diff options
Diffstat (limited to 'docker')
-rw-r--r-- | docker/builder-go.dockerfile | 16 | ||||
-rw-r--r-- | docker/debian-base.dockerfile | 72 | ||||
-rw-r--r-- | docker/docker-compose-dev.yml | 14 | ||||
-rw-r--r-- | docker/dockerfile | 114 | ||||
-rw-r--r-- | docker/etc/nscd.conf | 90 | ||||
-rw-r--r-- | docker/etc/sudoers | 31 |
6 files changed, 337 insertions, 0 deletions
diff --git a/docker/builder-go.dockerfile b/docker/builder-go.dockerfile new file mode 100644 index 0000000..1d25843 --- /dev/null +++ b/docker/builder-go.dockerfile @@ -0,0 +1,16 @@ +############################################ +# Build in Golang +# Run npm run build-healthcheck-armv7 in the host first, another it will be super slow where it is building the armv7 healthcheck +############################################ +FROM golang:1.19-buster +WORKDIR /app +ARG TARGETPLATFORM +COPY ./extra/ ./extra/ + +# Compile healthcheck.go +RUN apt update && \ + apt --yes --no-install-recommends install curl && \ + curl -sL https://deb.nodesource.com/setup_18.x | bash && \ + apt --yes --no-install-recommends install nodejs && \ + node ./extra/build-healthcheck.js $TARGETPLATFORM && \ + apt --yes remove nodejs diff --git a/docker/debian-base.dockerfile b/docker/debian-base.dockerfile new file mode 100644 index 0000000..a171743 --- /dev/null +++ b/docker/debian-base.dockerfile @@ -0,0 +1,72 @@ +# Download Apprise deb package +FROM node:20-bookworm-slim AS download-apprise +WORKDIR /app +COPY ./extra/download-apprise.mjs ./download-apprise.mjs +RUN apt update && \ + apt --yes --no-install-recommends install curl && \ + npm install cheerio semver && \ + node ./download-apprise.mjs + +# Base Image (Slim) +# If the image changed, the second stage image should be changed too +FROM node:20-bookworm-slim AS base2-slim +ARG TARGETPLATFORM + +# Specify --no-install-recommends to skip unused dependencies, make the base much smaller! +# sqlite3 = for debugging +# iputils-ping = for ping +# util-linux = for setpriv (Should be dropped in 2.0.0?) +# dumb-init = avoid zombie processes (#480) +# curl = for debugging +# ca-certificates = keep the cert up-to-date +# sudo = for start service nscd with non-root user +# nscd = for better DNS caching +RUN apt update && \ + apt --yes --no-install-recommends install \ + sqlite3 \ + ca-certificates \ + iputils-ping \ + util-linux \ + dumb-init \ + curl \ + sudo \ + nscd && \ + rm -rf /var/lib/apt/lists/* && \ + apt --yes autoremove + +# apprise = for notifications (Install from the deb package, as the stable one is too old) (workaround for #4867) +# Switching to testing repo is no longer working, as the testing repo is not bookworm anymore. +# python3-paho-mqtt (#4859) +# TODO: no idea how to delete the deb file after installation as it becomes a layer already +COPY --from=download-apprise /app/apprise.deb ./apprise.deb +RUN apt update && \ + apt --yes --no-install-recommends install ./apprise.deb python3-paho-mqtt && \ + rm -rf /var/lib/apt/lists/* && \ + rm -f apprise.deb && \ + apt --yes autoremove + +# Install cloudflared +RUN curl https://pkg.cloudflare.com/cloudflare-main.gpg --output /usr/share/keyrings/cloudflare-main.gpg && \ + echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bullseye main' | tee /etc/apt/sources.list.d/cloudflared.list && \ + apt update && \ + apt install --yes --no-install-recommends -t stable cloudflared && \ + cloudflared version && \ + rm -rf /var/lib/apt/lists/* && \ + apt --yes autoremove + +# For nscd +COPY ./docker/etc/nscd.conf /etc/nscd.conf +COPY ./docker/etc/sudoers /etc/sudoers + + +# Full Base Image +# MariaDB, Chromium and fonts +# Make sure to reuse the slim image here. Uncomment the above line if you want to build it from scratch. +# FROM base2-slim AS base2 +FROM