bunkerized-nginx/src/linux/Dockerfile-ubuntu
2023-12-04 08:58:34 +01:00

99 lines
4.1 KiB
Plaintext

FROM ubuntu:22.04@sha256:8eab65df33a6de2844c9aefd19efe8ddb87b7df5e9185a4ab73af936225685bb
ENV OS=ubuntu
ENV NGINX_VERSION 1.24.0
# Install Nginx, fpm and dependencies
RUN apt update && \
apt install -y --no-install-recommends curl gnupg2 ca-certificates lsb-release ubuntu-keyring software-properties-common \
ruby ruby-dev \
bash libssl-dev git libpcre++-dev zlib1g-dev libyajl2 libyajl-dev yajl-tools pkgconf libcurl4-openssl-dev libgeoip-dev liblmdb-dev apt-utils build-essential autoconf libtool automake g++ gcc libxml2-dev make musl-dev gnupg patch libreadline-dev libpcre3-dev libgd-dev python3 python3-dev python3-pip -y && \
gem install fpm && \
echo "deb https://nginx.org/packages/ubuntu/ jammy nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "deb-src https://nginx.org/packages/ubuntu/ jammy nginx" >> /etc/apt/sources.list.d/nginx.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
apt-get update && \
apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~jammy
WORKDIR /tmp/bunkerweb/deps
# Copy dependencies sources folder
COPY src/deps/misc misc
COPY src/deps/src src
COPY src/deps/deps.json deps.json
COPY src/deps/install.sh install.sh
# Compile and install dependencies
RUN mkdir -p /usr/share/bunkerweb/deps/python && \
chmod +x install.sh && \
bash install.sh
# Copy dependencies sources folder
COPY src/deps/requirements.txt /tmp/requirements-deps.txt
COPY src/scheduler/requirements.txt /tmp/req/requirements.txt
COPY src/ui/requirements.txt /tmp/req/requirements.txt.1
COPY src/common/gen/requirements.txt /tmp/req/requirements.txt.2
COPY src/common/db/requirements.txt /tmp/req/requirements.txt.3
WORKDIR /usr/share/bunkerweb
RUN mkdir -p deps/python && \
cat /tmp/req/requirements.txt* > deps/requirements.txt && \
rm -rf /tmp/req
# Compile and install dependencies
RUN export MAKEFLAGS="-j$(nproc)" && \
pip install --no-cache-dir --ignore-installed --require-hashes -r /tmp/requirements-deps.txt && \
pip install --no-cache-dir --require-hashes --target deps/python -r deps/requirements.txt
# Copy files
# can't exclude deps from . so we are copying everything by hand
COPY src/bw/loading loading
COPY src/bw/lua lua
COPY src/bw/misc misc
COPY src/common/api api
COPY src/common/cli cli
COPY src/common/confs confs
COPY src/common/core core
COPY src/common/db db
COPY src/common/gen gen
COPY src/common/helpers helpers
COPY src/common/settings.json settings.json
COPY src/common/utils utils
COPY src/scheduler scheduler
COPY src/ui ui
COPY src/VERSION VERSION
# Setup BW
RUN cp helpers/bwcli /usr/bin/ && \
chmod 755 /usr/bin/bwcli && \
mkdir -p /etc/bunkerweb/configs && \
mkdir -p /var/cache/bunkerweb/ && \
mkdir -p /etc/bunkerweb/plugins && \
mkdir -p /var/tmp/bunkerweb/ && \
mkdir -p /var/run/bunkerweb/ && \
mkdir -p /var/log/bunkerweb/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
find /usr/share/bunkerweb -path deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path deps -prune -o -type d -exec chmod 0750 {} \; && \
chmod -R 770 /var/cache/bunkerweb/ /var/lib/bunkerweb/ /etc/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ /var/log/bunkerweb/ && \
chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py deps/python/bin/* helpers/*.sh /var/www/ && \
find core/*/jobs/* -type f -exec chmod 750 {} \; && \
chmod 755 /usr/share/bunkerweb
# Copy Linux files
COPY src/linux/scripts scripts
COPY src/linux/fpm.sh /usr/share/fpm.sh
RUN chmod +x scripts/*.sh /usr/share/fpm.sh
COPY src/linux/fpm-ubuntu /usr/share/.fpm
COPY src/linux/*.service /lib/systemd/system/
# Generate DEB at startup
VOLUME /data
WORKDIR /usr/share/
ENTRYPOINT [ "./fpm.sh", "deb" ]