44
55FROM python:3.5-alpine
66
7- RUN addgroup -g 1001 app && \
8- adduser -D -u 1001 -G app -s /usr/sbin/nologin app
7+ MAINTAINER mars@mozilla.com
8+ # These are unlikely to change from version to version of the container
9+ EXPOSE 9000
10+ CMD ["/usr/local/bin/uwsgi"]
11+
12+ RUN addgroup -g 10001 app && adduser -D -u 10001 -G app -h /app app
13+
14+ # uWSGI configuration
15+ ENV UWSGI_MODULE=landoapi.wsgi:app \
16+ UWSGI_SOCKET=:9000 \
17+ UWSGI_MASTER=1 \
18+ UWSGI_WORKERS=2 \
19+ UWSGI_THREADS=8 \
20+ # Disable worker memory sharing optimizations. They can cause memory leaks
21+ # and issues with packages like Sentry.
22+ # See https://discuss.newrelic.com/t/newrelic-agent-produces-system-error/43446
23+ UWSGI_LAZY_APPS=1 \
24+ UWSGI_WSGI_ENV_BEHAVIOR=holy \
25+ # Make uWSGI die instead of reload when it gets SIGTERM (fixed in uWSGI 2.1)
26+ UWSGI_DIE_ON_TERM=1 \
27+ # Check that the options we gave uWSGI are sane
28+ UWSGI_STRICT=1 \
29+ # Die if the application threw an exception on startup
30+ UWSGI_NEED_APP=1
931
1032RUN apk --update --no-cache add \
1133 sqlite
@@ -15,13 +37,30 @@ RUN chown app:app /db
1537COPY migrations /migrations
1638
1739COPY requirements.txt /requirements.txt
18- RUN pip install --no-cache -r /requirements.txt
40+
41+
42+ RUN set -ex \
43+ && apk add --no-cache --virtual .build-deps \
44+ gcc \
45+ libc-dev \
46+ musl-dev \
47+ linux-headers \
48+ pcre-dev \
49+ && pip install --no-cache -r /requirements.txt \
50+ && runDeps="$( \
51+ scanelf --needed --nobanner --recursive /usr/local \
52+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
53+ | sort -u \
54+ | xargs -r apk info --installed \
55+ | sort -u \
56+ )" \
57+ && apk add --virtual .python-rundeps $runDeps \
58+ && apk del .build-deps
1959
2060COPY . /app
2161RUN pip install --no-cache /app
2262
23- # run as non priviledged user
63+ # Run as a non-privileged user
2464USER app
2565
26- # TODO allow ops to use this as a wsgi app
2766WORKDIR /app
0 commit comments