Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dev packages in containers and layers number improvemant ! #79

Open
Brettdah opened this issue Oct 29, 2022 · 1 comment
Open

Dev packages in containers and layers number improvemant ! #79

Brettdah opened this issue Oct 29, 2022 · 1 comment

Comments

@Brettdah
Copy link

Hello there,

why do you use, the "-dev" packages in the container it's OK to use it when you are developping the app, so on a dev branch for exemple, but on master you should use the non dev to have containers as little as possible and production ready !

https://devops.stackexchange.com/questions/8017/how-do-dev-apk-packages-differ-on-alpine-for-the-purposes-of-creating-docker-im

a container should have as little number of layers as possible in production environnement I can see ways too impove yours in that way too.

it's OK to divide the RUNs when creating your container, to be able to start building from the last good step, but when you push a stable version you should just have 1 RUN (at least in this file)
and just 1 COPY
usualy I a create the "rootfs" of my containers in a file named data and then I do
so your instructions should look like this :

RUN apt-get update \
  && apt-get -y upgrade --no-install-recommends \
  && apt-get install -y build-essential imagemagick libfreetype6 libicu libjpeg62-turbo libjpeg \
    libmcrypt libonig libpng libpq libssl libxml2 libxrender1 libzip locales openssl unzip zip zlib1g \
    --no-install-recommends \
  && apt-get clean && rm -rf /var/lib/apt/lists/* \
  && for locale in ${SUPPORTED_LOCALES}; do \
    sed -i 's/^# '"${locale}/${locale}/" /etc/locale.gen; done \
  && locale-gen \
  && docker-php-ext-configure gd --with-freetype --with-jpeg \
  && docker-php-ext-install -j$(nproc) gd bcmath intl mbstring pcntl pdo pdo_mysql zip \
  && mkdir -p /var/www/akaunting \
  && curl -Lo /tmp/akaunting.zip 'https://akaunting.com/download.php?version=latest&utm_source=docker&utm_campaign=developers' \
  && unzip /tmp/akaunting.zip -d /var/www/html \
  && rm -f /tmp/akaunting.zip

COPY ./data /

Or something like that... (I may have missed spaces or indent, be warned)

Then are you sure your app need build-essential package ? or are you installing it by habit
As stated here if you don't need to create deb packages you shouldn't need-it !

As for openssl or libssl if you run a container with a web app you should use a revers proxy in front if you want to expose it, so let this proxy use the HTTPS protocole, if you run it on your computer why bother using SSL if you just set it to listen to 127.0.0.1 only you can touch your container, or any one gaining access to your computer... (in that case you are already screwed, ssl or not)
and "\n" after each package is a bit to much for a production docker file ;) I wonder about "&&"

I will look over the alpine dockerfile that is more in my standard deployment ;)
and propose a merge/pull request when tested on my side ;)
@Brettdah
Copy link
Author

On my search for the lib without the "-dev" I search for libmycrypt, and remember that mcrypt is deprecated shouldn't you switch to libsodium ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Brettdah