mirror of
https://github.com/ipfs/kubo.git
synced 2026-02-22 02:47:48 +08:00
e2a3cd3b66
The Dockerfile now has two stages: build and assembly. This allows for a full-fledged debian build container, while still resulting in a super-thin busybox image. License: MIT Signed-off-by: Lars Gierth <larsg@systemli.org>
78 lines
2.2 KiB
Docker
78 lines
2.2 KiB
Docker
FROM golang:1.9-stretch
|
|
MAINTAINER Lars Gierth <lgierth@ipfs.io>
|
|
|
|
# This is a copy of /Dockerfile,
|
|
# except that we optimize for build time, instead of image size.
|
|
#
|
|
# Please keep these two Dockerfiles in sync.
|
|
|
|
ENV GX_IPFS ""
|
|
ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs
|
|
|
|
COPY ./package.json $SRC_DIR/package.json
|
|
|
|
RUN set -x \
|
|
&& go get github.com/whyrusleeping/gx \
|
|
&& go get github.com/whyrusleeping/gx-go \
|
|
# Allows using a custom (i.e. local) IPFS API endpoint.
|
|
&& ([ -z "$GX_IPFS" ] || echo $GX_IPFS > /root/.ipfs/api) \
|
|
# Fetch the dependencies so we don't have to do it everytime.
|
|
&& cd $SRC_DIR \
|
|
&& gx install
|
|
|
|
COPY . $SRC_DIR
|
|
|
|
# Build the thing.
|
|
RUN set -x \
|
|
&& cd $SRC_DIR \
|
|
# Required for getting the HEAD commit hash via git rev-parse.
|
|
&& mkdir .git/objects \
|
|
# Build the thing.
|
|
&& make build \
|
|
&& mv cmd/ipfs/ipfs /usr/local/bin/ipfs \
|
|
&& mv bin/container_daemon /usr/local/bin/start_ipfs
|
|
|
|
ENV SUEXEC_VERSION v0.2
|
|
ENV TINI_VERSION v0.16.1
|
|
RUN set -x \
|
|
# Get su-exec, a very minimal tool for dropping privileges
|
|
&& cd /tmp \
|
|
&& git clone https://github.com/ncopa/su-exec.git \
|
|
&& cd su-exec \
|
|
&& git checkout -q $SUEXEC_VERSION \
|
|
&& make \
|
|
# Get tini, a very minimal init daemon for containers
|
|
&& cd /tmp \
|
|
&& wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini \
|
|
&& chmod +x tini \
|
|
# Install them
|
|
&& mv su-exec/su-exec tini /sbin/
|
|
|
|
# Ports for Swarm TCP, Swarm uTP, API, Gateway, Swarm Websockets
|
|
EXPOSE 4001
|
|
EXPOSE 4002/udp
|
|
EXPOSE 5001
|
|
EXPOSE 8080
|
|
EXPOSE 8081
|
|
|
|
# Create the fs-repo directory and switch to a non-privileged user.
|
|
ENV IPFS_PATH /data/ipfs
|
|
RUN mkdir -p $IPFS_PATH \
|
|
&& useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -g 100 ipfs \
|
|
&& chown 1000:100 $IPFS_PATH
|
|
|
|
# Expose the fs-repo as a volume.
|
|
# start_ipfs initializes an fs-repo if none is mounted.
|
|
VOLUME $IPFS_PATH
|
|
|
|
# The default logging level
|
|
ENV IPFS_LOGGING ""
|
|
|
|
# This just makes sure that:
|
|
# 1. There's an fs-repo, and initializes one if there isn't.
|
|
# 2. The API and Gateway are accessible from outside the container.
|
|
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"]
|
|
|
|
# Execute the daemon subcommand by default
|
|
CMD ["daemon", "--migrate=true"]
|