From 4a50fcf5a6ac580aa29127b32dccf3c371298464 Mon Sep 17 00:00:00 2001 From: Zoey Date: Wed, 3 May 2023 16:25:03 +0200 Subject: [PATCH 1/2] optimze apache dockerfile Signed-off-by: Zoey --- Containers/apache/Dockerfile | 104 ++++++++++++++++------------------- 1 file changed, 47 insertions(+), 57 deletions(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 764dfb45..79c4e0e8 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -3,78 +3,68 @@ FROM caddy:2.6.4-alpine as caddy FROM httpd:2.4.57-alpine3.17 +COPY --from=caddy /usr/bin/caddy /usr/bin/caddy + +COPY --chown=www-data:www-data Caddyfile /Caddyfile +COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf + +COPY --chmod=664 supervisord.conf /supervisord.conf +COPY --chmod=775 start.sh /usr/bin/start.sh +COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh + +VOLUME /mnt/data + RUN set -ex; \ apk add --no-cache shadow; \ groupmod -g 333 xfs; \ usermod -u 333 -g 333 xfs; \ groupmod -g 33 www-data; \ usermod -u 33 -g 33 www-data; \ - apk del --no-cache shadow - -RUN mkdir -p /mnt/data; \ - chown www-data:www-data /mnt/data; - -VOLUME /mnt/data - -RUN set -ex; \ + apk del --no-cache shadow; \ + \ + mkdir -p /mnt/data; \ + chown -R www-data:www-data /mnt/data; \ + \ apk add --no-cache \ bash \ supervisor \ - wget \ tzdata \ ca-certificates \ openssl \ - netcat-openbsd - -COPY --from=caddy /usr/bin/caddy /usr/bin/ -RUN chmod +x /usr/bin/caddy - -RUN sed -i \ - -e '/^Listen /d' \ - -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \ - -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \ - -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \ - -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \ - conf/httpd.conf; \ - echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \ - echo "ServerName localhost" | tee -a conf/httpd.conf - -COPY nextcloud.conf conf - -RUN set -ex; \ - rm -rf conf/original conf/original && \ - rm -rf /var/www/html/* && \ - mkdir /var/www && \ - chown -R www-data:www-data /var/www; - -RUN mkdir /var/log/supervisord; \ + netcat-openbsd; \ + \ + sed -i \ + -e '/^Listen /d' \ + -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \ + -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \ + -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \ + -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \ + /usr/local/apache2/conf/httpd.conf; \ + echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \ + echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \ + \ + rm -rf /usr/local/apache2/conf/original /var/www; \ + mkdir -p /var/www; \ + chown -R www-data:www-data /var/www; \ + \ + mkdir /var/log/supervisord; \ mkdir /var/run/supervisord; \ chown www-data:www-data /var/run/supervisord; \ - chown www-data:www-data /var/log/supervisord; - -COPY Caddyfile / - -COPY start.sh /usr/bin/ -COPY healthcheck.sh /usr/bin/ -COPY supervisord.conf / -RUN chmod +x /usr/bin/start.sh; \ - chmod +x /usr/bin/healthcheck.sh; \ - chmod +r /supervisord.conf; \ - chown www-data:www-data /Caddyfile; \ + chown www-data:www-data /var/log/supervisord; \ + \ chown -R www-data:www-data /usr/local/apache2; \ - chmod +r -R /usr/local/apache2 - -# Give root a random password -RUN echo "root:$(openssl rand -base64 12)" | chpasswd + chmod +r -R /usr/local/apache2; \ + \ + echo "root:$(openssl rand -base64 12)" | chpasswd USER www-data From a0cf31ad1b6da7f654ea4a58f900a9e98bff66ad Mon Sep 17 00:00:00 2001 From: Zoey Date: Fri, 12 May 2023 17:57:02 +0200 Subject: [PATCH 2/2] put scripts into / Signed-off-by: Zoey --- Containers/apache/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 79c4e0e8..7a95ff06 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -9,8 +9,8 @@ COPY --chown=www-data:www-data Caddyfile /Caddyfile COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf COPY --chmod=664 supervisord.conf /supervisord.conf -COPY --chmod=775 start.sh /usr/bin/start.sh -COPY --chmod=775 healthcheck.sh /usr/bin/healthcheck.sh +COPY --chmod=775 start.sh /start.sh +COPY --chmod=775 healthcheck.sh /healthcheck.sh VOLUME /mnt/data @@ -68,8 +68,8 @@ RUN set -ex; \ USER www-data -ENTRYPOINT ["start.sh"] +ENTRYPOINT ["/start.sh"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] -HEALTHCHECK CMD healthcheck.sh +HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.monitor-only="true"