added multistage docker builds with docker instructions in readme

README.md

@@ -80,6 +80,10 @@ sudo make install
 
 This enables CPU-specific optimizations (`-march=native`) and link-time optimization (`-flto`) for improved performance.
 
+### Docker
+
+See _extra/docker/README.md_.
+
 #### Building on CentOS 7.x
 
 Make sure, you have autotools 2.71 installed.

extra/docker/Dockerfile

@@ -0,0 +1,44 @@
+ARG ALPINE_VERSION=3
+FROM alpine:${ALPINE_VERSION} AS builder
+
+# Assume context is root of nfdump repository
+COPY . /app
+RUN apk add --no-cache build-base gcc abuild binutils make \
+  libtool bzip2-dev libpcap-dev flex bison libbsd-dev \
+  autoconf automake m4 pkgconfig
+
+WORKDIR /app
+
+RUN ./autogen.sh \
+  && ./configure --enable-native --enable-lto \
+    --enable-maxmind --enable-nfpcapd \
+    --enable-sflow=yes --with-lz4path=/usr \
+    --with-zstdpath=/usr --with-bz2path=/usr \
+  && make CPPFLAGS="-include bsd/stdlib.h" && make install
+
+FROM alpine:${ALPINE_VERSION} AS base
+
+RUN apk add --no-cache bzip2-dev libpcap-dev lz4-libs zstd libbsd
+
+COPY --from=builder /usr/local /usr/local
+
+# Run as non-root
+RUN addgroup -S nfdump -g 1000 \
+  && adduser -h /home/nfdump -S nfdump -G nfdump -u 1000
+
+RUN mkdir -p /data && chown -R nfdump:nfdump /data
+VOLUME /data
+
+USER nfdump
+
+FROM base AS nfcapd
+
+EXPOSE 9995/udp
+
+ENTRYPOINT ["/usr/local/bin/nfcapd"]
+
+CMD ["-w", "/data", "-S", "1", "-y", "-p", "9995"]
+
+FROM base AS nfdump
+
+ENTRYPOINT ["/bin/ash"]

extra/docker/Dockerfile.ubuntu

@@ -1,16 +1,14 @@
 #
-# Example Ubuntu Dockerfile
+# Reference Ubuntu Dockerfile
 #
 
-# Pull base image.
-FROM ubuntu:latest
+ARG UBUNTU_VERSION=24.04
+FROM ubuntu:${UBUNTU_VERSION} AS builder
 
-ARG NFDUMP_VERSION=1.7.3
+# Assume context is root of nfdump repository
+COPY . /app
 
-#Expose netflow port
-EXPOSE 9995/udp
-
-# Install.
+# Install dependencies
 RUN apt-get update && apt-get install -y \
   wget \
   unzip \
@@ -26,30 +24,43 @@ RUN apt-get update && apt-get install -y \
   flex \
   make \
   libpcap-dev \
-  libbz2-dev &&
-  rm -rf /var/lib/apt/lists/*
+  libbz2-dev \
+  && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+RUN ./autogen.sh \
+  && ./configure --enable-nfpcapd --enable-maxmind --enable-sflow \
+  && make && make install \
+  && ldconfig
+
+FROM ubuntu:${UBUNTU_VERSION} AS base
+
+COPY --from=builder /usr/local /usr/local
+RUN apt-get update && apt-get install -y libbz2-dev \
+  && rm -rf /var/lib/apt/lists/*
 
-RUN cd /usr/src &&
-  wget https://github.com/phaag/nfdump/archive/refs/tags/v$NFDUMP_VERSION.tar.gz &&
-  tar xfz v$NFDUMP_VERSION.tar.gz &&
-  cd nfdump-$NFDUMP_VERSION &&
-  ./autogen.sh &&
-  ./configure --enable-nfpcapd --enable-maxmind --enable-sflow &&
-  make &&
-  make install
+# Delete default Ubuntu user
+RUN userdel -r ubuntu || true \
+  && groupdel ubuntu || true
 
-RUN ldconfig
+# Create non-root user
+RUN groupadd --gid 1000 nfdump \
+  && useradd -rm -d /home/nfdump -s /bin/bash -g nfdump -u 1000 nfdump
+
+RUN mkdir -p /data \
+  && chown -R nfdump:nfdump /data
+VOLUME /data
+
+USER nfdump
+
+FROM base AS nfcapd
+
+EXPOSE 9995/udp
 
-# Add files.
-#ADD root/.bashrc /root/.bashrc
-#ADD root/.gitconfig /root/.gitconfig
-#ADD root/.scripts /root/.scripts
+ENTRYPOINT ["/usr/local/bin/nfcapd"]
 
-# Set environment variables.
-#ENV HOME /root
+CMD ["-w", "/data", "-S", "1", "-y", "-p", "9995"]
 
-# Define working directory.
-WORKDIR /usr/src
+FROM base AS nfdump
 
-# Define default command.
-CMD ["bash"]
+ENTRYPOINT ["/bin/bash"]

extra/docker/README.md

@@ -0,0 +1,31 @@
+# NFDump Docker image
+
+> These commands assume the current working directory is the root of the nfdump repository
+
+To build and run the `nfcapd` target (runs `nfcapd` by default):
+
+```bash
+docker build -t nfcapd --target nfcapd -f extra/docker/Dockerfile .
+# Create a docker volume so as not to run into permissions issues with non-root user
+docker volume create flows
+docker run -it --rm --name=nfcapd -p 9995:9995/udp -v flows:/data nfcapd
+```
+
+Desired `nfcapd` arguments can be appended to the `docker run` command above.
+
+To build the `nfdump` target (drops you into an interactive shell by default):
+
+```bash
+docker build -t nfdump --target nfdump -f extra/docker/Dockerfile .
+# Create a docker volume so as not to run into permissions issues with non-root user
+docker volume create flows
+docker run -it --rm --name=nfdump -v flows:/data nfdump
+```
+
+Desired `nfdump` arguments can be appended to the `docker run` command above.
+
+For reference, there is also an Ubuntu Dockerfile at _extra/docker/Dockerfile.ubuntu_ with similar `nfcapd` and `nfdump` targets.
+
+## Attribution
+
+Contributed by [heywoodlh](https://github.com/heywoodlh).