-
Notifications
You must be signed in to change notification settings - Fork 12
/
Dockerfile
80 lines (65 loc) · 2.88 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
############################################################
# Grist omnibus image
# Grist doesn't have a built-in login system, which can be
# a stumbling block for beginners or people just wanting to
# try it out.
# Includes bundled traefik, traefik-forward-auth, and dex.
ARG BASE=gristlabs/grist:latest
# Gather main dependencies.
FROM dexidp/dex:v2.33.1 as dex
FROM traefik:2.8 as traefik
FROM traefik/whoami as whoami
# recent public traefik-forward-auth image doesn't support arm,
# so build it from scratch.
FROM golang:1.13-alpine as fwd
RUN mkdir -p /go/src/github.com/thomseddon/traefik-forward-auth
WORKDIR /go/src/github.com/thomseddon/traefik-forward-auth
RUN apk add --no-cache git
RUN mkdir -p /go/src/github.com/thomseddon/
RUN cd /go/src/github.com/thomseddon/ && \
git clone https://github.com/thomseddon/traefik-forward-auth.git && \
cd traefik-forward-auth && \
git checkout c4317b7503fb0528d002eb1e5ee43c4a37f055d0
ARG TARGETOS TARGETARCH
RUN echo "Compiling for [$TARGETOS $TARGETARCH] (will be blank if not using BuildKit)"
RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GO111MODULE=on go build -a -installsuffix nocgo \
-o /traefik-forward-auth github.com/thomseddon/traefik-forward-auth/cmd
# Extend Grist image.
FROM $BASE as merge
# Enable sandboxing by default. It is generally important when sharing with
# others. You may override it, e.g. "unsandboxed" uses no sandboxing but is
# only OK if you trust all users fully.
ENV GRIST_SANDBOX_FLAVOR=gvisor
# apache2-utils is for htpasswd, used with dex
RUN \
apt-get update && \
apt-get install -y --no-install-recommends pwgen apache2-utils curl && \
apt-get install -y --no-install-recommends ca-certificates tzdata && \
rm -rf /var/lib/apt/lists/*
# Copy in traefik-forward-auth program.
COPY --from=fwd /traefik-forward-auth /usr/local/bin
# Copy in traeefik program.
COPY --from=traefik /usr/local/bin/traefik /usr/local/bin/traefik
# Copy in all of dex parts, including its funky template-expanding
# entrypoint (rename this to dex-entrypoint).
COPY --from=dex /var/dex /var/dex
COPY --from=dex /etc/dex /etc/dex
COPY --from=dex /usr/local/src/dex/ /usr/local/src/dex/
COPY --from=dex /usr/local/bin/dex /usr/local/bin/dex
COPY --from=dex /srv/dex/web /srv/dex/web
COPY --from=dex /usr/local/bin/gomplate /usr/local/bin/gomplate
COPY --from=dex /usr/local/bin/docker-entrypoint /usr/local/bin/dex-entrypoint
COPY --from=whoami /whoami /usr/local/bin/whoami
COPY dex.yaml /settings/dex.yaml
COPY traefik.yaml /settings/traefik.yaml
COPY run.js /grist/run.js
# Make traefik-forward-auth trust self-signed certificates internally, if user
# chooses to use one.
RUN ln -s /custom/grist.crt /etc/ssl/certs/grist.pem
# Squashing this way loses environment variables set in base image
# so we need to revert it for now.
# # One last layer, to squash everything.
# FROM scratch
# COPY --from=merge / /
CMD /grist/run.js
EXPOSE 80 443