Add auth documentation

[github/Chocobozzz/PeerTube.git] / support / docker / production / Dockerfile.stretch
diff --git a/support/docker/production/Dockerfile.stretch b/support/docker/production/Dockerfile.stretch

index c616194e629205898f05afe91bdf993569e8bf74..bf2bae510dad1352c33a38d34f3325cf1ad95825 100644 (file)
--- a/support/docker/production/Dockerfile.stretch
+++ b/support/docker/production/Dockerfile.stretch
@@ -1,25 +1,69 @@
  FROM node:8-stretch
  
+RUN set -ex; \
+    if ! command -v gpg > /dev/null; then \
+      apt-get update; \
+      apt-get install -y --no-install-recommends \
+        gnupg \
+        dirmngr \
+      ; \
+      rm -rf /var/lib/apt/lists/*; \
+fi
+
  # Install dependencies
  RUN apt-get update \
- && apt-get -y install ffmpeg \
- && rm /var/lib/apt/lists/* -fR
+    && apt-get -y install ffmpeg \
+    && rm /var/lib/apt/lists/* -fR
  
-RUN git clone -b master https://github.com/Chocobozzz/PeerTube /app
+# Add peertube user
+RUN groupadd -r peertube \
+    && useradd -r -g peertube -m peertube
  
-WORKDIR /app
-RUN yarn install --pure-lockfile && npm run build
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.10
+RUN set -ex; \
+    \
+    fetchDeps='ca-certificates wget'; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends $fetchDeps; \
+    rm -rf /var/lib/apt/lists/*; \
+    \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+    export GNUPGHOME="$(mktemp -d)"; \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+    rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+    chmod +x /usr/local/bin/gosu; \
+    gosu nobody true; \
+    \
+    apt-get purge -y --auto-remove wget
  
-# Configure the application
-RUN groupadd -g 991 peertube \
- && useradd -u 991 -g peertube -d /data -m peertube
+# Download the latest version
+RUN git clone https://github.com/Chocobozzz/PeerTube /app \
+    && chown -R peertube:peertube /app
+
+# Install PeerTube
  USER peertube
+WORKDIR /app
  
+RUN yarn install --pure-lockfile \
+    && npm run build
+
+# Configure PeerTube
  RUN cp /app/config/default.yaml /app/support/docker/production/config/default.yaml
  ENV NODE_ENV production
  ENV NODE_CONFIG_DIR /app/support/docker/production/config
  
+USER root
+RUN mkdir /data && chown peertube:peertube /data
+VOLUME /data
+
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+
  # Run the application
  CMD ["npm", "start"]
-VOLUME ["/data"]
  EXPOSE 9000