mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
refactor: Optimize Dockerfile build time
This commit is contained in:
Théophile Diot
parent
acb8271000
commit
6ed8c2bdf8
4 changed files with 41 additions and 33 deletions
|
|
@ -36,16 +36,22 @@ FROM python:3.12.4-alpine@sha256:7f15e22f496c65cffbbac5e30e7e98d60f3e3b9cc5ee5d5
|
|||
# Set default umask to prevent huge recursive chmod increasing the final image size
|
||||
RUN umask 027
|
||||
|
||||
# Install bash and create autoconf user
|
||||
RUN apk add --no-cache bash && \
|
||||
addgroup -g 101 autoconf && \
|
||||
adduser -h /var/cache/autoconf -g autoconf -s /bin/sh -G autoconf -D -H -u 101 autoconf
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
|
||||
RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
|
||||
|
||||
# Copy dependencies
|
||||
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
|
||||
|
||||
WORKDIR /usr/share/bunkerweb
|
||||
|
||||
# Add autoconf user, drop bwcli, install runtime dependencies, create data folders and set permissions
|
||||
RUN apk add --no-cache bash && \
|
||||
addgroup -g 101 autoconf && \
|
||||
adduser -h /var/cache/autoconf -g autoconf -s /bin/sh -G autoconf -D -H -u 101 autoconf && \
|
||||
cp helpers/bwcli /usr/bin/ && \
|
||||
# Drop bwcli, install runtime dependencies, create data folders and set permissions
|
||||
RUN cp helpers/bwcli /usr/bin/ && \
|
||||
echo "Docker" > INTEGRATION && \
|
||||
mkdir -p /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/www && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
|
|
@ -60,10 +66,6 @@ RUN apk add --no-cache bash && \
|
|||
chmod 750 cli/main.py helpers/*.sh /usr/bin/bwcli autoconf/main.py && \
|
||||
chmod 660 INTEGRATION
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
|
||||
RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
|
||||
|
||||
LABEL maintainer="Bunkerity <contact@bunkerity.com>"
|
||||
LABEL version="1.6.0-beta"
|
||||
LABEL url="https://www.bunkerweb.io"
|
||||
|
|
|
|||
|
|
@ -47,14 +47,19 @@ FROM nginx:1.26.1-alpine-slim@sha256:154e108059468bed12d676c3c446e4767db24d6099f
|
|||
# Set default umask to prevent huge recursive chmod increasing the final image size
|
||||
RUN umask 027
|
||||
|
||||
# Install runtime dependencies
|
||||
RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42366
|
||||
|
||||
# Copy dependencies
|
||||
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
|
||||
|
||||
WORKDIR /usr/share/bunkerweb
|
||||
|
||||
# Install runtime dependencies, pypi packages, move bwcli, create data folders and set permissions
|
||||
RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl && \
|
||||
cp helpers/bwcli /usr/bin/ && \
|
||||
# Move bwcli, create data folders and set permissions
|
||||
RUN cp helpers/bwcli /usr/bin/ && \
|
||||
mkdir -p /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/www/html && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
for dir in $(echo "pro configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
|
|
@ -67,9 +72,6 @@ RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl &
|
|||
ln -s /proc/1/fd/2 /var/log/bunkerweb/modsec_audit.log && \
|
||||
ln -s /proc/1/fd/1 /var/log/bunkerweb/access.log
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42366
|
||||
|
||||
LABEL maintainer="Bunkerity <contact@bunkerity.com>"
|
||||
LABEL version="1.6.0-beta"
|
||||
LABEL url="https://www.bunkerweb.io"
|
||||
|
|
|
|||
|
|
@ -40,16 +40,22 @@ FROM python:3.12.4-alpine@sha256:7f15e22f496c65cffbbac5e30e7e98d60f3e3b9cc5ee5d5
|
|||
# Set default umask to prevent huge recursive chmod increasing the final image size
|
||||
RUN umask 027
|
||||
|
||||
# Install runtime dependencies and add scheduler user
|
||||
RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariadb-connector-c mariadb-client postgresql-client sqlite && \
|
||||
addgroup -g 101 scheduler && \
|
||||
adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
|
||||
RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" "openssl>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
|
||||
|
||||
# Copy dependencies
|
||||
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
|
||||
|
||||
WORKDIR /usr/share/bunkerweb
|
||||
|
||||
# Add scheduler user, drop bwcli, install runtime dependencies, create data folders and set permissions
|
||||
RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariadb-connector-c mariadb-client postgresql-client sqlite && \
|
||||
addgroup -g 101 scheduler && \
|
||||
adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler && \
|
||||
cp helpers/bwcli /usr/bin/ && \
|
||||
# Drop bwcli, install runtime dependencies, create data folders and set permissions
|
||||
RUN cp helpers/bwcli /usr/bin/ && \
|
||||
echo "Docker" > INTEGRATION && \
|
||||
mkdir -p /etc/nginx /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/www && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
|
|
@ -69,10 +75,6 @@ RUN rm -rf /var/cache/apk/*
|
|||
COPY --chown=root:scheduler --chmod=770 src/bw/misc/asn.mmdb /var/tmp/bunkerweb/asn.mmdb
|
||||
COPY --chown=root:scheduler --chmod=770 src/bw/misc/country.mmdb /var/tmp/bunkerweb/country.mmdb
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
|
||||
RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" "openssl>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
|
||||
|
||||
LABEL maintainer="Bunkerity <contact@bunkerity.com>"
|
||||
LABEL version="1.6.0-beta"
|
||||
LABEL url="https://www.bunkerweb.io"
|
||||
|
|
|
|||
|
|
@ -55,16 +55,22 @@ FROM python:3.12.4-alpine@sha256:7f15e22f496c65cffbbac5e30e7e98d60f3e3b9cc5ee5d5
|
|||
# Set default umask to prevent huge recursive chmod increasing the final image size
|
||||
RUN umask 027
|
||||
|
||||
# Install runtime dependencies and add ui user
|
||||
RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client postgresql-client sqlite && \
|
||||
addgroup -g 101 ui && \
|
||||
adduser -h /var/cache/nginx -g ui -s /bin/sh -G ui -D -H -u 101 ui
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
|
||||
RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
|
||||
|
||||
# Copy dependencies
|
||||
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
|
||||
|
||||
WORKDIR /usr/share/bunkerweb
|
||||
|
||||
# Add ui user, install runtime dependencies, create data folders and set permissions
|
||||
RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client postgresql-client sqlite && \
|
||||
addgroup -g 101 ui && \
|
||||
adduser -h /var/cache/nginx -g ui -s /bin/sh -G ui -D -H -u 101 ui && \
|
||||
echo "Docker" > INTEGRATION && \
|
||||
# Create data folders and set permissions
|
||||
RUN echo "Docker" > INTEGRATION && \
|
||||
mkdir -p /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/www && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
|
||||
|
|
@ -77,10 +83,6 @@ RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client po
|
|||
ln -s /proc/1/fd/1 /var/log/bunkerweb/ui-access.log && \
|
||||
ln -s /proc/1/fd/2 /var/log/bunkerweb/ui.log
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
|
||||
RUN apk add --no-cache "libcrypto3>=3.1.6-r0" "libssl3>=3.1.6-r0" # CVE-2024-4741 CVE-2024-5535
|
||||
|
||||
LABEL maintainer="Bunkerity <contact@bunkerity.com>"
|
||||
LABEL version="1.5.9"
|
||||
LABEL url="https://www.bunkerweb.io"
|
||||
|
|
|
|||
Loading…
Reference in a new issue