diff --git a/docker/jdk11/Dockerfile.arm64 b/docker/jdk11/Dockerfile.arm64 new file mode 100644 index 00000000..4a5a89f8 --- /dev/null +++ b/docker/jdk11/Dockerfile.arm64 @@ -0,0 +1,90 @@ +# Dockerfile for ARM64 images +# +# A few useful Docker commands to build an image and run the stubby4j container. +# +# Build (run with '--no-cache' to ensure that Git repo new tags will be pulled down, as Docker caches RUNs): +# '$ docker build --build-arg REVISION=v7.2.0 --rm --no-cache -t stubby4j:latest .' or +# '$ docker build --rm --no-cache -t stubby4j:latest .' to build from master +# +# Run: +# https://hub.docker.com/r/azagniotov/stubby4j ("How to use this image") + +######################################################################################## +# Stage 1 : build the app +######################################################################################## +FROM gradle:7.2.0-jdk11-openj9@sha256:68d2abb7a3dafef89b9f387095ebe2f7059dca48c53d83fd9328bf5914ce14a6 AS BUILD_JAR_STAGE + +ARG REVISION=master +ENV GRADLE_USER_HOME=/home/gradle +WORKDIR $GRADLE_USER_HOME + +# Build from the latest tag +RUN git clone https://github.com/azagniotov/stubby4j.git && \ + cd stubby4j && \ + git fetch -f --tags && \ + git checkout $REVISION && \ + gradle -Plog4j -PuseNativeJdkAlpnProcessor clean jar + +######################################################################################## +# Stage 2 : create the Docker final image +######################################################################################## +# https://hub.docker.com/r/azul/zulu-openjdk-alpine +FROM azul/zulu-openjdk-alpine:11.0.21-11.68-jre-headless@sha256:95750d3048415315d22effd433373f1ecd543be17fb658c650207db6c837ec09 + +ARG USER_ID=1001 +ARG GROUP_ID=1001 + +MAINTAINER Alexander Zagniotov + +# Why --location=0.0.0.0 ??? Read: https://stackoverflow.com/a/59182290 +ENV LOCATION=0.0.0.0 \ + STUBS_PORT=8882 \ + STUBS_TLS_PORT=7443 \ + ADMIN_PORT=8889 \ + WITH_ARGS="" \ + YAML_CONFIG="main.yaml" \ + STUBBY4J_USER_HOME=/home/stubby4j + +# Users & permissions, docs: https://wiki.alpinelinux.org/wiki/Setting_up_a_new_user +RUN addgroup --system --gid $GROUP_ID stubby4j && \ + adduser \ + --system \ + --disabled-password \ + --gecos '' \ + --uid $USER_ID stubby4j \ + --shell /bin/bash \ + --home "$STUBBY4J_USER_HOME" && \ + chown --recursive stubby4j:stubby4j "$STUBBY4J_USER_HOME" + +WORKDIR "$STUBBY4J_USER_HOME" + +COPY --from=BUILD_JAR_STAGE /home/gradle/stubby4j/build/libs/stubby4j*SNAPSHOT.jar ./stubby4j.jar +COPY --from=BUILD_JAR_STAGE /home/gradle/stubby4j/docker/log4j2-for-docker.xml ./log4j2.xml +RUN chown $USER_ID:$GROUP_ID stubby4j.jar && \ + chown $USER_ID:$GROUP_ID log4j2.xml && \ + java -version && \ + ls -al + +# Set the UID and GID of 'stubby4j' for the ENTRYPOINT instructions, +# because root inside the container == root outside the container, +# since there’s a single kernel and a single, shared pool of UIDs and GIDs. +USER $USER_ID:$GROUP_ID + +# Mark the 'data' directory as volume +VOLUME "$STUBBY4J_USER_HOME/data" + +# Expose the three stubby4j ports and run the JAR +EXPOSE $ADMIN_PORT $STUBS_PORT $STUBS_TLS_PORT + +# https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ +ENTRYPOINT java \ + -DoverrideDisabledAlgorithms=true \ + -Dlog4j2.configurationFile=log4j2.xml \ + -jar stubby4j.jar \ + --location ${LOCATION} \ + --admin ${ADMIN_PORT} \ + --stubs ${STUBS_PORT} \ + --tls ${STUBS_TLS_PORT} \ + --data data/${YAML_CONFIG} \ + --mute \ + ${WITH_ARGS}