIFICATE" -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt && \
    # Set output logs
    ln -sf /dev/stdout /var/log/httpd/access.log && \
    ln -sf /dev/stderr /var/log/httpd/error.log && \
    # Clean packages and disable yum repo
    yum clean all && \
    yum-config-manager --disable \* && \
    rm -rf /var/lib/yum/yumdb && \
    rm -rf /var/lib/yum/history && \
    rm -rf /var/cache/yum /tmp/* /var/log/*log

COPY --from=builder /usr/lib64/httpd/modules/mod_jk.so .

EXPOSE  80 443

CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

## Amazon Linux - OpenJDK8
#====================================
# Amazon Linux - OpenJDK8
#====================================

FROM amazonlinux:2.0.20200722.0

# User root user to install software
USER root

# Install Essentials
RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
    yum repolist && \
    yum update -y && \
    yum install -y epel-release && \
    yum install --setopt=tsflags=nodocs -y yum-utils openssl  unzip jq \
    java-1.8.0-openjdk-devel xmlstarlet saxon augeas bsdtar && \
    echo "securerandom.source=file:/dev/urandom" >> /usr/lib/jvm/jre/lib/security/java.security  && \
    echo export JAVA_HOME="/`alternatives  --display java | grep best | cut -d "/" -f 2-6`" >> /etc/environment && \
    # Clean packages and disable yum repo
    yum clean all && \
    yum-config-manager --disable \* && \
    rm -rf /var/lib/yum/yumdb && \
    rm -rf /var/lib/yum/history && \
    rm -rf /var/cache/yum /tmp/* /var/log/*log

# Set the JAVA_HOME variable to make it clear where Java is located
ENV JAVA_HOME /etc/alternatives/jre

## Dockerfile-Jenkins
FROM jenkins/jenkins:lts-slim

USER root

ARG DEBIAN_FRONTEND=noninteractive
# Install Essentials
RUN mkdir -p /usr/share/man/man1 && \
    apt-get update ; apt-get upgrade -y && \
# Install Packages
    apt-get install --no-install-recommends -y cpio  groff less rpm2cpio jq zip unzip vim-tiny sshpass git && \
# Install maven
    mkdir -p /usr/share/maven /usr/share/maven/ref && \
    curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz && \
    tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 && \
    rm -f /tmp/apache-maven.tar.gz && \
    ln -s /usr/share/maven/bin/mvn /usr/bin/mvn && \
#Install AWS CLI
    cd /tmp && \
    curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \
    unzip awscliv2.zip && \
    ./aws/install && \
# Install kubectl
    curl -fsSL https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
    chmod +x /usr/local/bin/kubectl && \
#Clean
    apt-get clean autoclean && \
    apt-get autoremove -y && \
    rm -rf /tmp/* \
           /var/lib/{apt,dpkg,cache,log} \
           /var/lib/apt/lists/* \
           /var/tmp/* \
           /var/log/*log \
           /usr/share/doc/*
USER jenkins
WORKDIR /var/jenkins
ENV SECRETS_DIR=/run/secrets
# Whether to skip setup wizard
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
# Creates username and password specified through environment variables JENKINS_USER_SECRET and JENKINS_PASS_SECRET
COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy

# Setting the number of executors
#COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy

# Install groovy global libraries for pipeline plugin
#COPY var/jenkins_home/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml /usr/share/jenkins/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml

# Install a list of plugins from the file 'plugins.txt' and their dependencies
COPY plugins-1.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt

