bunkerweb/src/linux/Dockerfile-centos

FROM quay.io/centos/centos:stream8@sha256:e4e81a5e6be8f8f7eb511a8df3afcd4e7123e68c56bc03efc40fbd0ab5b2e4fd

ENV OS=centos
ENV NGINX_VERSION 1.24.0

# Install Nginx, fpm and dependencies
RUN dnf update -y && \
    dnf install -y epel-release dnf-plugins-core && \
    dnf config-manager --set-enabled powertools && \
    dnf install -y --setopt=install_weak_deps=False ruby ruby-devel make gcc redhat-rpm-config rpm-build \
    python39-pip brotli brotli-devel wget gperftools-devel perl libxslt-devel libxml2 yajl yajl-devel libxslt bash gd gd-devel gcc-c++ kernel-devel curl znc-modtcl libmpc-devel gmp-devel gawk mpfr-devel libtool pcre-devel automake autoconf readline-devel gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel lmdb-libs \
    yum-utils redhat-lsb-core && \
    dnf module -y reset ruby && dnf module -y enable ruby:2.6 && dnf module -y install ruby:2.6/common && \
    gem install fpm && \
    # TODO: find a way to install nginx-1.24.0 as it's not yet available in centos 8
    dnf install nginx-${NGINX_VERSION} -y

WORKDIR /tmp/bunkerweb/deps

# Copy dependencies sources folder
COPY src/deps/misc misc
COPY src/deps/src src
COPY src/deps/deps.json deps.json
COPY src/deps/install.sh install.sh

# Compile and install dependencies
RUN mkdir -p /usr/share/bunkerweb/deps/python && \
    chmod +x install.sh && \
    bash install.sh

# Copy dependencies sources folder
COPY src/deps/requirements.txt /tmp/requirements-deps.txt
COPY src/scheduler/requirements.txt /tmp/req/requirements.txt
COPY src/ui/requirements.txt /tmp/req/requirements.txt.1
COPY src/common/gen/requirements.txt /tmp/req/requirements.txt.2
COPY src/common/db/requirements.txt /tmp/req/requirements.txt.3

WORKDIR /usr/share/bunkerweb

RUN mkdir -p deps/python && \
    cat /tmp/req/requirements.txt* > deps/requirements.txt && \
    rm -rf /tmp/req

# Compile and install dependencies
RUN export MAKEFLAGS="-j$(nproc)" && \
    pip install --no-cache-dir --ignore-installed --require-hashes -r /tmp/requirements-deps.txt && \
    pip install --no-cache-dir --require-hashes --target deps/python -r deps/requirements.txt

# Copy files
# can't exclude deps from . so we are copying everything by hand
COPY src/bw/loading loading
COPY src/bw/lua lua
COPY src/bw/misc misc
COPY src/common/api api
COPY src/common/cli cli
COPY src/common/confs confs
COPY src/common/core core
COPY src/common/db db
COPY src/common/gen gen
COPY src/common/helpers helpers
COPY src/common/settings.json settings.json
COPY src/common/utils utils
COPY src/scheduler scheduler
COPY src/ui ui
COPY src/VERSION VERSION

# Setup BW
RUN cp helpers/bwcli /usr/bin/ && \
    chmod 755 /usr/bin/bwcli && \
    mkdir -p /etc/bunkerweb/configs && \
    mkdir -p /var/cache/bunkerweb/ && \
    mkdir -p /etc/bunkerweb/plugins && \
    mkdir -p /var/tmp/bunkerweb/ && \
    mkdir -p /var/run/bunkerweb/ && \
    mkdir -p /var/log/bunkerweb/ && \
    mkdir -p /var/www/html && \
    mkdir -p /var/lib/bunkerweb && \
    echo "Linux" > INTEGRATION && \
    mkdir -p /etc/bunkerweb/plugins && \
    for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
    find /usr/share/bunkerweb -path deps -prune -o -type f -exec chmod 0740 {} \; && \
    find /usr/share/bunkerweb -path deps -prune -o -type d -exec chmod 0750 {} \; && \
    chmod -R 770 /var/cache/bunkerweb/ /var/lib/bunkerweb/ /etc/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py deps/python/bin/* helpers/*.sh /var/www/ && \
    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
    chmod 755 /usr/share/bunkerweb

# Copy Linux files
COPY src/linux/scripts scripts
COPY src/linux/fpm.sh /usr/share/fpm.sh
RUN chmod +x scripts/*.sh /usr/share/fpm.sh
COPY src/linux/fpm-centos /usr/share/.fpm
COPY src/linux/*.service /lib/systemd/system/

# Generate RPM at startup
VOLUME /data
WORKDIR /usr/share/
ENTRYPOINT [ "./fpm.sh", "rpm" ]