mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
109 lines
4.7 KiB
Text
109 lines
4.7 KiB
Text
FROM debian:bookworm-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc as builder
|
|
|
|
ENV OS=debian
|
|
ENV NGINX_VERSION 1.24.0
|
|
|
|
# Install Nginx and dependencies
|
|
RUN apt update && \
|
|
apt install -y --no-install-recommends gnupg2 ca-certificates wget \
|
|
bash curl libssl-dev git libpcre2-dev zlib1g-dev libyajl2 libyajl-dev yajl-tools pkgconf libcurl4-openssl-dev libgeoip-dev liblmdb-dev apt-utils build-essential autoconf libtool automake g++ gcc libxml2-dev make musl-dev gnupg patch libreadline-dev libpcre3-dev libgd-dev python3 python3-dev python3-pip python3-distutils -y && \
|
|
echo "deb https://nginx.org/packages/debian/ bookworm nginx" > /etc/apt/sources.list.d/nginx.list && \
|
|
echo "deb-src https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && \
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
|
|
apt-get update && \
|
|
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~bookworm
|
|
|
|
WORKDIR /tmp/bunkerweb/deps
|
|
|
|
# Copy dependencies sources folder
|
|
COPY src/deps/misc misc
|
|
COPY src/deps/src src
|
|
COPY src/deps/deps.json deps.json
|
|
COPY --chmod=644 src/deps/install.sh install.sh
|
|
|
|
# Compile and install dependencies
|
|
RUN bash install.sh
|
|
|
|
# Copy dependencies sources folder
|
|
COPY src/deps/requirements.txt /tmp/requirements-deps.txt
|
|
COPY src/scheduler/requirements.txt /tmp/req/requirements-scheduler.txt
|
|
COPY src/ui/requirements.txt /tmp/req/requirements-ui.txt
|
|
COPY src/common/gen/requirements.txt /tmp/req/requirements-gen.txt
|
|
COPY src/common/db/requirements.txt /tmp/req/requirements-db.txt
|
|
|
|
WORKDIR /usr/share/bunkerweb
|
|
|
|
# Compile and install dependencies
|
|
RUN export MAKEFLAGS="-j$(nproc)" && \
|
|
mkdir -p deps/python && \
|
|
pip install --break-system-packages --no-cache-dir --require-hashes --ignore-installed -r /tmp/requirements-deps.txt && \
|
|
pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python $(for file in $(ls /tmp/req/requirements*.txt) ; do echo "-r ${file}" ; done | xargs)
|
|
|
|
# Copy files
|
|
# can't exclude deps from . so we are copying everything by hand
|
|
COPY src/bw/loading loading
|
|
COPY src/bw/lua lua
|
|
COPY src/bw/misc misc
|
|
COPY src/common/api api
|
|
COPY src/common/cli cli
|
|
COPY src/common/confs confs
|
|
COPY src/common/core core
|
|
COPY src/common/db db
|
|
COPY src/common/gen gen
|
|
COPY src/common/helpers helpers
|
|
COPY src/common/settings.json settings.json
|
|
COPY src/common/utils utils
|
|
COPY src/scheduler scheduler
|
|
COPY src/ui ui
|
|
COPY src/VERSION VERSION
|
|
|
|
FROM debian:bookworm-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc
|
|
|
|
# Set default umask to prevent huge recursive chmod increasing the final image size
|
|
RUN umask 027
|
|
|
|
# Copy dependencies
|
|
COPY --from=builder --chown=0:101 /etc/nginx /etc/nginx
|
|
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
|
|
|
|
WORKDIR /usr/share/bunkerweb
|
|
|
|
# Install fpm
|
|
RUN apt-get update && \
|
|
apt-get -y install ruby ruby-dev rubygems build-essential autoconf libtool rpm binutils && \
|
|
gem install -N fpm
|
|
|
|
# Setup BW
|
|
RUN cp helpers/bwcli /usr/bin/ && \
|
|
chmod 755 /usr/bin/bwcli && \
|
|
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
|
echo "Linux" > INTEGRATION && \
|
|
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
|
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
|
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
|
chmod 755 /var/log/bunkerweb && \
|
|
touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
|
|
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
|
|
chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
|
|
find core/*/jobs/* -type f -exec chmod 750 {} \; && \
|
|
chmod 755 .
|
|
|
|
# Cleanup
|
|
RUN apt-get -f -y --auto-remove remove build-essential autoconf libtool && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY --chmod=660 src/bw/misc/asn.mmdb /var/tmp/bunkerweb/asn.mmdb
|
|
COPY --chmod=660 src/bw/misc/country.mmdb /var/tmp/bunkerweb/country.mmdb
|
|
|
|
# Copy Linux files
|
|
COPY --chmod=740 src/linux/scripts scripts
|
|
COPY --chmod=740 src/linux/fpm.sh /usr/share/fpm.sh
|
|
COPY src/linux/fpm-debian /usr/share/.fpm
|
|
COPY --chmod=644 src/linux/*.service /lib/systemd/system/
|
|
COPY --chmod=644 src/linux/bunkerweb.logrotate /etc/logrotate.d/bunkerweb
|
|
|
|
# Generate DEB at startup
|
|
VOLUME /data
|
|
WORKDIR /usr/share/
|
|
ENTRYPOINT [ "./fpm.sh", "deb" ]
|