Docker improvements

- Modify onionr.sh to parse env and supply args to run-onionr-node.py
- Run onionr by default rather than bash
- Run as unprivileged user by default instead of root
- Use /app for all code
- Specify python 3.7 (3.8 fails to build cffi)
- Use apt-get rather than apt (apt's CLI is not stable)
- Slight reformatting and consolidation
This commit is contained in:
Duncan X Simpson 2020-12-14 23:20:27 -07:00 committed by Kevin Froman
parent 416e43e7bb
commit b1ef248ee9
2 changed files with 37 additions and 18 deletions

View File

@ -1,28 +1,30 @@
FROM python FROM python:3.7
#Base settings USER root
ENV HOME /root
RUN mkdir /app
WORKDIR /app
ENV PORT=8080
EXPOSE 8080
#Install needed packages #Install needed packages
RUN apt update && apt install -y tor locales RUN apt-get update && apt-get install -y tor locales
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
locale-gen locale-gen
ENV LANG en_US.UTF-8 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
WORKDIR /srv/ ADD ./requirements.txt /app/requirements.txt
ADD ./requirements.txt /srv/requirements.txt
RUN pip3 install --require-hashes -r requirements.txt RUN pip3 install --require-hashes -r requirements.txt
WORKDIR /root/
#Add Onionr source #Add Onionr source
COPY . /root/ COPY . /app/
VOLUME /root/data/
#Set upstart command VOLUME /app/data/
CMD bash
#Expose ports #Default to running as nonprivileged user
EXPOSE 8080 RUN chmod g=u -R /app
USER 1000
CMD ["bash", "./onionr.sh"]

View File

@ -2,5 +2,22 @@
ORIG_ONIONR_RUN_DIR=`pwd` ORIG_ONIONR_RUN_DIR=`pwd`
export ORIG_ONIONR_RUN_DIR export ORIG_ONIONR_RUN_DIR
cd "$(dirname "$0")" cd "$(dirname "$0")"
cd src
./__init__.py "$@" [[ -n "$USE_TOR" ]] || USE_TOR=1
[[ -n "$PORT" ]] || PORT=8080
[[ -n "$KEEP_LOG" ]] || KEEP_LOG=0
[[ -n "$STORE_PLAINTEXT" ]] || STORE_PLAINTEXT=1
PRIVKEY_OPT=""
[[ -f "privkey.key" ]] && PRIVKEY_OPT="--private-key privkey.key"
python run-onionr-node.py \
--open-ui 0 \
--onboarding 0 \
--bind-address 0.0.0.0 \
--port $PORT \
--use-tor $USE_TOR \
--keep-log-on-exit $KEEP_LOG \
--store-plaintext $STORE_PLAINTEXT \
$PRIVKEY_OPT \
"$@"