-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
68 lines (55 loc) · 2.67 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
FROM ibm-semeru-runtimes:open-21.0.4.1_7-jre
LABEL maintainer="[email protected]"
# Prepare environment variables
ENV JAVA_HOME=/opt/java/openjdk \
LB_HOME=/usr/local/liquibase \
LB_VERSION=4.30.0 \
PKG_RELEASE=1~jammy \
TOMCAT_HOME=/usr/local/tomcat \
TOMCAT_MAJOR=10 \
TOMCAT_VERSION=10.1.31 \
TZ=UTC
ENV PATH=$PATH:$LB_HOME:$TOMCAT_HOME/bin
# Init
RUN apt-get -y update \
&& apt-get -y upgrade \
&& apt-get -y install bash curl wget
# Install tomcat
RUN curl -jkSL -o /tmp/apache-tomcat.tar.gz http://archive.apache.org/dist/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz \
&& [ "0e3d423a843e2d9ba4f28a9f0a2f1073d5a1389557dfda041759f8df968bace63cd6948bd76df2727b5133ddb7c33e05dab43cea1d519ca0b6d519461152cce9 /tmp/apache-tomcat.tar.gz" = "$(sha512sum /tmp/apache-tomcat.tar.gz)" ] \
&& gunzip /tmp/apache-tomcat.tar.gz \
&& tar -C /opt -xf /tmp/apache-tomcat.tar \
&& ln -s /opt/apache-tomcat-$TOMCAT_VERSION $TOMCAT_HOME
# Clear root context
RUN rm -rf $TOMCAT_HOME/webapps/*
# This setup was inspired by https://github.com/mobtitude/liquibase/blob/master/Dockerfile
RUN set -x \
&& wget -q -O /tmp/liquibase.tar.gz "https://github.com/liquibase/liquibase/releases/download/v$LB_VERSION/liquibase-$LB_VERSION.tar.gz" \
&& [ "fc7d2a9fa97d91203d639b664715d40953c6c9155a5225a0ddc4c8079b9a3641 /tmp/liquibase.tar.gz" = "$(sha256sum /tmp/liquibase.tar.gz)" ] \
&& mkdir -p "$LB_HOME" \
&& tar -xzf /tmp/liquibase.tar.gz -C "$LB_HOME" \
&& rm -rf "$LB_HOME/sdk" \
# Uninstall packages which are no longer needed and clean apt caches
&& apt-get -y remove wget curl gettext-base \
&& apt-get -y purge --auto-remove \
&& rm -rf /tmp/* /var/cache/apt/*
# Liquibase - changesets
RUN rm -rf $LB_HOME/data
COPY docs/db/changelog $LB_HOME/db/changelog
# Add valve for proxy with SSL termination
RUN sed -i 's/<\/Host>/<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"\/><\/Host>/' $TOMCAT_HOME/conf/server.xml
# Deploy and run applications
COPY deploy/enrollment-server.xml $TOMCAT_HOME/conf/Catalina/localhost/
COPY enrollment-server/target/enrollment-server-*.war $TOMCAT_HOME/webapps/enrollment-server.war
# Add PowerAuth User
RUN groupadd -r powerauth \
&& useradd -r -g powerauth -s /sbin/nologin powerauth \
&& chown -R powerauth:powerauth $TOMCAT_HOME \
&& chown -R powerauth:powerauth /opt/apache-tomcat-$TOMCAT_VERSION
# Docker configuration
EXPOSE 8080
STOPSIGNAL SIGQUIT
USER powerauth
# Define entry point with mandatory commands
COPY deploy/docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]