From 3cdd579c59733eb7ab7d182261ce2a0facce7c38 Mon Sep 17 00:00:00 2001
From: Daniel Bornkessel <daniel.bornkessel@innoq.com>
Date: Thu, 22 Jul 2021 15:18:41 +0200
Subject: [PATCH] Some Docker-refinements

- use multi-stage build: build the binary in a `alpine:golang3.11` image
  but use `busybox:stable` for the run time image and just pick the
  build artifacts ... this reduces the image size from 384mb -> 12.4mb
- build with CGO_ENABLED=0 to avoid dependency to glibc: this makes it
  more compatible with different types of linux images
- add EXPOSE statement to Dockerfile
- add `USER=nobody` statement to avoid running as root within the
  container
- remove `-it` option from README: this is only needed if you want to
  interactively use the container
- use 0.0.0.0 as the default listing host ... otherwise requests from
  other hosts will not be responded to

However: `sendmail` is missing from the container and therefore this
will not run correctly. As I don't know whether it usually runs with
sendmail I stopped at this point -- happy to support again
---
 Dockerfile | 13 +++++++++++--
 README.md  |  4 ++--
 naveed.ini |  2 +-
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b73b662..9fe2162 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,16 @@
-FROM golang:alpine3.11
+FROM golang:alpine3.11 as base
 
 WORKDIR /app
 COPY . /app
 
+ENV CGO_ENABLED=0
 RUN go build -o bin/naveed
-CMD ["/app/bin/naveed"]
+
+FROM busybox
+
+COPY --from=base /app/bin/naveed /usr/bin/naveed
+COPY --from=base /app/naveed.ini /
+
+EXPOSE 8465/tcp
+USER nobody
+CMD ["/usr/bin/naveed"]
diff --git a/README.md b/README.md
index 4b7971c..ee9032f 100644
--- a/README.md
+++ b/README.md
@@ -65,8 +65,8 @@ NB:
 
 * run:
 
-        $ docker run -it --rm --name naveed -p8080:8465
-                -v "$(pwd)/config:/app/config" \
+        $ docker run --rm --name naveed -p8080:8465
+                -v "$(pwd)/config:/" \
                 -e NAVEED_USERS_URL=… \
                 -e NAVEED_USERS_USERNAME=… \
                 -e NAVEED_USERS_PASSWORD=… \
diff --git a/naveed.ini b/naveed.ini
index 14b04bd..4ac4fdd 100644
--- a/naveed.ini
+++ b/naveed.ini
@@ -2,7 +2,7 @@
 # * relative paths originate from the application's working directory
 # * changes require restarting the server
 
-host = "localhost"
+host = "0.0.0.0"
 port = 8465
 path-prefix = "/naveed"
 external-root = "https://example.org/naveed/"