diff --git a/Dockerfile b/Dockerfile index 68dec799..28f1dfa3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,45 @@ -FROM alpine:3.22 +## Multistage build: First stage fetches dependencies +FROM alpine:3.22 AS fetcher +# Set working directory +WORKDIR /workdir + +# install and copy ca-certificates, mailcap, and tini-static; download JSON.sh RUN apk update && \ - apk --no-cache add ca-certificates mailcap jq tini + apk --no-cache add ca-certificates mailcap tini-static && \ + wget -O ./JSON.sh https://raw.githubusercontent.com/dominictarr/JSON.sh/0d5e5c77365f63809bf6e77ef44a1f34b0e05840/JSON.sh && \ + cp -r /etc/ssl ./ && \ + cp -r /etc/ca-certificates ./ && \ + cp /etc/ca-certificates.conf ./ && \ + cp /etc/mime.types ./ && \ + cp /sbin/tini-static ./ -# Make user and create necessary directories +## Second stage: Use lightweight BusyBox image for final runtime environment +FROM busybox:1.37.0-musl + +# Define non-root user UID and GID ENV UID=1000 ENV GID=1000 +# Create user group and user RUN addgroup -g $GID user && \ - adduser -D -u $UID -G user user && \ - mkdir -p /config /database /srv && \ - chown -R user:user /config /database /srv + adduser -D -u $UID -G user user -# Copy files and set permissions -COPY filebrowser /bin/filebrowser -COPY docker/common/ / -COPY docker/alpine/ / +# Copy binary, scripts, and configurations into image with proper ownership +COPY --chown=user:user filebrowser /bin/filebrowser +COPY --chown=user:user docker/common/ / +COPY --chown=user:user docker/alpine/ / +COPY --chown=user:user --from=fetcher /workdir/tini-static /bin/tini +COPY --from=fetcher /workdir/JSON.sh /JSON.sh +COPY --from=fetcher /workdir/ca-certificates.conf /etc/ca-certificates.conf +COPY --from=fetcher /workdir/ca-certificates /etc/ca-certificates +COPY --from=fetcher /workdir/mime.types /etc/mime.types +COPY --from=fetcher /workdir/ssl /etc/ssl -RUN chown -R user:user /bin/filebrowser /defaults healthcheck.sh init.sh +# Create data directories, set ownership, and ensure healthcheck script is executable +RUN mkdir -p /config /database /srv && \ + chown -R user:user /config /database /srv \ + && chmod +x /healthcheck.sh # Define healthcheck script HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh diff --git a/docker/alpine/healthcheck.sh b/docker/alpine/healthcheck.sh new file mode 100644 index 00000000..b1265571 --- /dev/null +++ b/docker/alpine/healthcheck.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +PORT=${FB_PORT:-$(cat /config/settings.json | sh /JSON.sh | grep '\["port"\]' | awk '{print $2}')} +ADDRESS=${FB_ADDRESS:-$(cat /config/settings.json | sh /JSON.sh | grep '\["address"\]' | awk '{print $2}' | sed 's/"//g')} +ADDRESS=${ADDRESS:-localhost} + +wget -q --spider http://$ADDRESS:$PORT/health || exit 1 \ No newline at end of file