New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerfile for faster installation #318
Comments
Why don't you sync up with https://github.com/mediasuitenz/docker-overpass-api where your repo seems to originate from and create a common Docker image? Also, I would remove the out-of-repo "areas.osm3s" file and at least enable meta data as well. In addition |
@mmd-osm took most of the data from https://github.com/vespakoen/ontheweb/tree/master/overpass-api, but still had an issue with areas. Why not to push Dockerfile directly into the https://github.com/drolbr/Overpass-API ? BTW tried https://github.com/mediasuitenz/docker-overpass-api before, but had even more issues. So I think most of them are outdated, and if Dockerfile will be inside the core repository, it will be much more easier to support and update. |
@vespakoen, @mediasuitenz: are you maybe interested in joining in to create a best practise Dockerfile? |
Is there are any issues with overpass execution while optimization during compilation was used? |
Yes. we had segmentation faults with -O3 for some versions of gcc during test runs. I think -O2 is still safe to use (didn't have issues with it), Roland removed the optimization altogether in the docs. |
@mmd-osm regarding the |
It would be cool to have some script where you can decide the compression (zlib, lz4, no compression) / map compression / meta settings / area to be created, etc. There are plenty of different options, which would be worthwhile configuring. Also the question, how updates should be handled (automatic for planet, no updates, ...). |
@mmd-osm I just started to work with overpass API, haven't dig too deeply into the settings. But all the current docker images I found on the github somehow broken. Regarding automatic updates, looks like it's very CPU and memory intensitive task. Should be easily switchable, may be document something about switching it on / off using |
Regarding |
Right, that's due to the main instance still running on 0.7.52. This has been changed in this commit, which is part of 0.7.53. It's probably worthwhile using xenial these days, see. https://github.com/mmd-osm/docker-overpass-api/blob/master/Dockerfile - and compile in lz4 support. I also added dedicated users, etc. - running everything as root is not what I consider best practice. |
Mentionned my dockerfile on the mailing list. It is here. It does nearly everything except XAPI and incremental areas. What do you think ? |
@Frankkkkk : some of my previous comments also apply to your Docker file:
|
Hi,
Cheers |
Regarding security:
Source: https://docs.docker.com/engine/security/security/ We advocate to use non-root accounts everywhere in the installation docs. I'd expect exactly the same least privilege principle for a Docker image as well. |
But also: "This means that even if an intruder manages to escalate to root within a container, it will be much harder to do serious damage, or to escalate to the host.". Anyways, I don't want to spend more energy on this. I agree that its prettier to have its own user. If I've got the time, I'll do it. |
Okay, I've updated some of your points (user, O3, last release). It is here. What do you think ? |
Some news ? ;-) |
Any specific reason why there are no Dockerfile, that allows to setup and run overpass API with just few commands?
It took me some time to setup Docker image and run container: https://github.com/dmitry/docker-overpass-api
Even after that I don't feel it's the final solution, that allows to query everything. Would be great if the core source of overpass API will support Dockerfile that allows to setup docker container in a few minutes, because if something went wrong it could take half a day or even days to rebuild everything from scratch.
The text was updated successfully, but these errors were encountered: