WIP: dockerization #16
Conversation
Co-authored-by: ak <[email protected]>
README.md
Outdated
|
|
||
| * run: | ||
|
|
||
| $ docker run -it --rm --name naveed -p8080:8465 |
There was a problem hiding this comment.
this assumes specific port numbers
README.md
Outdated
| * run: | ||
|
|
||
| $ docker run -it --rm --name naveed -p8080:8465 | ||
| -v "$(pwd)/config:/app/config" \ |
There was a problem hiding this comment.
this assumes there's a config directory from which we can retrieve our configuration files (customized naveed.ini and tokens.cfg) - should this perhaps reside within Dockerfile instead?
| naveed | ||
|
|
||
| note that you will need to add the configuration files mentioned above to | ||
| the container and you might also need to adjust the port numbers |
- use multi-stage build: build the binary in a `alpine:golang3.11` image but use `busybox:stable` for the run time image and just pick the build artifacts ... this reduces the image size from 384mb -> 12.4mb - build with CGO_ENABLED=0 to avoid dependency to glibc: this makes it more compatible with different types of linux images - add EXPOSE statement to Dockerfile - add `USER=nobody` statement to avoid running as root within the container - remove `-it` option from README: this is only needed if you want to interactively use the container - use 0.0.0.0 as the default listing host ... otherwise requests from other hosts will not be responded to However: `sendmail` is missing from the container and therefore this will not run correctly. As I don't know whether it usually runs with sendmail I stopped at this point -- happy to support again
kesselborn
force-pushed
the
docker-simplified
branch
from
2d17208 to
3cdd579
Compare
There was a problem hiding this comment.
thanks @kesselborn! I've left a few comments, mostly as reminders for myself, though some are questions for my edification, if you're inclined to enlighten me
| RUN go build -o bin/naveed | ||
| CMD ["/app/bin/naveed"] | ||
|
|
||
| FROM busybox |
There was a problem hiding this comment.
this is a "multistage" Docker image: its as if you have a two docker files in one but you can access the first docker image. I build the binary in t he golang:alpine image (which contains the go compiler, etc.) and copy the result in a new image that is based on busybox, a minimal Linux Distro. This way, the resulting image is much smaller (384mb vs. 12mb)
| FROM busybox | ||
|
|
||
| COPY --from=base /app/bin/naveed /usr/bin/naveed | ||
| COPY --from=base /app/naveed.ini / |
There was a problem hiding this comment.
this works because / is CMD's working directory?
| COPY --from=base /app/bin/naveed /usr/bin/naveed | ||
| COPY --from=base /app/naveed.ini / | ||
|
|
||
| EXPOSE 8465/tcp |
There was a problem hiding this comment.
8465 is just the default, so this assumes people didn't customize this setting in naveed.ini - which should generally be ok, but might result in confusion?
There was a problem hiding this comment.
yeah .. you can remove it as well. For docker images it would be more explicit when the port (and the listening address) could be passed as options or env vars
| @@ -2,7 +2,7 @@ | |||
| # * relative paths originate from the application's working directory | |||
| # * changes require restarting the server | |||
|
|
|||
| host = "localhost" | |||
| host = "0.0.0.0" | |||
There was a problem hiding this comment.
not sure we want this to be the default though?
There was a problem hiding this comment.
mmm ... ok: your choice. For production localhost doesn't make sense unless this runs on a host that contains a reverse proxy
| $ docker run -it --rm --name naveed -p8080:8465 | ||
| -v "$(pwd)/config:/app/config" \ | ||
| $ docker run --rm --name naveed -p8080:8465 | ||
| -v "$(pwd)/config:/" \ |
There was a problem hiding this comment.
that config dir seems bogus; it's not actually being used anywhere and doesn't exist by default either - overall the instructions here are confusing; at the very least, assumptions need to be made explicit
There was a problem hiding this comment.
yup ... this adjustment was just made to keep it consistent with the prior image (as I moved the default config file to /)
.
Thinking about this again: this is actually bullshit: it would overwrite / :D .. if that's even possible -- sorry
No description provided.