-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
74 lines (63 loc) · 2.75 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
FROM tklx/base:0.1.0
ARG TINI_VERSION=v0.9.0
RUN set -x \
&& TINI_URL=https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini \
&& TINI_GPGKEY=0527A9B7 \
&& export GNUPGHOME="$(mktemp -d)" \
&& apt-get update && apt-get -y install wget ca-certificates \
&& wget -O /tini ${TINI_URL} \
&& wget -O /tini.asc ${TINI_URL}.asc \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${TINI_GPGKEY} \
&& gpg --verify /tini.asc \
&& chmod +x /tini \
&& rm -r ${GNUPGHOME} /tini.asc \
&& apt-get purge -y --auto-remove wget ca-certificates \
&& apt-clean --aggressive
ARG NEED_USER='mysql'
ARG USER_KEEP="root\|mail\|_apt"
ARG GROUP_KEEP="adm\|tty\|mail\|shadow\|utmp\|staff\|root\|nogroup"
# Tighten security
RUN set -x \
# Set up needed user
&& if [ -n "${NEED_USER}" ]; then \
NEED_SHELL=${NEED_SHELL:-/usr/sbin/nologin}; \
NEED_HOME=${NEED_HOME:-/dev/null}; \
if id $NEED_USER > /dev/null; then \
groupmod -g 999 ${NEED_USER} \
&& usermod -u 999 -g 999 -s ${NEED_SHELL} ${NEED_USER}; \
else \
groupadd -g 999 ${NEED_USER} \
&& useradd -g 999 -u 999 -s ${NEED_SHELL} -md ${NEED_HOME} ${NEED_USER}; \
fi \
# Remove dummy user/group accounts
&& cat /etc/passwd | cut -d':' -f1 | sed "/^${USER_KEEP}\|${NEED_USER}$/d" | xargs -n 1 userdel \
&& cat /etc/group | cut -d':' -f1 | sed "/^${GROUP_KEEP}\|${NEED_USER}$/d" | xargs -n 1 groupdel; \
else \
# Remove dummy user/group accounts
cat /etc/passwd | cut -d':' -f1 | sed "/^${USER_KEEP}$/d" | xargs -n 1 userdel \
&& cat /etc/group | cut -d':' -f1 | sed "/^${GROUP_KEEP}$/d" | xargs -n 1 groupdel; \
fi
# App-specific config
ARG MARIADB_MAJOR=10.0
RUN set -x \
&& echo 'mariadb-server-$MARIADB_MAJOR mysql-server/root_password password unused' | debconf-set-selections \
&& echo 'mariadb-server-$MARIADB_MAJOR mysql-server/root_password_again password unused' | debconf-set-selections \
&& apt-get -y update \
&& apt-get install -y --no-install-recommends mariadb-server-$MARIADB_MAJOR \
&& apt-clean --aggressive \
&& for i in /var/lib/mysql /var/run/mysqld; do \
rm -rf "$i"; \
mkdir -p "$i"; \
chown -R mysql:mysql "$i"; \
done \
&& sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf /etc/mysql/conf.d/* \
&& sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \
&& echo '[mysqld]' >> /etc/mysql/conf.d/mysqld-docker.cnf \
&& echo 'skip-host-cache' >> /etc/mysql/conf.d/mysqld-docker.cnf \
&& echo 'skip-name-resolve' >> /etc/mysql/conf.d/mysqld-docker.cnf
USER mysql
VOLUME /var/lib/mysql
COPY entrypoint /entrypoint
ENTRYPOINT ["/tini", "--", "/entrypoint"]
EXPOSE 3306
CMD ["mysqld"]