feat: docker non-root uid and gid

This commit is contained in:
Jun Kurihara 2023-06-17 13:45:38 +09:00
commit fa03e7d5e7
No known key found for this signature in database
GPG key ID: 48ADFD173ED22B03
11 changed files with 184 additions and 157 deletions

View file

@ -0,0 +1,46 @@
########################################
FROM messense/rust-musl-cross:x86_64-musl as builder
ENV TARGET_DIR=x86_64-unknown-linux-musl
ENV CFLAGS=-Ofast
WORKDIR /tmp
COPY . /tmp/
ENV RUSTFLAGS "-C link-arg=-s"
RUN echo "Building rpxy from source" && \
cargo build --release && \
musl-strip --strip-all /tmp/target/${TARGET_DIR}/release/rpxy
########################################
FROM alpine:latest as runner
LABEL maintainer="Jun Kurihara"
ENV TAG_NAME=amd64-slim
ENV TARGET_DIR=x86_64-unknown-linux-musl
ENV RUNTIME_DEPS logrotate ca-certificates su-exec
RUN apk add --no-cache ${RUNTIME_DEPS} && \
update-ca-certificates && \
find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \
find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \
mkdir -p /rpxy/bin &&\
mkdir -p /rpxy/log
COPY --from=builder /tmp/target/${TARGET_DIR}/release/rpxy /rpxy/bin/rpxy
COPY ./docker/run.sh /rpxy
COPY ./docker/entrypoint.sh /rpxy
RUN chmod +x /rpxy/run.sh && \
chmod +x /rpxy/entrypoint.sh
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
ENV SSL_CERT_DIR=/etc/ssl/certs
EXPOSE 80 443
CMD ["/rpxy/entrypoint.sh"]
ENTRYPOINT ["/rpxy/entrypoint.sh"]