Optimize Docker image layers; comment out runtime user; add sample docker-compose.yml

2019-05-08 21:17:14 +02:00 · 2019-05-08 21:17:14 +02:00 · 17aa46c4d2
parent 58868b75af
commit 17aa46c4d2
3 changed files with 43 additions and 11 deletions
--- a/11
+++ b/11
@ -12,12 +12,13 @@ LABEL maintainer="AdGuard Team <devteam@adguard.com>"

 # Update CA certs
 RUN apk --no-cache --update add ca-certificates libcap && \
-    rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome

-COPY --from=build /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome
+COPY --from=build --chown=nobody: /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome

-RUN chown -R nobody: /opt/adguardhome \
-    && setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome

 EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp

@ -25,7 +26,7 @@ VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]

 WORKDIR /opt/adguardhome/work

-USER nobody
+#USER nobody

 ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
 CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]
--- a/Dockerfile.travis
+++ b/Dockerfile.travis
@ -3,13 +3,13 @@ LABEL maintainer="AdGuard Team <devteam@adguard.com>"

 # Update CA certs
 RUN apk --no-cache --update add ca-certificates libcap && \
-    rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome

+COPY --chown=nobody: ./AdGuardHome /opt/adguardhome/AdGuardHome

-COPY ./AdGuardHome /opt/adguardhome/AdGuardHome
-
-RUN chown -R nobody: /opt/adguardhome \
-    && setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome

 EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp

@ -17,7 +17,7 @@ VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]

 WORKDIR /opt/adguardhome/work

-USER nobody
+#USER nobody

 ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
 CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,31 @@
+%YAML 1.2
+---
+# https://docs.docker.com/compose/compose-file/
+
+version: '2.4'
+
+services:
+
+  adguard-home:
+    image: adguard/adguardhome:armhf-latest
+    init: true
+    ports:
+    - "53:53/tcp"
+    - "53:53/udp"
+    - "67:67/tcp"
+    - "67:67/udp"
+    - "68:68/tcp"
+    - "68:68/udp"
+    - "80:80/tcp"
+    - "443:443/tcp"
+    - "853:853/tcp"
+    - "853:853/udp"
+    - "3000:3000/tcp"
+    volumes:
+    - /opt/adguard-home:/opt/adguardhome/conf
+    - /srv/adguard-home:/opt/adguardhome/work
+    #user: nobody
+    read_only: true
+    restart: always
+
+...