knowhow-ui/Dockerfile at master · PublicisSapient/knowhow-ui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Use a base image
FROM psknowhow/nginx:1.22.1-alpine-slim

# Create a non-root user
ARG USER=knowhowuser
ARG UID=1000
ARG GID=1000

RUN apk add openssl --no-cache \
    && apk add curl --no-cache \
    && addgroup -g $GID $USER \
    && adduser -u $UID -G $USER -s /bin/sh -D $USER

# Set environment variable
ENV PID_LOC="/run/nginx" \
    CONF_LOC="/etc/nginx" \
    HTML_LOC="/var/lib/nginx/" \
    UI2_LOC="/var/lib/nginx/ui2" \
    START_SCRIPT_LOC="/etc/init.d" \
    UI2_ASSETS_ARCHIVE="ui2.tar" \
    ERRORPAGE_ASSETS_ARCHIVE="ErrorPage.tar" \
    ASSETS_ARCHIVE="*.tar" \
    CERT_LOC="/etc/ssl/certs" \
    PROTOCOL="http"

# Create necessary directories
RUN mkdir -p ${PID_LOC} ${UI2_LOC}
RUN rm -f ${CONF_LOC}/nginx.conf ${CONF_LOC}/conf.d/default.conf ${HTML_LOC}index.html

# Copy files
COPY nginx/files/nginx_https.conf /tmp/nginx_https.conf
COPY nginx/files/nginx_http.conf /tmp/nginx_http.conf
COPY nginx/files/${ASSETS_ARCHIVE} ${HTML_LOC}
COPY nginx/scripts/start_nginx.sh ${START_SCRIPT_LOC}/start_nginx.sh
COPY nginx/files/certs/* ${CERT_LOC}/

# Extract assets
RUN tar xvf ${HTML_LOC}${UI2_ASSETS_ARCHIVE} -C ${UI2_LOC} && tar xvf ${HTML_LOC}${ERRORPAGE_ASSETS_ARCHIVE} -C ${UI2_LOC} \
    && chmod +x ${START_SCRIPT_LOC}/start_nginx.sh && rm -f ${HTML_LOC}${ASSETS_ARCHIVE}

# granting permission's
RUN chown -R $USER:$USER ${CONF_LOC} \
    && chown -R $USER:$USER ${CERT_LOC} \
    && find /var -path /var/run/secrets -prune -o -exec chown $USER:$USER {} + \
    && find /run -path /run/secrets -prune -o -exec chown -R $USER:$USER {} + \
    && apk add --no-cache libcap \
    && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx

# Expose ports
EXPOSE 80 443

# Switch to the non-root user
USER $USER:$GID

# Entrypoint command
ENTRYPOINT ["/etc/init.d/start_nginx.sh"]