3CX inside Docker container (2024)

Docker hub image: https://hub.docker.com/r/farfui/3cx/

Running the container

1. Create a macvlan network. This is an example and you have to translate this command to map your needs.
   

   Code:

   docker network create \ -d macvlan \ --subnet 192.168.1.0/24 \ --gateway 192.168.1.1 \ -o parent=eth0 mv_eth0

• Run the container
  

  Code:

  docker run \ -d \ --hostname {YOUR HOSTNAME} \ --memory {MEMORY} \ --memory-swap {SWAP MEMORY} \ --ip {IP ADDRESS} \ --network mv_eth0 \ --restart unless-stopped \ -v 3cx_backup:/mnt/backup \ -v 3cx_recordings:/mnt/recordings \ -v 3cx_log:/var/log \ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ --cap-add SYS_ADMIN \ --name 3cx \ farfui/3cx:15.5

• Setup the timezone. You can find the full listing under "/usr/share/zoneinfo/".
  

  Code:

  docker exec 3cx timedatectl set-timezone {YOUR ZONE INFO}

• Start 3CX Wizard for initial setup
  

  Code:

  docker exec -ti 3cx /usr/sbin/3CXWizard --cleanup

build.sh - How this container was build

#!/bin/bashdocker build --force-rm --no-cache --build-arg BUILD_STRING="$(date -u)" --build-arg BUILD_DATE="$(date +%d-%m-%Y)" --build-arg BUILD_TIME="$(date +%H:%M:%S)" -t 3cx_stage1 .docker run -d --privileged --name 3cx_stage1_c 3cx_stage1docker exec 3cx_stage1_c bash -c \ " systemctl mask systemd-logind console-getty.service [emailprotected] getty-static.service [emailprotected] [emailprotected] getty.target \ && systemctl enable nginx exim4 postgresql \ && echo 1 | apt-get -y install 3cxpbx"docker stop 3cx_stage1_cdocker commit 3cx_stage1_c farfui/3cx:15.5docker push farfui/3cx:15.5docker rm 3cx_stage1_cdocker rmi 3cx_stage1

Dockerfile

FROM debian:stretchARG BUILD_STRINGARG BUILD_DATEARG BUILD_TIMELABEL build.string $BUILD_STRINGLABEL build.date $BUILD_DATELABEL build.time $BUILD_TIMEENV DEBIAN_FRONTEND noninteractiveENV LANG en_US.UTF-8ENV LANGUAGE enENV container dockerRUN apt-get update \ && apt-get update -y \ && apt-get upgrade -y \ && apt-get install -y --allow-unauthenticated \ apt-utils \ wget \ gnupg2 \ systemd \ locales \ && sed -i 's/\# \(en_US.UTF-8\)/\1/' /etc/locale.gen \ && locale-gen \ && wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add - \ && echo "deb http://downloads.3cx.com/downloads/debian stretch main" | tee /etc/apt/sources.list.d/3cxpbx.list \ && apt-get update -y \ && apt-get install -y --allow-unauthenticated \ libcurl3=7.38.0-4+deb8u5 \ $(apt-cache depends 3cxpbx | grep Depends | sed "s/.*ends:\ //" | tr '\n' ' ') \ && rm -f /lib/systemd/system/multi-user.target.wants/* \ && rm -f /etc/systemd/system/*.wants/* \ && rm -f /lib/systemd/system/local-fs.target.wants/* \ && rm -f /lib/systemd/system/sockets.target.wants/*udev* \ && rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && rm -f /lib/systemd/system/basic.target.wants/* \ && rm -f /lib/systemd/system/anaconda.target.wants/*EXPOSE 5015/tcp 5001/tcp 5060/tcp 5060/udp 5061/tcp 5090/tcp 5090/udp 9000-9500/udpCMD ["/lib/systemd/systemd"]

farfui said:

FROM debian:stretch

ENV DEBIAN_FRONTEND noninteractive
ENV container docker

RUN echo 'deb http://ftp.de.debian.org/debian/ jessie main' | tee -a /etc/apt/sources.list \

Click to expand...

nice one, much the same to what I played with, some parts are much nicer handled with the mac vlan.
Just the repo use this lines:

wget -O- http://downloads.3cx.com/downloads/3cxpbx/public.key | apt-key add -
echo "deb http://downloads.3cx.com/downloads/debian stretch main" | tee /etc/apt/sources.list.d/3cxpbx.list
apt-get install libcurl3=7.38.0-4+deb8u5
apt-get update
apt-get install 3cxpbx

Thank you. I've updated the image in the docker hub and the original post.

According to this post https://www.3cx.com/blog/docs/linux-version-9-stretch/ we have to install
libicu52 and libssl1.0.0 . Are they still needed?

It is not possible to run apt-get install 3cxpbx from within the Dockerfile because 3cx requires a running systemd and you can not run systemd from command line because it must bu run with PID 1, hence you have to build an intermediate image and then run that image and use "docker exec ..." to install 3cxpbx on it. Is it possible to install 3cxpbx without systemd?

It would be great if we could get rid of the --privileged flag and instead use

--cap-add=SYS_ADMIN –v /sys/fs/cgroup:/sys/fs/cgroup:ro

which is required for systemd. This would dramatically increase the security of the container. The problem is that 3cx crashes when trying to enumerate the interfaces and more specifically when trying to access the file /sys/class/net/lo/operstate. I suppose that is because docker is automatically enforcing the docker-default apparmor profile https://github.com/moby/moby/blob/master/profiles/apparmor/template.go . One solution would be to rewrite that profile and enforce it with --security-opt apparmor=docker-3cx . Is there more elegant solution to this?

farfui said:

libicu52 and libssl1.0.0

Click to expand...

no, only libcurl3=7.38.0-4+deb8u5 is needed for strech debian 9

farfui said:

3cxpbx without systemd?

Click to expand...

no and this is a bit the pitfall, Docker is great for a single app running inside of it (Apache+php is still fine). 3CX looks like one but packages 8 different services.

Yes, better. I also added

ENV LANGUAGE ensed -i 's/\# \(en_US.UTF-8\)/\1/' /etc/locale.gen \locale-gen \

PS
The original post is also edited.

There is a little bit more secure method of running the container without --privileged mode. You can disable docker-default apparmor profile with

--security-opt apparmor=unconfined

and you have to add this

--cap-add SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro

for systemd to work correctly.
That way you will keep enabled seccomp kernel facilities and will not enable all the kernel capabilities.

PS
The original post is also edited.