forked from bunkerity/bunkerweb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile-fedora
106 lines (87 loc) · 4.4 KB
/
Dockerfile-fedora
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0 as builder
ENV OS=fedora
ENV NGINX_VERSION 1.26.1
# Install Nginx, fpm and dependencies
RUN dnf update -y && \
dnf install -y curl gnupg2 ca-certificates redhat-lsb-core make gcc && \
dnf install -y --setopt=install_weak_deps=False python3 python3-devel python3-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 yajl yajl-devel libxslt bash gd gd-devel gcc-c++ kernel-devel znc-modtcl libmpc-devel gmp-devel gawk mpfr-devel libtool pcre-devel automake autoconf readline-devel gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel lmdb-devel && \
dnf install --enablerepo=updates-testing nginx-${NGINX_VERSION} -y
WORKDIR /tmp/bunkerweb/deps
# Copy dependencies sources folder
COPY src/deps/misc misc
COPY src/deps/src src
COPY src/deps/deps.json deps.json
COPY --chmod=644 src/deps/install.sh install.sh
# Compile and install dependencies
RUN bash install.sh
# Copy dependencies sources folder
COPY src/deps/requirements.txt /tmp/requirements-deps.txt
COPY src/scheduler/requirements.txt /tmp/req/requirements-scheduler.txt
COPY src/ui/requirements.txt /tmp/req/requirements-ui.txt
COPY src/common/gen/requirements.txt /tmp/req/requirements-gen.txt
COPY src/common/db/requirements.txt /tmp/req/requirements-db.txt
WORKDIR /usr/share/bunkerweb
# Compile and install dependencies
RUN export MAKEFLAGS="-j$(nproc)" && \
mkdir -p deps/python && \
pip install --no-cache-dir --require-hashes --ignore-installed -r /tmp/requirements-deps.txt && \
pip install --no-cache-dir --require-hashes --target deps/python $(for file in $(ls /tmp/req/requirements*.txt) ; do echo "-r ${file}" ; done | xargs)
# Copy files
# can't exclude deps from . so we are copying everything by hand
COPY src/bw/loading loading
COPY src/bw/lua lua
COPY src/bw/misc misc
COPY src/common/api api
COPY src/common/cli cli
COPY src/common/confs confs
COPY src/common/core core
COPY src/common/db db
COPY src/common/gen gen
COPY src/common/helpers helpers
COPY src/common/settings.json settings.json
COPY src/common/utils utils
COPY src/common/templates templates
COPY src/scheduler scheduler
COPY src/ui ui
COPY src/VERSION VERSION
FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0
# Set default umask to prevent huge recursive chmod increasing the final image size
RUN umask 027
# Copy dependencies
COPY --from=builder --chown=0:101 /etc/nginx /etc/nginx
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
WORKDIR /usr/share/bunkerweb
# Install fpm
RUN dnf update -y && \
dnf install -y ruby ruby-devel redhat-rpm-config rpm-build gcc make && \
gem install -N fpm
# Setup BW
RUN cp helpers/bwcli /usr/bin/ && \
chmod 755 /usr/bin/bwcli && \
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
echo "Linux" > INTEGRATION && \
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod 755 /var/log/bunkerweb && \
touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
find core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 .
# Cleanup
RUN dnf -y --setopt=install_weak_deps=False autoremove && \
dnf clean all && \
rm -rf /var/cache/dnf
COPY --chmod=660 src/bw/misc/asn.mmdb /var/tmp/bunkerweb/asn.mmdb
COPY --chmod=660 src/bw/misc/country.mmdb /var/tmp/bunkerweb/country.mmdb
# Copy Linux files
COPY --chmod=740 src/linux/scripts scripts
COPY --chmod=740 src/linux/fpm.sh /usr/share/fpm.sh
COPY src/linux/fpm-fedora /usr/share/.fpm
COPY --chmod=644 src/linux/*.service /lib/systemd/system/
COPY --chmod=644 src/linux/bunkerweb.logrotate /etc/logrotate.d/bunkerweb
# Generate RPM at startup
VOLUME /data
WORKDIR /usr/share/
ENTRYPOINT [ "./fpm.sh", "rpm" ]