forked from behance/docker-nginx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile-alpine
43 lines (35 loc) · 1.41 KB
/
Dockerfile-alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
FROM behance/docker-base:1.4-alpine
MAINTAINER Bryan Latten <[email protected]>
# Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed
# Used with alternative CMD (worker.sh), leverages supervisor to maintain long-running processes
ENV CONTAINER_ROLE=web \
CONTAINER_PORT=8080 \
CONF_NGINX_SITE="/etc/nginx/sites-available/default" \
CONF_NGINX_SERVER="/etc/nginx/nginx.conf" \
NOT_ROOT_USER=www-data
# Using a non-privileged port to prevent having to use setcap internally
EXPOSE ${CONTAINER_PORT}
# Create an unprivileged user
RUN adduser -D -S -H $NOT_ROOT_USER
RUN apk update && \
apk add \
sed \
bash \
grep \
nginx \
&& \
rm -rf /var/cache/apk/*
# Overlay the root filesystem from this repo
COPY ./container/root /
# Set nginx to listen on defined port \
RUN sed -i "s/listen [0-9]*;/listen ${CONTAINER_PORT};/" $CONF_NGINX_SITE && \
# Fix permissions to run unprivileged
bash -c "chown www-data:www-data /var/{lib,log}/nginx -Rh" && \
bash -c "chmod 0755 -R /var/{lib,log}/nginx" && \
# Make temp directory for .nginx runtime files \
mkdir /tmp/.nginx
RUN goss -g /tests/nginx/base.goss.yaml validate && \
/aufs_hack.sh
# NOTE: intentionally NOT using s6 init as the entrypoint
# This would prevent container debugging if any of those service crash
CMD ["/bin/bash", "/run.sh"]