ocserv-dashboard/Dockerfile-Ocserv at master · mmtaee/ocserv-dashboard · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# -----------------------------
# Builder Stage
# -----------------------------
FROM golang:1.25.0 AS builder

ARG OCSERV_VERSION

ENV OCSERV_VERSION="${OCSERV_VERSION}"
ENV CGO_ENABLED=1
ENV GOOS=linux
ENV GOARCH=amd64

RUN mkdir /common

COPY services/common /common

WORKDIR /app

# Copy Go modules first for caching
COPY services/api/go.mod services/api/go.sum ./

RUN go mod download

# Copy source code and build
COPY services/api .

RUN go build -ldflags="-s -w" -o api main.go

# -----------------------------
# Build Webhook Service
# -----------------------------
WORKDIR /webhook

# Copy webhook source
COPY services/webhook/go.mod services/webhook/go.sum ./
RUN go mod download

COPY services/webhook .

RUN go build -ldflags="-s -w" -o webhook main.go

# -----------------------------
# Final Stage
# -----------------------------
FROM debian:trixie-slim

ENV PATH="/usr/local/sbin:$PATH"

COPY scripts/ocserv_setup_docker.sh /setup.sh


# Install dependencies
# Install dependencies, run setup, cleanup
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        sudo \
        ca-certificates \
        procps \
        gnutls-bin \
        iptables \
        openssl \
        less \
        dnsutils \
        jq \
        curl

RUN chmod +x /setup.sh && \
    bash /setup.sh && \
    rm -f /setup.sh && \
    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Set working directory
WORKDIR /app

# Copy API binary and scripts
COPY --from=builder /app/api /usr/local/bin/api
COPY --from=builder /webhook/webhook /usr/local/bin/webhook

COPY scripts/ocserv_entrypoint.sh /entrypoint.sh
COPY scripts/ocserv_server.sh /server.sh

# Make binaries and scripts executable
RUN chmod +x /entrypoint.sh /server.sh /usr/local/bin/api /usr/local/bin/webhook

# Expose ports
EXPOSE 443/tcp 443/udp 8080 8888

# Volumes
VOLUME ["/etc/ocserv", "/usr/local/bin/db"]

# Run entrypoint as root (required for ocserv)
ENTRYPOINT ["/entrypoint.sh"]

# Default CMD
CMD ["/server.sh"]