1# syntax=docker/dockerfile:1 2 3# This file was generated using a Jinja2 template. 4# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. 5 6# Using multistage build: 7# https://docs.docker.com/develop/develop-images/multistage-build/ 8# https://whitfin.io/speeding-up-rust-docker-builds/ 9####################### VAULT BUILD IMAGE ####################### 10# The web-vault digest specifies a particular web-vault build on Docker Hub. 11# Using the digest instead of the tag name provides better security, 12# as the digest of an image is immutable, whereas a tag name can later 13# be changed to point to a malicious image. 14# 15# To verify the current digest for a given tag name: 16# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, 17# click the tag name to view the digest of the image it currently points to. 18# - From the command line: 19# $ docker pull vaultwarden/web-vault:v2.25.0 20# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.0 21# [vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527] 22# 23# - Conversely, to get the tag name from the digest: 24# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 25# [vaultwarden/web-vault:v2.25.0] 26# 27FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault 28 29########################## BUILD IMAGE ########################## 30FROM clux/muslrust:nightly-2021-10-23 as build 31 32# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time. 33ARG DB=sqlite,postgresql 34 35# Build time options to avoid dpkg warnings and help with reproducible builds. 36ENV DEBIAN_FRONTEND=noninteractive \ 37 LANG=C.UTF-8 \ 38 TZ=UTC \ 39 TERM=xterm-256color \ 40 CARGO_HOME="/root/.cargo" \ 41 USER="root" 42 43 44# Create CARGO_HOME folder and don't download rust docs 45RUN mkdir -pv "${CARGO_HOME}" \ 46 && rustup set profile minimal 47 48ENV RUSTFLAGS='-C link-arg=-s' 49 50# Creates a dummy project used to grab dependencies 51RUN USER=root cargo new --bin /app 52WORKDIR /app 53 54# Copies over *only* your manifests and build files 55COPY ./Cargo.* ./ 56COPY ./rust-toolchain ./rust-toolchain 57COPY ./build.rs ./build.rs 58 59RUN rustup target add x86_64-unknown-linux-musl 60 61# Builds your dependencies and removes the 62# dummy project, except the target folder 63# This folder contains the compiled dependencies 64RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ 65 && find . -not -path "./target*" -delete 66 67# Copies the complete project 68# To avoid copying unneeded files, use .dockerignore 69COPY . . 70 71# Make sure that we actually build the project 72RUN touch src/main.rs 73 74# Builds again, this time it'll just be 75# your actual source files being built 76RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl 77 78######################## RUNTIME IMAGE ######################## 79# Create a new stage with a minimal image 80# because we already have a binary built 81FROM alpine:3.14 82 83ENV ROCKET_ENV "staging" 84ENV ROCKET_PORT=80 85ENV ROCKET_WORKERS=10 86ENV SSL_CERT_DIR=/etc/ssl/certs 87 88 89# Create data folder and Install needed libraries 90RUN mkdir /data \ 91 && apk add --no-cache \ 92 openssl \ 93 tzdata \ 94 curl \ 95 dumb-init \ 96 postgresql-libs \ 97 ca-certificates 98 99 100VOLUME /data 101EXPOSE 80 102EXPOSE 3012 103 104# Copies the files from the context (Rocket.toml file and web-vault) 105# and the binary from the "build" stage to the current stage 106WORKDIR / 107COPY Rocket.toml . 108COPY --from=vault /web-vault ./web-vault 109COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . 110 111COPY docker/healthcheck.sh /healthcheck.sh 112COPY docker/start.sh /start.sh 113 114HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] 115 116# Configures the startup! 117ENTRYPOINT ["/usr/bin/dumb-init", "--"] 118CMD ["/start.sh"] 119