Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM golang:1.10-stretch | |
| MAINTAINER Lars Gierth <lgierth@ipfs.io> | |
| # There is a copy of this Dockerfile called Dockerfile.fast, | |
| # which is optimized for build time, instead of image size. | |
| # | |
| # Please keep these two Dockerfiles in sync. | |
| ENV GX_IPFS "" | |
| ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs | |
| COPY . $SRC_DIR | |
| # Build the thing. | |
| # Also: fix getting HEAD commit hash via git rev-parse. | |
| # Also: allow using a custom IPFS API endpoint. | |
| RUN cd $SRC_DIR \ | |
| && mkdir .git/objects \ | |
| && ([ -z "$GX_IPFS" ] || echo $GX_IPFS > /root/.ipfs/api) \ | |
| && make build | |
| # Get su-exec, a very minimal tool for dropping privileges, | |
| # and tini, a very minimal init daemon for containers | |
| ENV SUEXEC_VERSION v0.2 | |
| ENV TINI_VERSION v0.16.1 | |
| RUN set -x \ | |
| && cd /tmp \ | |
| && git clone https://github.com/ncopa/su-exec.git \ | |
| && cd su-exec \ | |
| && git checkout -q $SUEXEC_VERSION \ | |
| && make \ | |
| && cd /tmp \ | |
| && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini \ | |
| && chmod +x tini | |
| # Get the TLS CA certificates, they're not provided by busybox. | |
| RUN apt-get update && apt-get install -y ca-certificates | |
| # Now comes the actual target image, which aims to be as small as possible. | |
| FROM busybox:1-glibc | |
| MAINTAINER Lars Gierth <lgierth@ipfs.io> | |
| # Get the ipfs binary, entrypoint script, and TLS CAs from the build container. | |
| ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs | |
| COPY --from=0 $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs | |
| COPY --from=0 $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs | |
| COPY --from=0 /tmp/su-exec/su-exec /sbin/su-exec | |
| COPY --from=0 /tmp/tini /sbin/tini | |
| COPY --from=0 /etc/ssl/certs /etc/ssl/certs | |
| # This shared lib (part of glibc) doesn't seem to be included with busybox. | |
| COPY --from=0 /lib/x86_64-linux-gnu/libdl-2.24.so /lib/libdl.so.2 | |
| # Ports for Swarm TCP, Swarm uTP, API, Gateway, Swarm Websockets | |
| EXPOSE 4001 | |
| EXPOSE 4002/udp | |
| EXPOSE 5001 | |
| EXPOSE 8080 | |
| EXPOSE 8081 | |
| # Create the fs-repo directory and switch to a non-privileged user. | |
| ENV IPFS_PATH /data/ipfs | |
| RUN mkdir -p $IPFS_PATH \ | |
| && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \ | |
| && chown ipfs:users $IPFS_PATH | |
| # Expose the fs-repo as a volume. | |
| # start_ipfs initializes an fs-repo if none is mounted. | |
| # Important this happens after the USER directive so permission are correct. | |
| VOLUME $IPFS_PATH | |
| # The default logging level | |
| ENV IPFS_LOGGING "" | |
| # This just makes sure that: | |
| # 1. There's an fs-repo, and initializes one if there isn't. | |
| # 2. The API and Gateway are accessible from outside the container. | |
| ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"] | |
| # Execute the daemon subcommand by default | |
| CMD ["daemon", "--migrate=true"] |