X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=support%2Fdocker%2Fproduction%2FDockerfile.stretch;h=911d064f6c26c04ae6d07a1439fadf9270ad255b;hb=6d8c8ea73a774c3568e6d28a4cbebcf7979d5c2a;hp=b1905b3a8ae84e1df0fb44e3420fe673a70f1530;hpb=c7574e8661d62982516ac21c661964b49adbc850;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/support/docker/production/Dockerfile.stretch b/support/docker/production/Dockerfile.stretch
index b1905b3a8..911d064f6 100644
--- a/support/docker/production/Dockerfile.stretch
+++ b/support/docker/production/Dockerfile.stretch
@@ -1,31 +1,79 @@
 FROM node:8-stretch
 
+RUN set -ex; \
+    if ! command -v gpg > /dev/null; then \
+      apt-get update; \
+      apt-get install -y --no-install-recommends \
+        gnupg \
+        dirmngr \
+      ; \
+      rm -rf /var/lib/apt/lists/*; \
+fi
+
 # Install dependencies
 RUN apt-get update \
     && apt-get -y install ffmpeg \
     && rm /var/lib/apt/lists/* -fR
 
 # Add peertube user
-RUN groupadd -g 991 peertube \
-    && useradd -u 991 -g peertube -m peertube
+RUN groupadd -r peertube \
+    && useradd -r -g peertube -m peertube
 
-# Download the latest version
-RUN git clone https://github.com/Chocobozzz/PeerTube /app \
-    && chown -R peertube:peertube /app
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.10
+RUN set -ex; \
+    \
+    fetchDeps='ca-certificates wget'; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends $fetchDeps; \
+    rm -rf /var/lib/apt/lists/*; \
+    \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+    export GNUPGHOME="$(mktemp -d)"; \
+    for server in $(shuf -e ha.pool.sks-keyservers.net \
+                            hkp://p80.pool.sks-keyservers.net:80 \
+                            keyserver.ubuntu.com \
+                            hkp://keyserver.ubuntu.com:80 \
+                            pgp.mit.edu) ; do \
+        gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+    done; \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+    chmod +x /usr/local/bin/gosu; \
+    gosu nobody true; \
+    \
+    apt-get purge -y --auto-remove wget
 
 # Install PeerTube
-USER peertube
 WORKDIR /app
+COPY . ./
+RUN chown -R peertube:peertube /app
+
+USER peertube
 
 RUN yarn install --pure-lockfile \
-    && npm run build
+    && npm run build \
+    && rm -r ./node_modules ./client/node_modules \
+    && yarn install --pure-lockfile --production \
+    && yarn cache clean
+
+USER root
+
+RUN mkdir /data /config
+RUN chown -R peertube:peertube /data /config
 
-# Configure PeerTube
-RUN cp /app/config/default.yaml /app/support/docker/production/config/default.yaml
 ENV NODE_ENV production
-ENV NODE_CONFIG_DIR /app/support/docker/production/config
+ENV NODE_CONFIG_DIR /config
+
+VOLUME /data
+VOLUME /config
+
+COPY ./support/docker/production/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 
 # Run the application
 CMD ["npm", "start"]
-VOLUME ["/data"]
 EXPOSE 9000