## plugins.txt
ace-editor
amazon-ecs
amazon-ecr
ansicolor
antisamy-markup-formatter
apache-httpcomponents-client-4-api
async-http-client
authentication-tokens
authorize-project
aws-codepipeline
backup
beer
blueocean-autofavorite
blueocean-commons
blueocean-config
blueocean-core-js
blueocean-dashboard
blueocean-display-url
blueocean-events
blueocean-git-pipeline
blueocean-i18n
blueocean-jira
blueocean
blueocean-jwt
blueocean-personalization
blueocean-pipeline-api-impl
blueocean-pipeline-editor
blueocean-pipeline-scm-api
blueocean-rest-impl
blueocean-rest
blueocean-web
bouncycastle-api
branch-api
build-timeout
build-timestamp
chucknorris
cloudbees-folder
command-launcher
configuration-as-code
credentials
credentials-binding
dashboard-view
display-url-api
docker-plugin
dtkit-api
durable-task
ec2
extended-choice-parameter
external-monitor-job
favorite
filesystem_scm
git-changelog
git-client
git
greenballs
groovy
handlebars
handy-uri-templates-2-api
htmlpublisher
http-post
http_request
icon-shim
jackson2-api
javadoc
jdk-tool
jenkins-design-language
jira
jobConfigHistory
job-restrictions
jquery-detached
jquery
jsch
junit
kerberos-sso
kubernetes
ldap
locale
lockable-resources
mailer
mapdb-api
mask-passwords
matrix-auth
matrix-project
maven-plugin
metrics
momentjs
monitoring
openshift-client
ownership
pam-auth
performance
pipeline-aws
pipeline-build-step
pipeline-graph-analysis
pipeline-input-step
pipeline-milestone-step
pipeline-model-api
pipeline-model-definition
pipeline-model-extensions
pipeline-rest-api
pipeline-restful-api
pipeline-stage-step
pipeline-stage-tags-metadata
pipeline-stage-view
pipeline-utility-steps
publish-over-cifs
plain-credentials
postbuildscript
prometheus
pubsub-light
rebuild
resource-disposer
role-strategy
scm-api
scm-httpclient
scoverage
script-security
schedule-build
security-inspector
seleniumhtmlreport
selenium
sse-gateway
ssh-agent
ssh-credentials
ssh
ssh-slaves
structs
thinBackup
timestamper
token-macro
variant
windows-slaves
workflow-aggregator
workflow-api
workflow-basic-steps
workflow-cps-global-lib
workflow-cps
workflow-durable-task-step
workflow-job
workflow-multibranch
workflow-scm-step
workflow-step-api
workflow-support
ws-cleanup
xunit

## security.groovy
#!groovy

import jenkins.model.*
import hudson.security.*
import jenkins.security.s2m.AdminWhitelistRule

def instance = Jenkins.getInstance()

def user = new File(System.getenv()["SECRETS_DIR"] + "/jenkins-user").text.trim()
def pass = new File(System.getenv()["SECRETS_DIR"] + "/jenkins-pass").text.trim()

println "Creating user " + user + "..."

def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount(user, pass)
instance.setSecurityRealm(hudsonRealm)

def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
instance.setAuthorizationStrategy(strategy)
instance.save()

Jenkins.instance.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)

println "User " + user + " was created"
	FROM amazonlinux:2.0.20200722.0 AS builder
	USER root

	WORKDIR /tmp

	RUN yum repolist && yum update -y && \
	yum install -y --setopt=tsflags=nodocs httpd-devel tar gcc gcc-c++ perl make libtool hostname nss_wrapper gettext jq curl bind-utils httpd mod_ssl openssl && \
	# Install mod_jk
	curl -SL http://mirror.nbtelecom.com.br/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz -o tomcat-connectors-1.2.48-src.tar.gz && \
	tar -xzf tomcat-connectors-1.2.48-src.tar.gz && \
	cd tomcat-connectors-1.2.48-src/native/ && \
	./configure --with-apxs=/bin/apxs && \
	make && \
	libtool --finish /usr/lib64/httpd/modules/ && \
	make install && \
	ls -ltr /usr/lib64/httpd/modules/

