Merge pull request #15 from junkurihara/minimize-docker

feat: alpine and musl-based minimized docker image

.dockerignore

@@ -3,3 +3,4 @@ bench/
 .vscode/
 .private/
 .github/
+example-certs/

.github/workflows/docker_build_push.yml

@@ -26,11 +26,19 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build and push
+      - name: Build and push x86_64
         uses: docker/build-push-action@v3
         with:
           context: .
           push: true
           tags: |
             ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest
-          file: ./Dockerfile
+          file: ./docker/amd64/Dockerfile
+      - name: Build and push x86_64
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:slim, ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest-slim
+          file: ./docker/amd64-slim/Dockerfile

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Jun Kurihara
+Copyright (c) 2023 Jun Kurihara
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -221,7 +221,7 @@ You can also use [docker image](https://hub.docker.com/r/jqtype/rpxy) instead of
 - `LOG_LEVEL=debug|info|warn|error`: Log level
 - `LOG_TO_FILE=true|false`: Enable logging to the log file `/var/log/rpxy/rpxy.log` using `logrotate`. You should mount `/var/log/rpxy` via docker volume option if enabled.
 
-Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker-compose.yml`](./docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
+Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
 
 ## Example
 

docker/amd64-slim/Dockerfile

@@ -0,0 +1,45 @@
+########################################
+FROM messense/rust-musl-cross:x86_64-musl as builder
+
+ENV TARGET_DIR=x86_64-unknown-linux-musl
+ENV CFLAGS=-Ofast
+
+WORKDIR /tmp
+
+COPY . /tmp/
+
+ENV RUSTFLAGS "-C link-arg=-s"
+
+RUN echo "Building rpxy from source" && \
+  cargo build --release && \
+  musl-strip --strip-all /tmp/target/${TARGET_DIR}/release/rpxy
+
+########################################
+FROM alpine:latest as runner
+LABEL maintainer="Jun Kurihara"
+
+ENV TAG_NAME=amd64-slim
+ENV TARGET_DIR=x86_64-unknown-linux-musl
+ENV RUNTIME_DEPS logrotate ca-certificates
+
+RUN apk add --no-cache ${RUNTIME_DEPS} && \
+  update-ca-certificates && \
+  mkdir -p /opt/rpxy/sbin &&\
+  mkdir -p /var/log/rpxy && \
+  touch /var/log/rpxy/rpxy.log
+
+COPY --from=builder /tmp/target/${TARGET_DIR}/release/rpxy /opt/rpxy/sbin/rpxy
+COPY ./docker/${TAG_NAME}/run.sh /
+COPY ./docker/entrypoint.sh /
+
+RUN chmod 755 /run.sh && \
+  chmod 755 /entrypoint.sh
+
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+ENV SSL_CERT_DIR=/etc/ssl/certs
+
+EXPOSE 80 443
+
+CMD ["/entrypoint.sh"]
+
+ENTRYPOINT ["/entrypoint.sh"]

docker/amd64-slim/run.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env sh
+
+LOG_FILE=/var/log/rpxy/rpxy.log
+CONFIG_FILE=/etc/rpxy.toml
+LOG_SIZE=10M
+LOG_NUM=10
+
+# logrotate
+if [ $LOGROTATE_NUM ]; then
+  LOG_NUM=${LOGROTATE_NUM}
+fi
+if [ $LOGROTATE_SIZE ]; then
+  LOG_SIZE=${LOGROTATE_SIZE}
+fi
+
+cat > /etc/logrotate.conf << EOF
+# see "man logrotate" for details
+# rotate log files weekly
+weekly
+# use the adm group by default, since this is the owning group
+# of /var/log/syslog.
+su root adm
+# keep 4 weeks worth of backlogs
+rotate 4
+# create new (empty) log files after rotating old ones
+create
+# use date as a suffix of the rotated file
+#dateext
+# uncomment this if you want your log files compressed
+#compress
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+# system-specific logs may be also be configured here.
+EOF
+
+cat > /etc/logrotate.d/rpxy.conf << EOF
+${LOG_FILE} {
+    dateext
+    daily
+    missingok
+    rotate ${LOG_NUM}
+    notifempty
+    compress
+    delaycompress
+    dateformat -%Y-%m-%d-%s
+    size ${LOG_SIZE}
+    copytruncate
+}
+EOF
+
+cp -f /etc/periodic/daily/logrotate /etc/periodic/15min
+crond restart
+
+# debug level logging
+if [ -z $LOG_LEVEL ]; then
+  LOG_LEVEL=info
+fi
+echo "rpxy: Logging with level ${LOG_LEVEL}"
+
+RUST_LOG=${LOG_LEVEL} /opt/rpxy/sbin/rpxy --config ${CONFIG_FILE}

docker/amd64/Dockerfile

@@ -1,3 +1,4 @@
+
 FROM ubuntu:22.04 AS base
 LABEL maintainer="Jun Kurihara"
 
@@ -28,6 +29,7 @@ RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS &&
 ########################################
 FROM base AS runner
 
+ENV TAG_NAME=amd64
 ENV RUNTIME_DEPS logrotate ca-certificates
 
 RUN apt-get update && \
@@ -40,8 +42,8 @@ RUN apt-get update && \
   touch /var/log/rpxy/rpxy.log
 
 COPY --from=builder /tmp/target/release/rpxy /opt/rpxy/sbin/rpxy
-COPY docker-bin/run.sh /
-COPY docker-bin/entrypoint.sh /
+COPY ./docker/${TAG_NAME}/run.sh /
+COPY ./docker/entrypoint.sh /
 
 RUN chmod 755 /run.sh && \
   chmod 755 /entrypoint.sh

docker/amd64/run.sh

@@ -1,3 +1,4 @@
+
 #!/usr/bin/env sh
 
 LOG_FILE=/var/log/rpxy/rpxy.log

docker/docker-compose.yml

@@ -8,13 +8,14 @@ services:
       - 127.0.0.1:8080:8080
       - 127.0.0.1:8443:8443
     build:
-      context: ./
+      context: ../
+      dockerfile: ./docker/amd64/Dockerfile
     environment:
       - LOG_LEVEL=debug
       - LOG_TO_FILE=false
     tty: false
     privileged: true
     volumes:
-      - ./example-certs/server.crt:/certs/server.crt:ro
-      - ./example-certs/server.key:/certs/server.key:ro
-      - ./config-example.toml:/etc/rpxy.toml:ro
+      - ../example-certs/server.crt:/certs/server.crt:ro
+      - ../example-certs/server.key:/certs/server.key:ro
+      - ../config-example.toml:/etc/rpxy.toml:ro