From 886dd04b62a300c70b77e4b4519868f5f88addb7 Mon Sep 17 00:00:00 2001 From: Tom Wiesing Date: Fri, 10 Jul 2020 14:26:03 +0200 Subject: [PATCH 1/3] Enable multi-architecture docker image builds Previously, the Dockerfile downloaded 'docker-gen' and 'forego' binaries during build time. This caused a problem as it hard-coded the amd64 architecture for the images. This commit updates both 'Dockerfile' and 'Dockerfile.alpine' to build the `forego` and `docker-gen` executables from scratch instead of downloading binaries directly. This is achieved using multi-stage builds [1]. Two seperate stages first build the binaries, and are then copied over to the final stage. The advantage of this change is two-fold: First, it enables building this image on architectures other than amd64. Secondly it adds trust by not adding external binaries to the docker image. This modified version passes the test both a linux desktop (amd64) as well as a raspberry pi (armv7) with some caveats: - On armv7, a modified version of the `jwilder/docker-gen` image is required. See a seperate PR at [2]. - The 'test_dhparam_is_generated_if_missing' test fails. This also doesn't currently pass on master. [1] https://docs.docker.com/develop/develop-images/multistage-build/ [2] https://github.com/jwilder/docker-gen/pull/327 --- Dockerfile | 63 +++++++++++++++++++++++++++++++++++++++------- Dockerfile.alpine | 64 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 109 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index c528481..c3e9b41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,50 @@ -FROM nginx:1.19.3 +# setup build arguments for version of dependencies to use +ARG NGINX_VERSION=1.19.3 +ARG GO_VERSION=1.14 + +ARG DOCKER_GEN_VERSION=0.7.4 +ARG FOREGO_VERSION=0.16.1 + +# Use a specific version of golang to build both binaries +FROM golang:$GO_VERSION as gobuilder + +# Build docker-gen from scratch +FROM gobuilder as dockergen + +# Download the sources for the given version +ARG DOCKER_GEN_VERSION +ADD https://github.com/jwilder/docker-gen/archive/${DOCKER_GEN_VERSION}.tar.gz sources.tar.gz + +# Move the sources into the right directory +RUN tar -xzf sources.tar.gz && \ + mkdir -p /go/src/github.com/jwilder/ && \ + mv docker-gen-* /go/src/github.com/jwilder/docker-gen + +# Install the dependencies and make the docker-gen executable +WORKDIR /go/src/github.com/jwilder/docker-gen +RUN go get -v ./... && \ + CGO_ENABLED=0 GOOS=linux go build -ldflags "-X main.buildVersion=${DOCKER_GEN_VERSION}" ./cmd/docker-gen + +# Build forego from scratch +# Because this relies on golang workspaces, we need to use go < 1.8. +FROM gobuilder as forego + +# Download the sources for the given version +ARG FOREGO_VERSION +ADD https://github.com/jwilder/forego/archive/v${FOREGO_VERSION}.tar.gz sources.tar.gz + +# Move the sources into the right directory +RUN tar -xzf sources.tar.gz && \ + mkdir -p /go/src/github.com/ddollar/ && \ + mv forego-* /go/src/github.com/ddollar/forego + +# Install the dependencies and make the forego executable +WORKDIR /go/src/github.com/ddollar/forego/ +RUN go get -v ./... && \ + CGO_ENABLED=0 GOOS=linux go build -o forego . + +# Build the final image +FROM nginx:$NGINX_VERSION LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates @@ -14,15 +60,14 @@ RUN apt-get update \ RUN echo "daemon off;" >> /etc/nginx/nginx.conf \ && sed -i 's/worker_processes 1/worker_processes auto/' /etc/nginx/nginx.conf -# Install Forego -ADD https://github.com/jwilder/forego/releases/download/v0.16.1/forego /usr/local/bin/forego -RUN chmod u+x /usr/local/bin/forego +# Install Forego + docker-gen +COPY --from=forego /go/src/github.com/ddollar/forego/forego /usr/local/bin/forego +COPY --from=dockergen /go/src/github.com/jwilder/docker-gen/docker-gen /usr/local/bin/docker-gen -ENV DOCKER_GEN_VERSION 0.7.4 - -RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VERSION/docker-gen-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \ - && tar -C /usr/local/bin -xvzf docker-gen-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \ - && rm /docker-gen-linux-amd64-$DOCKER_GEN_VERSION.tar.gz +# Add DOCKER_GEN_VERSION environment variable +# Because some external projects rely on it +ARG DOCKER_GEN_VERSION +ENV DOCKER_GEN_VERSION=${DOCKER_GEN_VERSION} COPY network_internal.conf /etc/nginx/ diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 4b5545b..af4e9a0 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,51 @@ -FROM nginx:1.19.3-alpine +# setup build arguments for version of dependencies to use +ARG NGINX_VERSION=1.19.3-alpine +ARG GO_VERSION=1.14-alpine + +ARG DOCKER_GEN_VERSION=0.7.4 +ARG FOREGO_VERSION=0.16.1 + +# Use a specific version of golang to build both binaries +FROM golang:$GO_VERSION as gobuilder +RUN apk add --no-cache git + +# Build docker-gen from scratch +FROM gobuilder as dockergen + +# Download the sources for the given version +ARG DOCKER_GEN_VERSION +ADD https://github.com/jwilder/docker-gen/archive/${DOCKER_GEN_VERSION}.tar.gz sources.tar.gz + +# Move the sources into the right directory +RUN tar -xzf sources.tar.gz && \ + mkdir -p /go/src/github.com/jwilder/ && \ + mv docker-gen-* /go/src/github.com/jwilder/docker-gen + +# Install the dependencies and make the docker-gen executable +WORKDIR /go/src/github.com/jwilder/docker-gen +RUN go get -v ./... && \ + CGO_ENABLED=0 GOOS=linux go build -ldflags "-X main.buildVersion=${DOCKER_GEN_VERSION}" ./cmd/docker-gen + +# Build forego from scratch +# Because this relies on golang workspaces, we need to use go < 1.8. +FROM gobuilder as forego + +# Download the sources for the given version +ARG FOREGO_VERSION +ADD https://github.com/jwilder/forego/archive/v${FOREGO_VERSION}.tar.gz sources.tar.gz + +# Move the sources into the right directory +RUN tar -xzf sources.tar.gz && \ + mkdir -p /go/src/github.com/ddollar/ && \ + mv forego-* /go/src/github.com/ddollar/forego + +# Install the dependencies and make the forego executable +WORKDIR /go/src/github.com/ddollar/forego/ +RUN go get -v ./... && \ + CGO_ENABLED=0 GOOS=linux go build -o forego . + +# Build the final image +FROM nginx:$NGINX_VERSION LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates @@ -11,15 +58,14 @@ RUN apk add --no-cache --virtual .run-deps \ RUN echo "daemon off;" >> /etc/nginx/nginx.conf \ && sed -i 's/worker_processes 1/worker_processes auto/' /etc/nginx/nginx.conf -# Install Forego -ADD https://github.com/jwilder/forego/releases/download/v0.16.1/forego /usr/local/bin/forego -RUN chmod u+x /usr/local/bin/forego +# Install Forego + docker-gen +COPY --from=forego /go/src/github.com/ddollar/forego/forego /usr/local/bin/forego +COPY --from=dockergen /go/src/github.com/jwilder/docker-gen/docker-gen /usr/local/bin/docker-gen -ENV DOCKER_GEN_VERSION 0.7.4 - -RUN wget --quiet https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VERSION/docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \ - && tar -C /usr/local/bin -xvzf docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz \ - && rm /docker-gen-alpine-linux-amd64-$DOCKER_GEN_VERSION.tar.gz +# Add DOCKER_GEN_VERSION environment variable +# Because some external projects rely on it +ARG DOCKER_GEN_VERSION +ENV DOCKER_GEN_VERSION=${DOCKER_GEN_VERSION} COPY network_internal.conf /etc/nginx/ From 6b8cd894dab7321853c7b25ce6fafca87f5b3d0b Mon Sep 17 00:00:00 2001 From: Tom Wiesing Date: Thu, 1 Apr 2021 13:54:37 +0200 Subject: [PATCH 2/3] Hardcode go 1.15.10 for use in Docker Images This commit updates both 'Dockerfile' and 'Dockerfile.alpine' to use 'go.15.10' when building the dependencies. This change was implemented after feedback from @buchdag to be able to use dependabot. --- Dockerfile | 3 +-- Dockerfile.alpine | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c3e9b41..bf7d4cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,11 @@ # setup build arguments for version of dependencies to use ARG NGINX_VERSION=1.19.3 -ARG GO_VERSION=1.14 ARG DOCKER_GEN_VERSION=0.7.4 ARG FOREGO_VERSION=0.16.1 # Use a specific version of golang to build both binaries -FROM golang:$GO_VERSION as gobuilder +FROM golang:1.15.10 as gobuilder # Build docker-gen from scratch FROM gobuilder as dockergen diff --git a/Dockerfile.alpine b/Dockerfile.alpine index af4e9a0..feb9651 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,12 +1,11 @@ # setup build arguments for version of dependencies to use ARG NGINX_VERSION=1.19.3-alpine -ARG GO_VERSION=1.14-alpine ARG DOCKER_GEN_VERSION=0.7.4 ARG FOREGO_VERSION=0.16.1 # Use a specific version of golang to build both binaries -FROM golang:$GO_VERSION as gobuilder +FROM golang:1.15.10-alpine as gobuilder RUN apk add --no-cache git # Build docker-gen from scratch From 83ca0511d17b4d4202ab72abfed50dbaddef4fde Mon Sep 17 00:00:00 2001 From: Tom Wiesing Date: Thu, 1 Apr 2021 15:54:26 +0200 Subject: [PATCH 3/3] Hardcode nginx 1.19.3 for use in Docker Images This commit updates both 'Dockerfile' and 'Dockerfile.alpine' to use 'nginx 1.19.3'. This change was implemented after feedback from @buchdag to be able to use dependabot. --- Dockerfile | 4 +--- Dockerfile.alpine | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index bf7d4cb..8dfc682 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,4 @@ # setup build arguments for version of dependencies to use -ARG NGINX_VERSION=1.19.3 - ARG DOCKER_GEN_VERSION=0.7.4 ARG FOREGO_VERSION=0.16.1 @@ -43,7 +41,7 @@ RUN go get -v ./... && \ CGO_ENABLED=0 GOOS=linux go build -o forego . # Build the final image -FROM nginx:$NGINX_VERSION +FROM nginx:1.19.3 LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates diff --git a/Dockerfile.alpine b/Dockerfile.alpine index feb9651..55f3912 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,6 +1,4 @@ # setup build arguments for version of dependencies to use -ARG NGINX_VERSION=1.19.3-alpine - ARG DOCKER_GEN_VERSION=0.7.4 ARG FOREGO_VERSION=0.16.1 @@ -44,7 +42,7 @@ RUN go get -v ./... && \ CGO_ENABLED=0 GOOS=linux go build -o forego . # Build the final image -FROM nginx:$NGINX_VERSION +FROM nginx:1.19.3-alpine LABEL maintainer="Jason Wilder mail@jasonwilder.com" # Install wget and install/updates certificates