|
Size: 1615
Comment:
|
← Revision 3 as of 2022-07-23 06:36:11 ⇥
Size: 3803
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 58: | Line 58: |
* Last stage in dockerfile that creates nginx container with selfsigned cert {{{ ######################################################### FROM docker.io/debian:bullseye-slim RUN apt-get update && apt-get install -y nginx openssl jo &&\ rm -rf /var/lib/apt/lists/* &&\ openssl req -x509 -nodes -days 3650 \ -subj "/C=NZ/ST=Auckland/O=SelfSigned/OU=private/CN=net.nz" \ -addext "subjectAltName=DNS:selfsigned.net.nz" \ -newkey rsa:2048 \ -keyout /etc/ssl/private/nginx-selfsigned.key \ -out /etc/ssl/certs/nginx-selfsigned.crt # link nginx logs to stdout create basic nginx config RUN ln -sf /dev/stdout /var/log/nginx/access.log &&\ ln -sf /dev/stderr /var/log/nginx/error.log &&\ printf '#Generated in Dockerfile;\n\ charset utf-8;\n\ server {\n\ listen 80;\n\ server_name _;\n\ return 301 https://$host$request_uri;\n\ root /var/www/html;\n\ }\n\ server {\n\ listen 443 ssl;\n\ server_name _;\n\ root /var/www/html;\n\ index index.html index.htm;\n\ ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;\n\ ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;\n\ # ssl_password_file /usr/nginx/ssl.pass;\n\ }\n' > /etc/nginx/sites-enabled/default # add static website to final container WORKDIR /var/www/html COPY --from=builder /usr/app/build /var/www/html EXPOSE 80 EXPOSE 443 COPY Dockerentrypoint.sh /Dockerentrypoint.sh ENTRYPOINT [ "/Dockerentrypoint.sh" ] CMD [ "nginx", "-g", "daemon off;" ] }}} * Dockerentrypoint.sh that converts env vars into config file {{{ #!/bin/bash # Container startups script. # Allow for runtime configuration through env vars. # https://12factor.net/build-release-run set -e echo "# Start container with $0 PWD=${PWD}" echo "#" echo "# cat .version.txt" cat .version.txt echo "#" prefix="REACT_APP_" echo "# Add env vars ${prefix}* to ''env.js'' at webserver root" echo "export default () => (`jo -p \`env | grep ${prefix} | sed -e 's/[[:blank:]]/{_!!_}/g'\` end=1`)" | sed -e 's/{_!!_}/ /g' | tee env.js echo "#" echo "# Starting docker cmd \$@=$@ ..." exec "$@" }}} |
Example Dockerfile to use as base
- Multistage, state one "FROM base as builder" builds code/libs
- Second stage starts over "FROM base" and copies "--from=builder" files from first container.
example Dockerfile
FROM python:3.7-alpine as base FROM base as builder RUN mkdir /install WORKDIR /install COPY requirements.txt /requirements.txt RUN pip install --install-option="--prefix=/install" -r /requirements.txt FROM base COPY --from=builder /install /usr/local COPY src /app COPY README.md / WORKDIR /app #With entrypoint can pass commandline arguments ENTRYPOINT ["python" , "send-mail.py"]
Dockerfile for serverless aws lambda build
#PES 2020 FROM debian:buster # Install Python3 with pip and devel # Install GCC, Make and MySQL-devel, NodeJS, Nano, findutils, and libyaml for parsing .yml (serverless) via Python # Clean-up after ourselves #RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash - && \ RUN apt-get update &&\ apt-get upgrade -y &&\ apt-get install -y \ apt-utils \ python3-pip python3-dev \ python3-yaml \ make \ nodejs npm \ vim findutils git && \ apt-get clean all && rm -rf /var/cache/apt # Install the serverless framework globally RUN npm install -g serverless # Install/upgrade pip, awscli, mysqlclient for both Python 2.7 and Python 3.6 RUN ls -la /usr/local/bin RUN find / -iname "pip*" RUN pip-3 install --no-cache-dir --upgrade pip awscli mysqlclient pyyaml ENTRYPOINT ["/bin/bash"] # "-c"]Last stage in dockerfile that creates nginx container with selfsigned cert
######################################################### FROM docker.io/debian:bullseye-slim RUN apt-get update && apt-get install -y nginx openssl jo &&\ rm -rf /var/lib/apt/lists/* &&\ openssl req -x509 -nodes -days 3650 \ -subj "/C=NZ/ST=Auckland/O=SelfSigned/OU=private/CN=net.nz" \ -addext "subjectAltName=DNS:selfsigned.net.nz" \ -newkey rsa:2048 \ -keyout /etc/ssl/private/nginx-selfsigned.key \ -out /etc/ssl/certs/nginx-selfsigned.crt # link nginx logs to stdout create basic nginx config RUN ln -sf /dev/stdout /var/log/nginx/access.log &&\ ln -sf /dev/stderr /var/log/nginx/error.log &&\ printf '#Generated in Dockerfile;\n\ charset utf-8;\n\ server {\n\ listen 80;\n\ server_name _;\n\ return 301 https://$host$request_uri;\n\ root /var/www/html;\n\ }\n\ server {\n\ listen 443 ssl;\n\ server_name _;\n\ root /var/www/html;\n\ index index.html index.htm;\n\ ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;\n\ ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;\n\ # ssl_password_file /usr/nginx/ssl.pass;\n\ }\n' > /etc/nginx/sites-enabled/default # add static website to final container WORKDIR /var/www/html COPY --from=builder /usr/app/build /var/www/html EXPOSE 80 EXPOSE 443 COPY Dockerentrypoint.sh /Dockerentrypoint.sh ENTRYPOINT [ "/Dockerentrypoint.sh" ] CMD [ "nginx", "-g", "daemon off;" ]Dockerentrypoint.sh that converts env vars into config file
# Container startups script. # Allow for runtime configuration through env vars. # https://12factor.net/build-release-run set -e echo "# Start container with $0 PWD=${PWD}" echo "#" echo "# cat .version.txt" cat .version.txt echo "#" prefix="REACT_APP_" echo "# Add env vars ${prefix}* to ''env.js'' at webserver root" echo "export default () => (`jo -p \`env | grep ${prefix} | sed -e 's/[[:blank:]]/{_!!_}/g'\` end=1`)" | sed -e 's/{_!!_}/ /g' | tee env.js echo "#" echo "# Starting docker cmd \$@=$@ ..." exec "$@"