protik77/pixelserv-tls-arm

Dockerized pixelserv-tls for ARM based Raspberry Pi

pixelserv-tls-arm

Dockerized pixelserv-tls for ARM based Raspberry Pi

ℹ️ This project is derived from imTHAI/docker-pixelserv-tls.

Features

• (From v0.2) Based on arm32v7/debian:jessie-slim.
• Image size is more or less 81MB.
• (Before v0.2) Based on arm32v7/debian:buster-slim. HTTPS connection fails for unknown reason in buster based images.

Using the docker image

• Pull the image from docker hub by doing,

docker pull protik77/pixelserv-tls-arm

• Create a script named run_container.sh by copying the code below.

#!/bin/bash

SERVICE=rpi_pix
TAG=protik77/pixelserv-tls-arm

# stop if running
docker container stop $SERVICE

# remove container
docker container rm $SERVICE

docker container run \
    -d \
    --name $SERVICE \
    -p 80:80 \
    -p 443:443 \
    -v $(pwd)/cache:/var/cache/pixelserv \
    --restart unless-stopped \
    $TAG

docker container exec -it $SERVICE chown -R nobody /var/cache/pixelserv

• Give the script executable permission by doing,

chmod u+x run_container.sh

• Generate a CA cert using pixelserv developer kvic's guide.

• Now one should have a ca.crt and ca.key file from the key generation command.

• Create a directory named cache in the same directory as the run_container.sh script.

• Copy the ca.crt and ca.key file into the cache directory.

• Now from the same directory, run the run_container.sh script by doing,

./run_container.sh

This script defines two variables named SERVICE and TAG. The SERVICE variable is the name of the container or the service. The TAG variable is the docker hub image name. The script first stops any running container or service of the same name and then removes it. If the container or service does not exist, it will throw an error but the rest of the commands will run without any issues. Finally creates another container or service with the same name. Along the way it mounts the cache directory to the /var/cache/pixelserv directory, opens port 80 and 443 and sets restart policy to unless-stopped. Finally in the last line, the necessary permissions are given to the /var/cache/pixelserv directory.

Final folder structure

If the folder is named pixelserv-tls-arm, then the final folder structure should look something like this,

pixelserv-tls-arm
├── cache
│   ├── ca.crt
│   └── ca.key
└── run_container.sh

Testing the container

If the container accepts HTTPS request with the created ca.crt, that means the container is working as intended. To do this, one can issue the following command from the command line of the host machine,

curl https://localhost/servstats --cafile /path/to/ca.crt

Note: Make sure to put the real full path for the ca.crt file.

If this command returns the html code of the /servstats page, that would mean the container is working as intended.

What's different? Or why not imTHAI/docker-pixelserv-tls?

• The imTHAI/docker-pixelserv-tls image is based on alpine image which does not work on Raspberry Pi, as the Pi is based on ARM processor.
• I am not very familiar with alpine, so could not stabilize the alipine based image on my Raspberry Pi. The image was very unstable. So decided to change the base image to a debian based one. So far in my testing, the image is rock solid.
• Even though the size is a bit larger compared to the alpine one, use of debian based image provides stability and extensibility.