#!/bin/bash
set -e
if [ ! -f /var/app/.initialized ]; then
######## First Time ########
echo "First run. Setting up ..."
mkdir -p /var/app
touch /var/app/.initialized
# ユーザーが存在しない場合のみ作成する
if id "${UNAME}" &>/dev/null; then
echo "User ${UNAME} already exists. Skipping creation."
else
# 同名グループが無ければ作成する
if ! getent group "${UNAME}" &>/dev/null; then
echo "Creating group ${UNAME} with GID=${GID}"
groupadd -g ${GID} ${UNAME}
else
echo "Group ${UNAME} already exists. Skipping group creation."
fi
echo "Creating user ${UNAME} with UID=${UID}, GID=${GID}"
useradd -m -u ${UID} -g ${GID} -s /bin/bash ${UNAME}
echo "${UNAME}:${PASS}" | chpasswd
adduser ${UNAME} sudo
fi
# ホームディレクトリの Owner が root:root になることがあるので明示的に変更する。
chown -v ${UNAME}:${UNAME} /home/${UNAME}
# SSHD のポート番号を変更する
sed -i "s/^Port.*/Port ${SSHD_PORT}/" /etc/ssh/sshd_config
else
######## Second Time or Later ########
echo "Starting for the second time or later ..."
fi
# supervisord start (background)
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf &
# Execute Commands in CMD
if [ "$#" -gt 0 ]; then
exec "$@"
else
echo "No command provided. Starting bash ..."
exec bash
fi
First run. Setting up ... ← 生成された Container 内で entrypoint.sh が実行される
Creating group www with GID=3000
Creating user www with UID=3000, GID=3000
info: Adding user `www' to group `sudo' ...
ownership of '/home/www' retained as www:www
No command provided. Starting bash ...
2025-05-12 12:23:43,794 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. \
If you intend to run as root, you can set user=root in the config file to avoid this message.
2025-05-12 12:23:43,795 INFO supervisord started with pid 40
2025-05-12 12:23:44,799 INFO spawned: 'apache2' with pid 43
2025-05-12 12:23:44,801 INFO spawned: 'php-fpm' with pid 44
2025-05-12 12:23:44,802 INFO spawned: 'sshd' with pid 45
2025-05-12 12:23:45,822 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-05-12 12:23:45,823 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-05-12 12:23:45,823 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
# ← Container 内の対話環境 (root 権限の bash) が動く
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.11.0-25-generic x86_64)
...
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.
www $
(Container 内の www 権限で) パスワードを変更する。
www $ passwd
Changing password for guest.
Current password: パスワード ← エコーバックされない
New password: 新しいパスワード ← エコーバックされない
Retype new password: 新しパスワード ← エコーバックされない
passwd: password updated successfully
$ ssh -p 11022 www@localhost
The authenticity of host '[localhost]:11022 ([127.0.0.1]:11022)' can't be established.
ED25519 key fingerprint is SHA256:qFfoWarJPGj1PdGzxmoI32TAs06byIOBrrewHN/5GCE.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:11022' (ED25519) to the list of known hosts.
www@localhost's password: ← www のパスワードを入力する。エコーバックされない。
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.11.0-25-generic x86_64) ← Container 内の www 権限の対話環境にネットワーク経由でアクセスする
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.
www $
(Container 内の www 権限の対話環境で) ユーザ名を確認する。
www $ whoami
www
(Container 内の www 権限の対話環境で) ホームディレクトリを確認する。
www $ pwd
/home/www
(Container 内の www 権限の対話環境で) ホームディレクトリのファイルを確認する。
www $ ls -a
. .. .bash_history .bash_logout .bashrc .cache .profile
$ sudo ufw allow from 0.0.0.0/0 to any port 11022 proto tcp
$ sudo ufw allow from 0.0.0.0/0 to any port 11080 proto tcp
$ sudo ufw allow from 0.0.0.0/0 to any port 11443 proto tcp
(ホスト OS の対話環境で) ファイアウォールの状態を確認する。
外部から特定のポートへのアクセスが追加された。
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.11.0-25-generic x86_64) ← Container の www 権限の対話環境が始まる
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
Last login: Mon May 12 12:28:50 2025 from 172.17.0.1
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.
$ whoami
www
$ pwd
/home/www
$ ls -a
. .. .bash_history .bash_logout .bashrc .cache .profile
$ exit ← Container の www 権限の対話環境を終了する
logout
Connection to 192.168.12.3 closed.
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
ebbd998b2086 bridge bridge local
17420af9f271 host host local
557533733a33 macvlan_net macvlan local
a3538f29efc6 none null local
$ docker network ls --no-trunc
NETWORK ID NAME DRIVER SCOPE
ebbd998b20868aea17c1e9f3cd85edb3c7c0ce9181edfe9b308284604275e136 bridge bridge local
17420af9f27199ef5081c56e85910d913c73ae8f3885e48e4ed0b09a06d48016 host host local
557533733a33e84ca9eb665736f6a273414778f30a3e744411596008728b0b2b macvlan_net macvlan local
a3538f29efc60166d3f639d42894eff9f902649036619190011c3a66b262a06a none null local
First run. Setting up ...
Creating group www with GID=2000
Creating user www with UID=2000, GID=2000
info: Adding user `www' to group `sudo' ...
ownership of '/home/www' retained as www:www
No command provided. Starting bash ...
root@961393dcc800:/# 2025-05-18 07:08:19,525 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
2025-05-18 07:08:19,527 INFO supervisord started with pid 40
2025-05-18 07:08:20,529 INFO spawned: 'apache2' with pid 43
2025-05-18 07:08:20,531 INFO spawned: 'php-fpm' with pid 44
2025-05-18 07:08:20,533 INFO spawned: 'sshd' with pid 45
2025-05-18 07:08:21,568 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-05-18 07:08:21,569 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-05-18 07:08:21,569 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
# ← Container 内の対話環境 (root 権限の bash) が動く
# iptables -L
bash: iptables: command not found
# ufw status
bash: ufw: command not found
手動で firewall を設定する。
ufw をインストールする。
# apt update && apt install -y ufw
ufw を有効化する
# ufw enable
Status: active
# ufw allow from 0.0.0.0/0 to any port 22 proto tcp
Rule added
# ufw allow from 0.0.0.0/0 to any port 80 proto tcp
Rule added
# ufw allow from 0.0.0.0/0 to any port 443 proto tcp
Rule added
外部からのアクセスはデフォルトで禁止にする。
# ufw default deny incoming
ファイアウォールの設定状況を見る
# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
$ sudo ufw status
...
WARN: initcaps
[Errno 2] iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)
Rules updated