libreddit/Dockerfile

####################################################################################################
## Builder
####################################################################################################
FROM rust:latest AS builder

RUN rustup target add x86_64-unknown-linux-musl
RUN apt update && apt install -y musl-tools musl-dev
RUN update-ca-certificates

RUN adduser --home /nonexistent --no-create-home --disabled-password libreddit

WORKDIR /usr/src/libreddit

COPY . .

RUN cargo build --target x86_64-unknown-linux-musl --release

####################################################################################################
## Final image
####################################################################################################
FROM scratch

# Import user information from builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group

# Import ca-certificates from builder
COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates
COPY --from=builder /etc/ssl/certs /etc/ssl/certs

# Copy our build
COPY --from=builder /usr/src/libreddit/target/x86_64-unknown-linux-musl/release/libreddit /usr/local/bin/libreddit

# Use an unprivileged user.
USER libreddit

# Tell Docker to expose port 8080
EXPOSE 8080

# Run a healthcheck every minute to make sure Libreddit is functional
HEALTHCHECK --interval=1m --timeout=3s CMD curl -f http://localhost:8080/settings || exit 1

CMD ["libreddit"]
Switch Docker base image to "scratch" 2021-04-10 00:24:47 +02:00			`####################################################################################################`
			`## Builder`
			`####################################################################################################`
			`FROM rust:latest AS builder`

			`RUN rustup target add x86_64-unknown-linux-musl`
			`RUN apt update && apt install -y musl-tools musl-dev`
			`RUN update-ca-certificates`

			`RUN adduser --home /nonexistent --no-create-home --disabled-password libreddit`

Publish Metadata Files 2020-10-25 21:48:44 +01:00			`WORKDIR /usr/src/libreddit`
Switch Docker base image to "scratch" 2021-04-10 00:24:47 +02:00
Publish Metadata Files 2020-10-25 21:48:44 +01:00			`COPY . .`

Switch Docker base image to "scratch" 2021-04-10 00:24:47 +02:00			`RUN cargo build --target x86_64-unknown-linux-musl --release`

			`####################################################################################################`
			`## Final image`
			`####################################################################################################`
			`FROM scratch`

			`# Import user information from builder.`
			`COPY --from=builder /etc/passwd /etc/passwd`
			`COPY --from=builder /etc/group /etc/group`

			`# Import ca-certificates from builder`
			`COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates`
			`COPY --from=builder /etc/ssl/certs /etc/ssl/certs`

			`# Copy our build`
			`COPY --from=builder /usr/src/libreddit/target/x86_64-unknown-linux-musl/release/libreddit /usr/local/bin/libreddit`

			`# Use an unprivileged user.`
Re-add unprivileged user to Dockerfile 2021-04-01 21:09:08 +02:00			`USER libreddit`
Switch Docker base image to "scratch" 2021-04-10 00:24:47 +02:00
			`# Tell Docker to expose port 8080`
Added multi-staged container build and a user (#134) * Added multi-staged container build and a user This reduces the image size from 2Gb to 92Mb by only put the necessary files into the container. Container now runs without root priviliges. * Add EXPOSE to Dockerfile 2021-02-24 20:17:36 +01:00			`EXPOSE 8080`
Switch Docker base image to "scratch" 2021-04-10 00:24:47 +02:00
			`# Run a healthcheck every minute to make sure Libreddit is functional`
			`HEALTHCHECK --interval=1m --timeout=3s CMD curl -f http://localhost:8080/settings \|\| exit 1`
Re-add unprivileged user to Dockerfile 2021-04-01 21:09:08 +02:00
New alpine-based Dockerfile with healthcheck 2021-03-31 22:05:22 +02:00			`CMD ["libreddit"]`