	FROM amazonlinux:2.0.20200722.0
	USER root
	WORKDIR /usr/lib64/httpd/modules/

	RUN yum repolist && yum update -y && \
	yum install -y --setopt=tsflags=nodocs tar yum-utils nss_wrapper gettext jq curl bind-utils httpd-tools httpd mod_ssl openssl && \
	# Configure SSL
	# Fix SSL 'SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty'
	# Fix SSL 'SSLCertificateKeyFile: file '/etc/pki/tls/private/localhost.key' does not exist or is empty'
	openssl req -x509 -nodes -days 365 -subj "/C=BR/ST=Sao Paulo/L=Sao Paulo/O=Itau Unibanco CA/CN=CA CERTIFICATE" -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt && \
	# Set output logs
	ln -sf /dev/stdout /var/log/httpd/access.log && \
	ln -sf /dev/stderr /var/log/httpd/error.log && \
	# Clean packages and disable yum repo
	yum clean all && \
	yum-config-manager --disable \* && \
	rm -rf /var/lib/yum/yumdb && \
	rm -rf /var/lib/yum/history && \
	rm -rf /var/cache/yum /tmp/* /var/log/*log

	COPY --from=builder /usr/lib64/httpd/modules/mod_jk.so .

	EXPOSE 80 443

	CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
	#====================================
	# Amazon Linux - OpenJDK8
	#====================================

	FROM amazonlinux:2.0.20200722.0

	# User root user to install software
	USER root

	# Install Essentials
	RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
	yum repolist && \
	yum update -y && \
	yum install -y epel-release && \
	yum install --setopt=tsflags=nodocs -y yum-utils openssl unzip jq \
	java-1.8.0-openjdk-devel xmlstarlet saxon augeas bsdtar && \
	echo "securerandom.source=file:/dev/urandom" >> /usr/lib/jvm/jre/lib/security/java.security && \
	echo export JAVA_HOME="/`alternatives --display java \| grep best \| cut -d "/" -f 2-6`" >> /etc/environment && \
	# Clean packages and disable yum repo
	yum clean all && \
	yum-config-manager --disable \* && \
	rm -rf /var/lib/yum/yumdb && \
	rm -rf /var/lib/yum/history && \
	rm -rf /var/cache/yum /tmp/* /var/log/*log

	# Set the JAVA_HOME variable to make it clear where Java is located
	ENV JAVA_HOME /etc/alternatives/jre
	FROM jenkins/jenkins:lts-slim

	USER root

	ARG DEBIAN_FRONTEND=noninteractive
	# Install Essentials
	RUN mkdir -p /usr/share/man/man1 && \
	apt-get update ; apt-get upgrade -y && \
	# Install Packages
	apt-get install --no-install-recommends -y cpio groff less rpm2cpio jq zip unzip vim-tiny sshpass git && \
	# Install maven
	mkdir -p /usr/share/maven /usr/share/maven/ref && \
	curl -fsSL -o /tmp/apache-maven.tar.gz https://apache.osuosl.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz && \
	tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 && \
	rm -f /tmp/apache-maven.tar.gz && \
	ln -s /usr/share/maven/bin/mvn /usr/bin/mvn && \
	#Install AWS CLI
	cd /tmp && \
	curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \
	unzip awscliv2.zip && \
	./aws/install && \
	# Install kubectl
	curl -fsSL https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \
	chmod +x /usr/local/bin/kubectl && \
	#Clean
	apt-get clean autoclean && \
	apt-get autoremove -y && \
	rm -rf /tmp/* \
	/var/lib/{apt,dpkg,cache,log} \
	/var/lib/apt/lists/* \
	/var/tmp/* \
	/var/log/*log \
	/usr/share/doc/*
	USER jenkins
	WORKDIR /var/jenkins
	ENV SECRETS_DIR=/run/secrets
	# Whether to skip setup wizard
	ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
	# Creates username and password specified through environment variables JENKINS_USER_SECRET and JENKINS_PASS_SECRET
	COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy

	# Setting the number of executors
	#COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy

	# Install groovy global libraries for pipeline plugin
	#COPY var/jenkins_home/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml /usr/share/jenkins/ref/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml

