构建包含 SSH 和 LAMP 服务的 Docker 镜像

容器构建概述

• 容器配置有SSHD服务，且root密码为启动容器是随机生成，加强安全性
• 更新容器内软件源为国内镜像源，加快软件安装
• 容器有安装LAMP服务(版本5.5.x)，安装有各类php插件，可以用作安全靶场练习
• 部分情况下，资源缺少，可把容器模拟为虚拟机

entrypoint.sh文件内容

#!/bin/bash

# 生成随机 SSH 密码
PASSWORD=$(openssl rand -base64 12)

# 输出密码到日志文件
echo "Generated SSH password: $PASSWORD" > /root/password.log

# 设置 root 用户密码
echo "root:$PASSWORD" | chpasswd

# 启动 SSH 服务
/usr/sbin/sshd -D

Dockerfile文件

# 配置基础镜像
FROM ubuntu:14.04

# 设置维护人信息
LABEL maintainer="jianhua <jianhua@secme.local>"

# 配置为免交互模式
ENV DEBIAN_FRONTEND=noninteractive

# 配置时区
ENV TZ=Asia/Shanghai

# 安装软件和配置软件
RUN sed -i -e 's#archive.ubuntu.com#mirrors.ustc.edu.cn#g' -e 's#security.ubuntu.com#mirrors.ustc.edu.cn#g' /etc/apt/sources.list \
    && apt-get -y update \
    && apt-get -y --no-install-recommends install openssl apache2 php5 php5-mysql php5-gd php5-readline php5-xmlrpc php5-xsl mariadb-server wget unzip curl supervisor openssh-server \
    && mkdir -p /var/run/sshd \
    && sed -i 's#PermitRootLogin without-password#PermitRootLogin yes#g' /etc/ssh/sshd_config \
    && sed -i 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd \
    && sed -i 's/allow_url_include = Off/allow_url_include = On/g' /etc/php5/apache2/php.ini \
    && echo "ServerName localhost:80" >> /etc/apache2/apache2.conf \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* \
    && rm -rf /var/cache/apt/* \
    && rm -rf /var/log/* \
    && rm -rf /tmp/*

# 添加启动脚本
COPY entrypoint.sh /usr/local/bin/entrypoint.sh

# 设置权限
RUN chmod +x /usr/local/bin/entrypoint.sh

# 暴露端口
EXPOSE 80 3306 22

# 运行服务
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

构建镜像

➜  php559 ls ../php559 
Dockerfile  entrypoint.sh
➜  php559 docker build -t lnmp-sshd:v1 .
➜  ~ docker image ls -a | grep lamp-sshd
lamp-sshd          v1        ac2b8e93d625   7 hours ago     391MB
➜  ~ 

启动容器

➜  php559 docker run --name test -d -p 12222:22 -p 18080:80 -p 13306:3306 lnmp-sshd:v1
c692d503b006967e223e85b1a52274e28752bea49c105e936551703db23aaf3e
➜  php559 
➜  ~ docker exec test cat /var/log/password.log
Generated SSH password: Ue53dj7xEH0wGB5m
➜  ~ 

登录容器SSH

➜  ~ ssh -p 12222 root@172.17.0.4
The authenticity of host '172.17.0.4 (172.17.0.4)' can't be established.
ED25519 key fingerprint is SHA256:3DRPreVDfWugXpQwwy42MW7SUHMX2X0mimn7eKFgj80.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.17.0.4' (ED25519) to the list of known hosts.
root@172.17.0.4's password: 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-170-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@4a96098b91ca:~#