nlnetlabs-routinator/Dockerfile

# -- stage 1: build static routinator with musl libc for alpine
FROM alpine:3.13.3 as build

RUN apk add rust cargo

WORKDIR /tmp/routinator
COPY . .

RUN cargo build \
    --target x86_64-alpine-linux-musl \
    --release \
    --locked

# -- stage 2: create alpine-based container with the static routinator
#             executable
FROM alpine:3.11.6
COPY --from=build /tmp/routinator/target/x86_64-alpine-linux-musl/release/routinator /usr/local/bin/

# Build variables for uid and guid of user to run container
ARG RUN_USER=routinator
ARG RUN_USER_UID=1012
ARG RUN_USER_GID=1012

# Install rsync as routinator depends on it
RUN apk add --no-cache rsync libgcc

# Use Tini to ensure that Routinator responds to CTRL-C when run in the
# foreground without the Docker argument "--init" (which is actually another
# way of activating Tini, but cannot be enabled from inside the Docker image).
RUN apk add --no-cache tini
# Tini is now available at /sbin/tini

RUN addgroup -g ${RUN_USER_GID} ${RUN_USER} && \
    adduser -D -u ${RUN_USER_UID} -G ${RUN_USER} ${RUN_USER}

# Create the repository and TAL directories
RUN mkdir -p /home/${RUN_USER}/.rpki-cache/repository /home/${RUN_USER}/.rpki-cache/tals && \
    chown -R ${RUN_USER_UID}:${RUN_USER_GID} /usr/local/bin/routinator /home/${RUN_USER}/.rpki-cache

# Due to ARIN TAL distribution terms, we can't do this here.
# An individual user, however, might want to anyway - after reviewing
# https://www.arin.net/resources/rpki/tal.html.
#
#COPY --from=build /tmp/routinator/tals/*.tal /home/${RUN_USER}/.rpki-cache/tals/

USER $RUN_USER_UID

EXPOSE 3323/tcp
EXPOSE 9556/tcp

ENTRYPOINT ["/sbin/tini", "--", "routinator"]
CMD ["server", "--rtr", "0.0.0.0:3323", "--http", "0.0.0.0:9556"]
Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00			`# -- stage 1: build static routinator with musl libc for alpine`
Bump Docker build image to Alpine 3.13.3. 2021-03-30 16:21:26 +02:00			`FROM alpine:3.13.3 as build`
Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00
Re-work the PR to offer a default Dockerfile using rustls and a separate Dockerfile using default-tls. 2020-01-27 14:37:10 +01:00			`RUN apk add rust cargo`
Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00
			`WORKDIR /tmp/routinator`
			`COPY . .`

Proposal: Rust TLS feature -> Docker hub tag variant. 2020-01-17 15:30:25 +01:00			`RUN cargo build \`
			`--target x86_64-alpine-linux-musl \`
			`--release \`
Re-work the PR to offer a default Dockerfile using rustls and a separate Dockerfile using default-tls. 2020-01-27 14:37:10 +01:00			`--locked`
Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00
Adjust Dockerfile and instructions for new ARIN TAL regime. 2019-05-29 16:48:49 +02:00			`# -- stage 2: create alpine-based container with the static routinator`
			`# executable`
bump alpine to 3.11.6 2020-05-17 22:40:16 +02:00			`FROM alpine:3.11.6`
use alpine as base and build dynamic routinator in docker 2019-08-17 01:15:53 +02:00			`COPY --from=build /tmp/routinator/target/x86_64-alpine-linux-musl/release/routinator /usr/local/bin/`
Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00
Run container as non root user 2019-08-28 11:09:10 +10:00			`# Build variables for uid and guid of user to run container`
			`ARG RUN_USER=routinator`
			`ARG RUN_USER_UID=1012`
			`ARG RUN_USER_GID=1012`

Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00			`# Install rsync as routinator depends on it`
Disable apk caching to reduce image size Avoid storing ~1.4M of /var/cache/apk/ files in the image which are not needed. Pkg installation still works without them. 2019-12-20 13:50:30 +01:00			`RUN apk add --no-cache rsync libgcc`
Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00
FIX: ERROR: Unable to lock database: Permission denied. 2020-04-20 20:06:36 +02:00			`# Use Tini to ensure that Routinator responds to CTRL-C when run in the`
			`# foreground without the Docker argument "--init" (which is actually another`
			`# way of activating Tini, but cannot be enabled from inside the Docker image).`
			`RUN apk add --no-cache tini`
			`# Tini is now available at /sbin/tini`

Run container as non root user 2019-08-28 11:09:10 +10:00			`RUN addgroup -g ${RUN_USER_GID} ${RUN_USER} && \`
			`adduser -D -u ${RUN_USER_UID} -G ${RUN_USER} ${RUN_USER}`

Adjust Dockerfile and instructions for new ARIN TAL regime. 2019-05-29 16:48:49 +02:00			`# Create the repository and TAL directories`
Run container as non root user 2019-08-28 11:09:10 +10:00			`RUN mkdir -p /home/${RUN_USER}/.rpki-cache/repository /home/${RUN_USER}/.rpki-cache/tals && \`
improve dockerfile and related documentation 2019-09-02 21:44:24 +02:00			`chown -R ${RUN_USER_UID}:${RUN_USER_GID} /usr/local/bin/routinator /home/${RUN_USER}/.rpki-cache`
Update Dockerfile to only expose TALs subdir 2018-11-22 13:26:59 +01:00
Adjust Dockerfile and instructions for new ARIN TAL regime. 2019-05-29 16:48:49 +02:00			`# Due to ARIN TAL distribution terms, we can't do this here.`
			`# An individual user, however, might want to anyway - after reviewing`
			`# https://www.arin.net/resources/rpki/tal.html.`
			`#`
Correct path for the TAL files. 2019-10-31 13:46:43 +01:00			`#COPY --from=build /tmp/routinator/tals/*.tal /home/${RUN_USER}/.rpki-cache/tals/`
Bring TALs in correctly into Dockerfile 2018-11-22 20:31:02 +01:00
Run container as non root user 2019-08-28 11:09:10 +10:00			`USER $RUN_USER_UID`

Introduce docker container for docker hub 2018-11-22 01:03:58 +01:00			`EXPOSE 3323/tcp`
Expose the default Prometheus port 9556 in Docker CMD. 2019-06-03 12:52:34 +02:00			`EXPOSE 9556/tcp`
Run container as non root user 2019-08-28 11:09:10 +10:00
Enable support for CTRL-C from outside the container. (#277) Use Alpine tini to support for CTRL-C from outside the container. Fixes #257. 2020-04-20 16:24:47 +02:00			`ENTRYPOINT ["/sbin/tini", "--", "routinator"]`
Expose the default Prometheus port 9556 in Docker CMD. 2019-06-03 12:52:34 +02:00			`CMD ["server", "--rtr", "0.0.0.0:3323", "--http", "0.0.0.0:9556"]`