-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathDockerfile
141 lines (118 loc) · 4.51 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# syntax = docker/dockerfile:1.6
###############################################
# Build stage #
###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0-bookworm-slim AS build
# Docker buildx supplies the value for this arg
ARG TARGETPLATFORM
# Determine proper runtime value for .NET
# We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \
fi \
&& echo "RID=$RID" > /tmp/rid.txt
# Add packages
RUN apt-get update && apt-get install -y \
npm jq \
&& rm -rf /var/lib/apt/lists/*
# Copy csproj files as distinct layers
WORKDIR /source
COPY src/AdminConsole/*.csproj ./src/AdminConsole/
COPY src/Api/*.csproj ./src/Api/
COPY src/Service/*.csproj ./src/Service/
COPY src/Common/*.csproj ./src/Common/
COPY Directory.Build.props .
# Restore AdminConsole project dependencies and tools
WORKDIR /source/src/AdminConsole
RUN . /tmp/rid.txt && dotnet restore -r $RID
# Restore Api project dependencies and tools
WORKDIR /source/src/Api
RUN . /tmp/rid.txt && dotnet restore -r $RID
# Copy required project files
WORKDIR /source
COPY src/AdminConsole/. ./src/AdminConsole/
COPY src/Api/. ./src/Api/
COPY src/Service/. ./src/Service/
COPY src/Common/. ./src/Common/
COPY .git/. ./.git/
# Build Admin app
WORKDIR /source/src/AdminConsole
RUN npm install
RUN . /tmp/rid.txt && dotnet publish -c release -o /app/AdminConsole --no-restore --no-self-contained -r $RID
# Build Api app
WORKDIR /source/src/Api
RUN . /tmp/rid.txt && dotnet publish -c release -o /app/Api --no-restore --no-self-contained -r $RID
###############################################
# App stage #
###############################################
FROM mcr.microsoft.com/dotnet/aspnet:9.0-bookworm-slim
ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden"
LABEL com.bitwarden.project="passwordless"
ENV ASPNETCORE_ENVIRONMENT=Production
ENV BWP_ENABLE_ADMIN=true
ENV BWP_ENABLE_API=true
ENV BWP_DB_FILE_API="/etc/bitwarden_passwordless/api.db"
ENV BWP_DB_FILE_ADMIN="/etc/bitwarden_passwordless/admin.db"
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV SelfHosted=true
ENV RP_PORT=5701
# Add packages
RUN apt-get update && apt-get install -y \
curl \
nginx \
openssl \
supervisor \
tzdata \
unzip \
jq \
&& rm -rf /var/lib/apt/lists/*
# Create required directories
RUN mkdir -p /etc/bitwarden_passwordless/data-protection
RUN mkdir -p /etc/bitwarden_passwordless/logs
RUN mkdir -p /etc/supervisor
RUN mkdir -p /etc/supervisor.d
RUN mkdir -p /var/log/bitwarden
RUN mkdir -p /var/log/bitwarden_passwordless
RUN mkdir -p /var/log/nginx/logs
RUN mkdir -p /etc/nginx/http.d
RUN mkdir -p /var/run/nginx
RUN mkdir -p /var/lib/nginx/tmp
RUN touch /var/run/nginx/nginx.pid
RUN mkdir -p /app
# Copy all apps from dotnet-build stage
WORKDIR /app
COPY --from=build /app ./
# Set up supervisord
COPY self-host/supervisord/*.ini /etc/supervisor.d/
COPY self-host/supervisord/supervisord.conf /etc/supervisor/supervisord.conf
RUN rm -f /etc/supervisord.conf
# Set up nginx
COPY self-host/nginx/nginx.conf /etc/nginx
COPY self-host/nginx/proxy.conf /etc/nginx
COPY self-host/nginx/mime.types /etc/nginx
COPY self-host/nginx/security-headers.conf /etc/nginx
COPY self-host/nginx/security-headers-ssl.conf /etc/nginx
COPY self-host/nginx/logrotate.sh /
RUN chmod +x /logrotate.sh
# Copy configuration templates
COPY self-host/hbs/nginx-config.hbs /etc/hbs/
COPY self-host/hbs/config.yaml /etc/hbs/
# Download hbs tool for generating final configurations
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-x64.zip; fi
RUN if [ "$TARGETPLATFORM" = "linux/arm/v7" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-armv7.zip; fi
RUN if [ "$TARGETPLATFORM" = "linux/arm64" ] ; then curl -L --output hbs.zip https://github.com/bitwarden/Handlebars.conf/releases/download/v1.3.0/hbs_linux-arm64.zip; fi
# Extract hbs
RUN unzip hbs.zip -d /usr/local/bin && rm hbs.zip
RUN chmod +x /usr/local/bin/hbs
# Copy entrypoint script and make it executable
COPY self-host/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
VOLUME ["/etc/bitwarden_passwordless"]
WORKDIR /app
EXPOSE 5701
ENTRYPOINT ["/entrypoint.sh"]