diff options
| author | Jakub Warmuz <jakub@warmuz.org> | 2015-05-05 11:26:23 +0300 |
|---|---|---|
| committer | Jakub Warmuz <jakub@warmuz.org> | 2015-05-05 11:26:23 +0300 |
| commit | 64a00d37bb6653f885b0b68d7c9bce9f0a3e4fef (patch) | |
| tree | 74c737f90b5b366cd9775ec247fa6b564beb80ce /Dockerfile | |
| parent | 3a0db7efa13fad1793bfdfb04a940d0c8d84f610 (diff) | |
Update docker setup.
Changes:
- uses debian:jessie as base image (more lightweight)
- .dockerignore .git/.tox to speed up build process considerably
- more caching-aware Dockerfile
- copy current directory instead of git cloning the repo inside the container
- /etc/letsencrypt and /var/lib/letsencrypt volumes;
no need for "if os.environ.get" hack
bootstrap script for debian had to be adjusted, as lsb_release is not
present in debian:jessie image.
Diffstat (limited to 'Dockerfile')
| -rw-r--r-- | Dockerfile | 61 |
1 files changed, 50 insertions, 11 deletions
diff --git a/Dockerfile b/Dockerfile index b11baa12c..496c3c609 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,55 @@ -FROM ubuntu:trusty +FROM buildpack-deps:jessie +MAINTAINER Jakub Warmuz <jakub@warmuz.org> +# You neccesarily have to bind to 443@host as well! (ACME spec) EXPOSE 443 -RUN apt-get update && apt-get -y install python python-setuptools python-virtualenv python-dev \ - gcc swig dialog libaugeas0 libssl-dev libffi-dev ca-certificates git && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# TODO: make sure --config-dir and --work-dir cannot be changed +# through the CLI (letsencrypt-docker wrapper that uses standalone +# authenticator and text mode only?) +VOLUME /etc/letsencrypt /var/lib/letsencrypt -RUN cd /opt && git clone https://github.com/letsencrypt/lets-encrypt-preview.git -WORKDIR /opt/lets-encrypt-preview -RUN \ - virtualenv --no-site-packages -p python2 venv && \ - ./venv/bin/python setup.py install +WORKDIR /opt/letsencrypt -ENV DOCKER_RUN True -ENTRYPOINT [ "./venv/bin/letsencrypt", "--text" ] +# no need to mkdir anything: +# https://docs.docker.com/reference/builder/#copy +# If <dest> doesn't exist, it is created along with all missing +# directories in its path. + +# The following copies too much than we need... +#COPY . /opt/letsencrypt/ + +COPY bootstrap/debian.sh /opt/letsencrypt/src/ +RUN /opt/letsencrypt/src/debian.sh newer && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* \ + /tmp/* \ + /var/tmp/* + +# the above is not likely to change, so by putting it further up the +# Dockerfile we make sure we cache as much as possible + + +COPY setup.py README.rst CHANGES.rst MANIFEST.in /opt/letsencrypt/src/ + +# all above files are necessary for setup.py, however, package source +# code directory has to be copied separately to a subdirectory... +# https://docs.docker.com/reference/builder/#copy: "If <src> is a +# directory, the entire contents of the directory are copied, +# including filesystem metadata. Note: The directory itself is not +# copied, just its contents." Order again matters, three files are far +# more likely to be cached than the whole project directory + +COPY letsencrypt /opt/letsencrypt/src/letsencrypt/ + + +RUN virtualenv --no-site-packages -p python2 /opt/letsencrypt && \ + /opt/letsencrypt/bin/pip install -e /opt/letsencrypt/src + +# install in editable mode (-e) to save space: it's not possible to +# "rm -rf /opt/letsencrypt/src" (it's stays in the underlaying image); +# this might also help in debugging: you can "docker run --entrypoint +# bash" and investigate, apply patches, etc. + +# TODO: is --text really necessary? +ENTRYPOINT [ "/opt/letsencrypt/bin/letsencrypt", "--text" ] |