-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile-redhat
48 lines (37 loc) · 2.03 KB
/
Dockerfile-redhat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#------------------------------------------------------------------------------------------
# Stage 1: Build container
#------------------------------------------------------------------------------------------
FROM redhat/ubi9 as builder
# Install build dependencies
RUN yum install -y gcc make openssl-devel
# Download and build stunnel
RUN curl -LO https://www.stunnel.org/downloads/stunnel-5.70.tar.gz \
&& tar -xzf stunnel-5.70.tar.gz \
&& cd stunnel-5.70 \
&& ./configure \
&& make \
&& make install
# Create a new selfsigned certificate
COPY config/pem.conf /root/pem.conf
RUN openssl req -newkey rsa:2048 -nodes -keyout /root/stunnel.pem -x509 -days 3650 -out /root/stunnel.pem -config /root/pem.conf
#------------------------------------------------------------------------------------------
# Stage 2: Final container
#------------------------------------------------------------------------------------------
FROM eclipse-temurin:17.0.7_7-jre-ubi9-minimal
# Copy stunnel binary from the builder stage
COPY --from=builder /usr/local/bin/stunnel /usr/bin/stunnel
#ENV CRYPTOMATOR_SRC_PATH='/path/to/cryptomator/vault/files'
ENV CRYPTOMATOR_VAULT_PASS='password'
ENV CRYPTOMATOR_UID='1000'
ENV CRYPTOMATOR_GID='1000'
ENV CRYPTOMATOR_UMASK='0077'
EXPOSE 8443
# Createa local cryptomator user and group to keep files contained to local user
RUN groupadd -g "${CRYPTOMATOR_GID}" cryptomator && useradd --no-log-init -u "${CRYPTOMATOR_UID}" -g cryptomator cryptomator
COPY --chown=cryptomator:cryptomator --chmod=0444 packages/cryptomator-cli-latest.jar /usr/local/bin/cryptomator-cli.jar
COPY --chown=cryptomator:cryptomator --chmod=0444 config/stunnel.conf /etc/stunnel/stunnel.conf
COPY --from=builder --chown=cryptomator:cryptomator --chmod=0444 /root/stunnel.pem /etc/stunnel/stunnel.pem
# Copy over the init scripts last (to speed up dev rebuilds when these change)
COPY --chown=root:root --chmod=0555 scripts/init.sh /init.sh
COPY --chown=cryptomator:cryptomator --chmod=0555 scripts/entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/init.sh"]