louislam/uptime-kuma:base2-slim AS base2 +ENV UPTIME_KUMA_ENABLE_EMBEDDED_MARIADB=1 +RUN apt update && \ + apt --yes --no-install-recommends install chromium fonts-indic fonts-noto fonts-noto-cjk mariadb-server && \ + rm -rf /var/lib/apt/lists/* && \ + apt --yes autoremove && \ + chown -R node:node /var/lib/mysql diff --git a/docker/docker-compose-dev.yml b/docker/docker-compose-dev.yml new file mode 100644 index 0000000..c66b24b --- /dev/null +++ b/docker/docker-compose-dev.yml @@ -0,0 +1,14 @@ +version: '3.8' + +services: + uptime-kuma: + container_name: uptime-kuma-dev + image: louislam/uptime-kuma:nightly2 + volumes: + #- ./data:/app/data + - ../server:/app/server + - ../db:/app/db + ports: + - "3001:3001" # <Host Port>:<Container Port> + - "3307:3306" + diff --git a/docker/dockerfile b/docker/dockerfile new file mode 100644 index 0000000..d55f94f --- /dev/null +++ b/docker/dockerfile @@ -0,0 +1,114 @@ +ARG BASE_IMAGE=louislam/uptime-kuma:base2 + +############################################ +# Build in Golang +# Run npm run build-healthcheck-armv7 in the host first, otherwise it will be super slow where it is building the armv7 healthcheck +# Check file: builder-go.dockerfile +############################################ +FROM louislam/uptime-kuma:builder-go AS build_healthcheck + +############################################ +# Build in Node.js +############################################ +FROM louislam/uptime-kuma:base2 AS build +USER node +WORKDIR /app + +ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 +COPY --chown=node:node .npmrc .npmrc +COPY --chown=node:node package.json package.json +COPY --chown=node:node package-lock.json package-lock.json +RUN npm ci --omit=dev +COPY . . +COPY --chown=node:node --from=build_healthcheck /app/extra/healthcheck /app/extra/healthcheck +RUN mkdir ./data + +############################################ +# ⭐ Main Image +############################################ +FROM $BASE_IMAGE AS release +WORKDIR /app + +LABEL org.opencontainers.image.source="https://github.com/louislam/uptime-kuma" + +ENV UPTIME_KUMA_IS_CONTAINER=1 + +# Copy app files from build layer +COPY --chown=node:node --from=build /app /app + +EXPOSE 3001 +HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD extra/healthcheck +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["node", "server/server.js"] + +############################################ +# Rootless Image +############################################ +FROM release AS rootless +USER node + +############################################ +# Mark as Nightly +############################################ +FROM release AS nightly +RUN npm run mark-as-nightly + +FROM nightly AS nightly-rootless +USER node + +############################################ +# Build an image for testing pr +############################################ +FROM louislam/uptime-kuma:base2 AS pr-test2 +WORKDIR /app +ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 + +## Install Git +RUN apt update \ + && apt --yes --no-install-recommends install curl \ + && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ + && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ + && apt update \ + && apt --yes --no-install-recommends install git + +## Empty the directory, because we have to clone the Git repo. +RUN rm -rf ./* && chown node /app + +USER node +RUN git config --global user.email "no-reply@no-reply.com" +RUN git config --global user.name "PR Tester" +RUN git clone https://github.com/louislam/uptime-kuma.git . +RUN npm ci + +EXPOSE 3000 3001 +HEALTHCHECK --interval=60s --timeout=30s --start-period=180s --retries=5 CMD extra/healthcheck +CMD ["npm", "run", "start-pr-test"] + +############################################ +# Upload the artifact to Github +############################################ +FROM louislam/uptime-kuma:base2 AS upload-artifact +WORKDIR / +RUN apt update && \ + apt --yes install curl file + +COPY --from=build /app /app + +ARG VERSION +ARG GITHUB_TOKEN +ARG TARGETARCH +ARG PLATFORM=debian +ARG FILE=$PLATFORM-$TARGETARCH-$VERSION.tar.gz +ARG DIST=dist.tar.gz + +RUN chmod +x /app/extra/upload-github-release-asset.sh + +# Full Build +# RUN tar -zcvf $FILE app +# RUN /app/extra/upload-github-release-asset.sh github_api_token=$GITHUB_TOKEN owner=louislam repo=uptime-kuma tag=$VERSION filename=$FILE + +# Dist only +RUN cd /app && tar -zcvf $DIST dist +RUN /app/extra/upload-github-release-asset.sh github_api_token=$GITHUB_TOKEN owner=louislam repo=uptime-kuma tag=$VERSION filename=/app/$DIST + diff --git a/docker/etc/nscd.conf b/docker/etc/nscd.conf new file mode 100644 index 0000000..18b92bf --- /dev/null +++ b/docker/etc/nscd.conf @@ -0,0 +1,90 @@ +# +# /etc/nscd.conf +# +# An example Name Service Cache config file. This file is needed by nscd. +# +# Legal entries are: +# +# logfile <file> +# debug-level <level> +# threads <initial #threads to use> +# max-threads <maximum #threads to use> +# server-user <user to run server as instead of root> +# server-user is ignored if nscd is started with -S parameters +# stat-user <user who is allowed to request statistics> +# reload-count unlimited|<number> +# paranoia <yes|no> +# restart-interval <time in seconds> +# +# enable-cache <service> <yes|no> +# positive-time-to-live <service> <time in seconds> +# negative-time-to-live <service> <time in seconds> +# suggested-size <service> <prime number> +# check-files <service> <yes|no> +# persistent <service> <yes|no> +# shared <service> <yes|no> +# max-db-size <service> <number bytes> +# auto-propagate <service> <yes|no> +# +# Currently supported cache names (services): passwd, group, hosts, services +# + + +# logfile /var/log/nscd.log +# threads 4 +# max-threads 32 +# server-user node +# stat-user somebody + debug-level 0 +# reload-count 5 + paranoia no +# restart-interval 3600 + + enable-cache passwd no + positive-time-to-live passwd 600 + negative-time-to-live passwd 20 + suggested-size passwd 211 + check-files passwd yes + persistent passwd yes + shared passwd yes + max-db-size passwd 33554432 + auto-propagate passwd yes + + enable-cache group no + positive-time-to-live group 3600 + negative-time-to-live group 60 + suggested-size group 211 + check-files group yes + persistent group yes + shared group yes + max-db-size group 33554432 + auto-propagate group yes + + enable-cache hosts yes + positive-time-to-live hosts 3600 + negative-time-to-live hosts 20 + suggested-size hosts 211 + check-files hosts yes + persistent hosts yes +# Set shared to "no" to display stats in `nscd -g` +# Read more: https://stackoverflow.com/questions/40429245/nscdcentos7curl-0-dns-cache-hit-rate + shared hosts no + max-db-size hosts 33554432 + + enable-cache services no + positive-time-to-live services 28800 + negative-time-to-live services 20 + suggested-size services 211 + check-files services yes + persistent services yes + shared services yes + max-db-size services 33554432 + + enable-cache netgroup no + positive-time-to-live netgroup 28800 + negative-time-to-live netgroup 20 + suggested-size netgroup 211 + check-files netgroup yes + persistent netgroup yes + shared netgroup yes + max-db-size netgroup 33554432 diff --git a/docker/etc/sudoers b/docker/etc/sudoers new file mode 100644 index 0000000..07aa4d8 --- /dev/null +++ b/docker/etc/sudoers @@ -0,0 +1,31 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "#include" directives: + +#includedir /etc/sudoers.d + +# Allow `node` to control service (mainly for nscd) +node ALL=(root) NOPASSWD: /usr/sbin/nscdservice +node ALL=(root) NOPASSWD: /usr/sbin/service |