From 2a62c8f1881020b81e4829db139eae136e70f275 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Sieroci=C5=84ski?= Date: Sat, 1 Jul 2023 12:30:31 +0200 Subject: [PATCH] feat: Optimize Dockerfile layers --- classicpress/.dockerignore | 1 + classicpress/Dockerfile | 113 ++++++++++++++++--------------------- 2 files changed, 50 insertions(+), 64 deletions(-) create mode 100644 classicpress/.dockerignore diff --git a/classicpress/.dockerignore b/classicpress/.dockerignore new file mode 100644 index 0000000..9414382 --- /dev/null +++ b/classicpress/.dockerignore @@ -0,0 +1 @@ +Dockerfile diff --git a/classicpress/Dockerfile b/classicpress/Dockerfile index f5b7c3a..bdcf448 100644 --- a/classicpress/Dockerfile +++ b/classicpress/Dockerfile @@ -5,6 +5,10 @@ ARG version=1.5.3 ARG corerules_version=3.3.4 ARG www_dir=/var/www/html +ARG WORKDIR_BUILD=/tmp/build +ARG WORKDIR_FILES=${WORKDIR_BUILD}/files +ARG WORKDIR_DOWNLOADS=${WORKDIR_BUILD}/downloads + ENV WWW_DIR=${www_dir} ENV DATA_DIR=/data ENV WP_CONFIG=${DATA_DIR}/wp-config.php @@ -14,6 +18,12 @@ ENV BACKUP_WP_CONTENT="${WWW_DIR}/../wp-content-backup" ENV APACHE_RUN_USER=apache ENV APACHE_RUN_GROUP=www-data +ENV LC_ALL=en_US.UTF-8 +ENV LANG=en_US.UTF-8 +ENV LANGUAGE=en_US.UTF-8 + +COPY ./ ${WORKDIR_FILES}/ + # Install packages RUN apt-get update \ && apt-get install -y \ @@ -24,85 +34,66 @@ RUN apt-get update \ && apt-get update \ && apt-get install -y \ libapache2-mod-security2 libmodsecurity3 \ - zlib1g-dev libpng16-16 libpng-dev libzip4 libzip-dev locales - + zlib1g-dev libpng16-16 libpng-dev libzip4 libzip-dev locales \ # Ensure UTF-8 -RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen \ - && locale-gen - -ENV LC_ALL=en_US.UTF-8 -ENV LANG=en_US.UTF-8 -ENV LANGUAGE=en_US.UTF-8 - -# Change workdir to /tmp -WORKDIR /tmp - + && sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen \ + && locale-gen \ +# Change working directory + && mkdir -p ${WORKDIR_DOWNLOADS} \ + && cd ${WORKDIR_DOWNLOADS} \ # Download ClassicPress -RUN wget -qO classicpress.tar.gz https://github.com/ClassicPress/ClassicPress-release/archive/refs/tags/${version}.tar.gz - + && wget -qO classicpress.tar.gz https://github.com/ClassicPress/ClassicPress-release/archive/refs/tags/${version}.tar.gz \ # Download corerules -RUN wget -qO corerules.tar.gz https://github.com/coreruleset/coreruleset/archive/refs/tags/v${corerules_version}.tar.gz - + && wget -qO corerules.tar.gz https://github.com/coreruleset/coreruleset/archive/refs/tags/v${corerules_version}.tar.gz \ # Clean www_dir -RUN rm -rf ${www_dir}/* - + && rm -rf ${www_dir}/* \ # Unpack ClassicPress to www_dir -RUN tar -xf classicpress.tar.gz -C ${www_dir} --strip-components=1 - + && tar -xf classicpress.tar.gz -C ${www_dir} --strip-components=1 \ # Create /data -RUN mkdir ${DATA_DIR} -WORKDIR ${DATA_DIR} - + && mkdir ${DATA_DIR} \ + && cd ${DATA_DIR} \ # Move wp-content to /data -RUN mv ${www_dir}/wp-content ${WP_CONTENT} \ + && mv ${www_dir}/wp-content ${WP_CONTENT} \ && ln -s ${WP_CONTENT} ${www_dir}/wp-content \ - && cp -r ${WP_CONTENT} ${BACKUP_WP_CONTENT} - + && cp -r ${WP_CONTENT} ${BACKUP_WP_CONTENT} \ # Init wp-config.php -RUN touch ${WP_CONFIG} \ - && ln -s ${WP_CONFIG} ${www_dir}/wp-config.php - + && touch ${WP_CONFIG} \ + && ln -s ${WP_CONFIG} ${www_dir}/wp-config.php \ # Copy wp-config.template.php -COPY wp-config.template.php ${www_dir}/../wp-config.template.php - + && cp ${WORKDIR_FILES}/wp-config.template.php ${www_dir}/../wp-config.template.php \ # Copy php.ini -COPY php.ini "${PHP_INI_DIR}/php.ini" - + && cp ${WORKDIR_FILES}/php.ini "${PHP_INI_DIR}/php.ini" \ # Install missing php extensions -RUN EXTRA_CFLAGS="-I/usr/src/php" docker-php-ext-install \ - exif gd mysqli zip - + && EXTRA_CFLAGS="-I/usr/src/php" docker-php-ext-install \ + exif gd mysqli zip \ # Enable apache mod-rewrite -RUN a2enmod rewrite - + && a2enmod rewrite \ # Enable apache mod-headers -RUN a2enmod headers - + && a2enmod headers \ # Enable mod-security2 -RUN a2enmod security2 -RUN cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf \ - && sed -Ei "s/Sec([A-Z][a-z]+)Engine .+/Sec\1Engine On/g" /etc/modsecurity/modsecurity.conf -COPY security2.conf /etc/apache2/mods-available/security2.conf - + && a2enmod security2 \ + && cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf \ + && sed -Ei "s/Sec([A-Z][a-z]+)Engine .+/Sec\1Engine On/g" /etc/modsecurity/modsecurity.conf \ + && cp ${WORKDIR_FILES}/security2.conf /etc/apache2/mods-available/security2.conf \ # Setup mod-security2 -WORKDIR /usr/share/modsecurity-crs -RUN rm -rf ./* \ - && tar -xf /tmp/corerules.tar.gz -C ./ --strip-components=1 \ + && cd /usr/share/modsecurity-crs \ + && rm -rf ./* \ + && tar -xf ${WORKDIR_DOWNLOADS}/corerules.tar.gz -C ./ --strip-components=1 \ && mv crs-setup.conf.example crs-setup.conf \ - && mv ./rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example ./rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf - + && mv ./rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example ./rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf \ # Copy default site conf -COPY 000-default.conf /etc/apache2/sites-available/000-default.conf - + && cp ${WORKDIR_FILES}/000-default.conf /etc/apache2/sites-available/000-default.conf \ # Copy security conf -COPY security.conf /etc/apache2/conf-available/security.conf - + && cp ${WORKDIR_FILES}/security.conf /etc/apache2/conf-available/security.conf \ # Copy htaccess -COPY htaccess /data/.htaccess -RUN ln -s /data/.htaccess ${www_dir}/.htaccess - + && cp ${WORKDIR_FILES}/htaccess ${DATA_DIR}/.htaccess \ + && ln -s ${DATA_DIR}/.htaccess ${www_dir}/.htaccess \ +# Copy startup script + && cp ${WORKDIR_FILES}/classicpress.sh /opt/classicpress.sh \ +# Create user + && useradd -rMUG daemon,www-data apache \ # Clean -RUN apt-get purge -y --auto-remove \ + && apt-get purge -y --auto-remove \ wget zlib1g-dev \ && apt-get autoclean \ && rm -r /var/lib/apt/lists/* \ @@ -114,12 +105,6 @@ WORKDIR ${www_dir} # Expose port 80 EXPOSE 80 -# Copy startup file -COPY classicpress.sh /opt/classicpress.sh - -# Create user -RUN useradd -rMUG daemon,www-data apache - # It's important to NOT change user with USER. We want to have root permissions # in startup script, so we can dynamcally change UID/GID and ownership.