octoleo
/
plantuml-server
mirror of https://github.com/octoleo/plantuml-server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

update docker base images and reduce size 

There were same base image and naming changes for the jetty and tomcat images plantuml-server uses => plantuml-server uses a pretty old and vulnerable images.

- update base images for jetty and tomcat
- add a alpine version for jetty (not tomcat has no official alpine version)
- add autoremove and clean commands after graphviz installation. This reduces the images by about ~280 MB
This commit is contained in:
Florian 2023-05-05 22:15:52 +02:00 committed by PlantUML
parent 323aad1525
commit 5d7c4e1a03
3 changed files with 87 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile.jetty
View File

@ -1,4 +1,4 @@
FROM maven:3-jdk-11-slim AS builder
FROM maven:3-eclipse-temurin-11 AS builder
COPY pom.xml /app/
COPY src/main /app/src/main/
@ -8,7 +8,7 @@ RUN mvn --batch-mode --define java.net.useSystemProxies=true package
########################################################################################
FROM jetty:11.0.15-jre11-slim
FROM jetty:11.0.15-jre11
# Proxy and OldProxy need empty path segments support in URIs
# Hence: allow AMBIGUOUS_EMPTY_SEGMENT
@ -16,8 +16,10 @@ FROM jetty:11.0.15-jre11-slim
RUN sed -i 's/# jetty\.httpConfig\.uriCompliance=DEFAULT/jetty.httpConfig.uriCompliance=DEFAULT,AMBIGUOUS_EMPTY_SEGMENT/g' /var/lib/jetty/start.d/server.ini
USER root
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
fonts-noto-cjk \
libgd3 \
&& \
@ -29,7 +31,6 @@ ARG GRAPHVIZ_VERSION=8.0.2
ARG GRAPHVIZ_BUILD_DIR=/tmp/graphiz-build
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
build-essential \
libexpat1-dev \
libgd-dev \
@ -49,6 +50,8 @@ RUN apt-get update && \
libgd-dev \
zlib1g-dev \
&& \
apt-get autoremove -y && \
apt-get clean & \
rm -rf /var/lib/apt/lists/* && \
rm -rf $GRAPHVIZ_BUILD_DIR
@ -63,11 +66,11 @@ RUN rm -rf $WEBAPP_PATH && \
COPY --from=builder /app/target/plantuml.war /plantuml.war
COPY ROOT.jetty.xml $WEBAPP_PATH/ROOT.xml
ENTRYPOINT ["/entrypoint.sh"]
# Openshift https://docs.openshift.com/container-platform/4.9/openshift_images/create-images.html#images-create-guide-openshift_create-images
USER root
RUN chgrp -R 0 $JETTY_BASE && chmod -R g=u $JETTY_BASE
RUN chgrp -R 0 /tmp && chmod -R g=u /tmp
USER jetty
ENTRYPOINT ["/entrypoint.sh"]
VOLUME ["/tmp/jetty"]

72
Dockerfile.jetty-alpine Normal file
View File

@ -0,0 +1,72 @@
FROM maven:3-eclipse-temurin-11-alpine AS builder
COPY pom.xml /app/
COPY src/main /app/src/main/
WORKDIR /app
RUN mvn --batch-mode --define java.net.useSystemProxies=true package
########################################################################################
FROM jetty:11.0.15-jre11-alpine-eclipse-temurin
# Proxy and OldProxy need empty path segments support in URIs
# Hence: allow AMBIGUOUS_EMPTY_SEGMENT
# Changes are only active if `/generate-jetty-start.sh` is called!
RUN sed -i 's/# jetty\.httpConfig\.uriCompliance=DEFAULT/jetty.httpConfig.uriCompliance=DEFAULT,AMBIGUOUS_EMPTY_SEGMENT/g' /var/lib/jetty/start.d/server.ini
USER root
RUN apk add --no-cache \
curl \
font-noto-cjk \
libgd \
&& \
/generate-jetty-start.sh
#RUN apk add --no-cache graphviz
ARG GRAPHVIZ_VERSION=8.0.2
ARG GRAPHVIZ_BUILD_DIR=/tmp/graphiz-build
RUN apk add --no-cache \
g++ \
libexpat \
make \
zlib \
&& \
mkdir -p $GRAPHVIZ_BUILD_DIR && \
cd $GRAPHVIZ_BUILD_DIR && \
curl -o graphviz.tar.gz https://gitlab.com/api/v4/projects/4207231/packages/generic/graphviz-releases/${GRAPHVIZ_VERSION}/graphviz-${GRAPHVIZ_VERSION}.tar.gz && \
tar -xzf graphviz.tar.gz && \
cd graphviz-$GRAPHVIZ_VERSION && \
./configure && \
make && \
make install && \
apk del --no-cache \
g++ \
libexpat \
make \
zlib \
&& \
rm -rf $GRAPHVIZ_BUILD_DIR
COPY docker-entrypoint.jetty.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
USER jetty
ENV WEBAPP_PATH=$JETTY_BASE/webapps
RUN rm -rf $WEBAPP_PATH && \
mkdir -p $WEBAPP_PATH
COPY --from=builder /app/target/plantuml.war /plantuml.war
COPY ROOT.jetty.xml $WEBAPP_PATH/ROOT.xml
# Openshift https://docs.openshift.com/container-platform/4.9/openshift_images/create-images.html#images-create-guide-openshift_create-images
USER root
RUN chgrp -R 0 $JETTY_BASE && \
chmod -R g=u $JETTY_BASE
RUN chgrp -R 0 /tmp && \
chmod -R g=u /tmp
USER jetty
ENTRYPOINT ["/entrypoint.sh"]
VOLUME ["/tmp/jetty"]

14
Dockerfile.tomcat
View File

@ -1,4 +1,4 @@
FROM maven:3-jdk-11-slim AS builder
FROM maven:3-eclipse-temurin-11 AS builder
COPY pom.xml /app/
COPY src/main /app/src/main/
@ -8,10 +8,11 @@ RUN mvn --batch-mode --define java.net.useSystemProxies=true -Dapache-jsp.scope=
########################################################################################
FROM tomcat:10-jdk11-openjdk-slim
FROM tomcat:10-jdk11
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
fonts-noto-cjk \
libgd3 \
&& \
@ -22,7 +23,6 @@ ARG GRAPHVIZ_VERSION=8.0.2
ARG GRAPHVIZ_BUILD_DIR=/tmp/graphiz-build
RUN apt-get update && \
apt-get install -y --no-install-recommends \
curl \
build-essential \
libexpat1-dev \
libgd-dev \
@ -42,6 +42,8 @@ RUN apt-get update && \
libgd-dev \
zlib1g-dev \
&& \
apt-get autoremove -y && \
apt-get clean & \
rm -rf /var/lib/apt/lists/* && \
rm -rf $GRAPHVIZ_BUILD_DIR
@ -53,8 +55,8 @@ RUN rm -rf $WEBAPP_PATH && \
mkdir -p $WEBAPP_PATH
COPY --from=builder /app/target/plantuml.war /plantuml.war
# Openshift https://docs.openshift.com/container-platform/4.9/openshift_images/create-images.html#images-create-guide-openshift_create-images
RUN chgrp -R 0 $CATALINA_HOME && chmod -R g=u $CATALINA_HOME
ENTRYPOINT ["/entrypoint.sh"]
CMD ["catalina.sh", "run"]
# Openshift https://docs.openshift.com/container-platform/4.9/openshift_images/create-images.html#images-create-guide-openshift_create-images
USER root
RUN chgrp -R 0 $CATALINA_HOME && chmod -R g=u $CATALINA_HOME