	# Install a list of plugins from the file 'plugins.txt' and their dependencies
	COPY plugins-1.txt /usr/share/jenkins/ref/plugins.txt
	RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
	ace-editor
	amazon-ecs
	amazon-ecr
	ansicolor
	antisamy-markup-formatter
	apache-httpcomponents-client-4-api
	async-http-client
	authentication-tokens
	authorize-project
	aws-codepipeline
	backup
	beer
	blueocean-autofavorite
	blueocean-commons
	blueocean-config
	blueocean-core-js
	blueocean-dashboard
	blueocean-display-url
	blueocean-events
	blueocean-git-pipeline
	blueocean-i18n
	blueocean-jira
	blueocean
	blueocean-jwt
	blueocean-personalization
	blueocean-pipeline-api-impl
	blueocean-pipeline-editor
	blueocean-pipeline-scm-api
	blueocean-rest-impl
	blueocean-rest
	blueocean-web
	bouncycastle-api
	branch-api
	build-timeout
	build-timestamp
	chucknorris
	cloudbees-folder
	command-launcher
	configuration-as-code
	credentials
	credentials-binding
	dashboard-view
	display-url-api
	docker-plugin
	dtkit-api
	durable-task
	ec2
	extended-choice-parameter
	external-monitor-job
	favorite
	filesystem_scm
	git-changelog
	git-client
	git
	greenballs
	groovy
	handlebars
	handy-uri-templates-2-api
	htmlpublisher
	http-post
	http_request
	icon-shim
	jackson2-api
	javadoc
	jdk-tool
	jenkins-design-language
	jira
	jobConfigHistory
	job-restrictions
	jquery-detached
	jquery
	jsch
	junit
	kerberos-sso
	kubernetes
	ldap
	locale
	lockable-resources
	mailer
	mapdb-api
	mask-passwords
	matrix-auth
	matrix-project
	maven-plugin
	metrics
	momentjs
	monitoring
	openshift-client
	ownership
	pam-auth
	performance
	pipeline-aws
	pipeline-build-step
	pipeline-graph-analysis
	pipeline-input-step
	pipeline-milestone-step
	pipeline-model-api
	pipeline-model-definition
	pipeline-model-extensions
	pipeline-rest-api
	pipeline-restful-api
	pipeline-stage-step
	pipeline-stage-tags-metadata
	pipeline-stage-view
	pipeline-utility-steps
	publish-over-cifs
	plain-credentials
	postbuildscript
	prometheus
	pubsub-light
	rebuild
	resource-disposer
	role-strategy
	scm-api
	scm-httpclient
	scoverage
	script-security
	schedule-build
	security-inspector
	seleniumhtmlreport
	selenium
	sse-gateway
	ssh-agent
	ssh-credentials
	ssh
	ssh-slaves
	structs
	thinBackup
	timestamper
	token-macro
	variant
	windows-slaves
	workflow-aggregator
	workflow-api
	workflow-basic-steps
	workflow-cps-global-lib
	workflow-cps
	workflow-durable-task-step
	workflow-job
	workflow-multibranch
	workflow-scm-step
	workflow-step-api
	workflow-support
	ws-cleanup
	xunit
	#!groovy

	import jenkins.model.*
	import hudson.security.*
	import jenkins.security.s2m.AdminWhitelistRule

	def instance = Jenkins.getInstance()

	def user = new File(System.getenv()["SECRETS_DIR"] + "/jenkins-user").text.trim()
	def pass = new File(System.getenv()["SECRETS_DIR"] + "/jenkins-pass").text.trim()

	println "Creating user " + user + "..."

	def hudsonRealm = new HudsonPrivateSecurityRealm(false)
	hudsonRealm.createAccount(user, pass)
	instance.setSecurityRealm(hudsonRealm)

	def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
	instance.setAuthorizationStrategy(strategy)
	instance.save()

	Jenkins.instance.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)

	println "User " + user + " was created"