forked from cfpb/consumerfinance.gov
/
Dockerfile
109 lines (86 loc) · 3.94 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
FROM centos:7 AS cfgov-dev
# Specify SCL-based Python version
# Currently used option: rh-python36
# See: https://www.softwarecollections.org/en/scls/user/rhscl/?search=python
ARG scl_python_version
ENV SCL_PYTHON_VERSION ${scl_python_version}
# Stops Python default buffering to stdout, improving logging to the console.
ENV PYTHONUNBUFFERED 1
ENV APP_HOME /src/cfgov-refresh
RUN mkdir -p ${APP_HOME}
WORKDIR ${APP_HOME}
SHELL ["/bin/bash", "--login", "-o", "pipefail", "-c"]
# Install common OS packages
RUN yum -y install \
centos-release-scl \
epel-release && \
rpm -i https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm && \
curl -sL https://rpm.nodesource.com/setup_10.x | bash - && \
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo && \
yum -y update && \
yum -y install \
gcc \
mailcap \
postgresql10 \
which \
${SCL_PYTHON_VERSION} && \
yum clean all && rm -rf /var/cache/yum && \
echo "source scl_source enable ${SCL_PYTHON_VERSION}" > /etc/profile.d/enable_scl_python.sh && \
source /etc/profile && \
pip install --no-cache-dir --upgrade pip setuptools
# Disables pip cache. Reduces build time, and suppresses warnings when run as non-root.
# NOTE: MUST be after pip upgrade. Build fails otherwise due to bug in old pip.
ENV PIP_NO_CACHE_DIR true
# Install python requirements
COPY requirements requirements
RUN pip install -r requirements/local.txt -r requirements/deployment.txt
EXPOSE 8000
ENTRYPOINT ["./docker-entrypoint.sh"]
CMD ["python", "./cfgov/manage.py", "runserver", "0.0.0.0:8000"]
# Production-like Apache-based image
FROM cfgov-dev as cfgov-prod
ENV SCL_HTTPD_VERSION httpd24
ENV SCL_HTTPD_ROOT /opt/rh/${SCL_HTTPD_VERSION}/root
# Apache HTTPD settings
ENV APACHE_SERVER_ROOT ${APP_HOME}/cfgov/apache
ENV APACHE_PROCESS_COUNT 4
ENV ACCESS_LOG /dev/stdout
ENV ERROR_LOG /dev/stderr
ENV STATIC_PATH ${APP_HOME}/cfgov/static/
# mod_wsgi settings
ENV CFGOV_PATH ${APP_HOME}
ENV CFGOV_CURRENT ${APP_HOME}
ENV PYTHONPATH ${APP_HOME}/cfgov
# Django Settings
ENV DJANGO_SETTINGS_MODULE cfgov.settings.production
ENV DJANGO_STATIC_ROOT ${STATIC_PATH}
ENV ALLOWED_HOSTS '["*"]'
# Install and enable SCL-based Apache server and mod_wsgi,
# and converts all Docker Secrets into environment variables.
RUN yum -y install ${SCL_HTTPD_VERSION} ${SCL_PYTHON_VERSION}-mod_wsgi && \
yum clean all && rm -rf /var/cache/yum && \
echo "source scl_source enable ${SCL_HTTPD_VERSION}" > /etc/profile.d/enable_scl_httpd.sh && \
echo '[ -d /var/run/secrets ] && cd /var/run/secrets && for s in *; do export $s=$(cat $s); done && cd -' > /etc/profile.d/secrets_env.sh
# See .dockerignore for details on which files are included
COPY --chown=apache:apache . .
RUN yum -y install nodejs yarn && \
yum clean all && rm -rf /var/cache/yum && \
chown -R apache:apache ${APP_HOME} ${SCL_HTTPD_ROOT}/usr/share/httpd ${SCL_HTTPD_ROOT}/var/run
# Remove files flagged by image vulnerability scanner
RUN cd /opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/ && \
rm -f ndg/httpsclient/test/pki/localhost.key sslserver/certs/development.key
USER apache
# Build frontend, cleanup excess file, and setup filesystem
# - cfgov/f/ - Wagtail file uploads
# - /tmp/eregs_cache/ - Django file-based cache
RUN ./frontend.sh production && \
cfgov/manage.py collectstatic && \
yarn cache clean && \
ln -s ${SCL_HTTPD_ROOT}/etc/httpd/modules ${APACHE_SERVER_ROOT}/modules && \
ln -s ${SCL_HTTPD_ROOT}/etc/httpd/run ${APACHE_SERVER_ROOT}/run && \
rm -rf cfgov/apache/www cfgov/unprocessed node_modules && \
mkdir -p cfgov/f /tmp/eregs_cache
# Healthcheck retry set high since database loads take a while
HEALTHCHECK --start-period=15s --interval=30s --retries=30 \
CMD curl -sf -A docker-healthcheck -o /dev/null http://localhost:8000
CMD ["httpd", "-d", "cfgov/apache", "-D", "FOREGROUND"]