jumpserver/Dockerfile

148 lines
5.2 KiB
Docker
Raw Normal View History

FROM debian:bullseye-slim as stage-1
2023-08-14 02:57:40 +00:00
ARG TARGETARCH
2024-04-02 16:11:41 +00:00
ARG DEPENDENCIES=" \
ca-certificates \
wget"
2024-05-06 02:38:02 +00:00
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
2024-05-06 02:38:02 +00:00
set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
2024-04-02 16:11:41 +00:00
&& apt-get update \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
2024-05-06 02:38:02 +00:00
&& echo "no" | dpkg-reconfigure dash
2024-04-02 16:11:41 +00:00
WORKDIR /opt
ARG CHECK_VERSION=v1.0.2
RUN set -ex \
&& wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& mv check /usr/local/bin/ \
&& chown root:root /usr/local/bin/check \
&& chmod 755 /usr/local/bin/check \
&& rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
2024-04-30 03:07:38 +00:00
ARG RECEPTOR_VERSION=v1.4.5
RUN set -ex \
&& wget -O /opt/receptor.tar.gz https://github.com/ansible/receptor/releases/download/${RECEPTOR_VERSION}/receptor_${RECEPTOR_VERSION/v/}_linux_${TARGETARCH}.tar.gz \
&& tar -xf /opt/receptor.tar.gz -C /usr/local/bin/ \
&& chown root:root /usr/local/bin/receptor \
&& chmod 755 /usr/local/bin/receptor \
&& rm -f /opt/receptor.tar.gz
2023-08-14 02:57:40 +00:00
ARG VERSION
WORKDIR /opt/jumpserver
ADD . .
RUN echo > /opt/jumpserver/config.yml \
2024-05-13 10:21:51 +00:00
&& \
if [ -n "${VERSION}" ]; then \
sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \
fi
2023-08-14 02:57:40 +00:00
FROM python:3.11-slim-bullseye as stage-2
2022-11-15 09:24:56 +00:00
ARG TARGETARCH
ARG BUILD_DEPENDENCIES=" \
g++ \
make \
pkg-config"
ARG DEPENDENCIES=" \
default-libmysqlclient-dev \
2024-05-31 02:52:47 +00:00
freetds-dev \
gettext \
2024-05-31 02:52:47 +00:00
libkrb5-dev \
libldap2-dev \
libsasl2-dev"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash
WORKDIR /opt/jumpserver
ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
--mount=type=bind,source=poetry.lock,target=poetry.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
set -ex \
&& python3 -m venv /opt/py3 \
&& pip install poetry -i ${PIP_MIRROR} \
&& poetry config virtualenvs.create false \
2023-11-17 01:49:05 +00:00
&& . /opt/py3/bin/activate \
&& poetry install --only main
2024-05-13 10:21:51 +00:00
COPY --from=stage-1 /opt/jumpserver /opt/jumpserver
RUN set -ex \
&& export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \
&& . /opt/py3/bin/activate \
&& cd apps \
&& python manage.py compilemessages
FROM python:3.11-slim-bullseye
ARG TARGETARCH
2024-04-02 16:11:41 +00:00
ENV LANG=en_US.UTF-8 \
PATH=/opt/py3/bin:$PATH
ARG DEPENDENCIES=" \
2024-04-02 16:11:41 +00:00
libldap2-dev \
libx11-dev"
2022-03-15 05:06:04 +00:00
ARG TOOLS=" \
2022-11-15 09:24:56 +00:00
ca-certificates \
default-libmysqlclient-dev \
openssh-client \
2024-07-01 03:16:25 +00:00
sshpass \
bubblewrap"
2022-11-15 09:24:56 +00:00
2022-11-16 00:58:16 +00:00
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
2024-05-06 02:38:02 +00:00
set -ex \
2022-11-15 09:24:56 +00:00
&& rm -f /etc/apt/apt.conf.d/docker-clean \
2024-05-06 02:38:02 +00:00
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
2022-11-15 09:24:56 +00:00
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${TOOLS} \
2022-03-15 05:06:04 +00:00
&& mkdir -p /root/.ssh/ \
2023-03-28 03:11:15 +00:00
&& echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
&& echo "no" | dpkg-reconfigure dash \
2022-11-22 02:15:55 +00:00
&& sed -i "s@# export @export @g" ~/.bashrc \
2024-04-08 23:05:42 +00:00
&& sed -i "s@# alias @alias @g" ~/.bashrc
2024-05-13 10:21:51 +00:00
COPY --from=stage-2 /opt /opt
2024-04-02 16:11:41 +00:00
COPY --from=stage-1 /usr/local/bin /usr/local/bin
2024-05-13 10:21:51 +00:00
COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/
2018-11-13 07:57:44 +00:00
2023-08-03 06:33:22 +00:00
WORKDIR /opt/jumpserver
2022-03-15 05:06:04 +00:00
ARG VERSION
ENV VERSION=$VERSION
2022-04-22 05:44:39 +00:00
2018-11-13 07:57:44 +00:00
VOLUME /opt/jumpserver/data
ENTRYPOINT ["./entrypoint.sh"]
2018-11-13 07:57:44 +00:00
EXPOSE 8080
STOPSIGNAL SIGQUIT
CMD ["start", "all"]