From d2c23bb324bcbc5f01a3cdb7a474f0a578b4238a Mon Sep 17 00:00:00 2001 From: Mike Cifelli Date: Mon, 18 Mar 2024 09:47:18 -0400 Subject: [PATCH] Allow local CA certificates to be used --- .dockerignore | 3 +++ Dockerfile | 22 +++++++++++++--------- ca-certificates/.gitignore | 3 +++ 3 files changed, 19 insertions(+), 9 deletions(-) create mode 100644 ca-certificates/.gitignore diff --git a/.dockerignore b/.dockerignore index 61a7393..9dec48c 100644 --- a/.dockerignore +++ b/.dockerignore @@ -43,3 +43,6 @@ erl_crash.dump /assets/node_modules/ /priv/static/assets/ /priv/static/cache_manifest.json + +# Ignore .gitignore file for ca-certificates +/ca-certificates/.gitignore diff --git a/Dockerfile b/Dockerfile index a877766..54a8384 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,26 +20,26 @@ ARG RUNNER_IMAGE="debian:${DEBIAN_VERSION}" FROM ${BUILDER_IMAGE} as builder -# install build dependencies +# Install build dependencies RUN apt-get update -y && apt-get install -y build-essential git \ && apt-get clean && rm -f /var/lib/apt/lists/*_* -# prepare build dir +# Prepare build dir WORKDIR /app -# install hex + rebar +# Install hex + rebar RUN mix local.hex --force && \ mix local.rebar --force -# set build ENV +# Set build ENV ENV MIX_ENV="prod" -# install mix dependencies +# Install mix dependencies COPY mix.exs mix.lock ./ RUN mix deps.get --only $MIX_ENV RUN mkdir config -# copy compile-time config files before we compile dependencies +# Copy compile-time config files before we compile dependencies # to ensure any relevant config change will trigger the dependencies # to be re-compiled. COPY config/config.exs config/${MIX_ENV}.exs config/ @@ -51,7 +51,7 @@ COPY lib lib COPY assets assets -# compile assets +# Compile assets RUN mix assets.deploy # Compile the release @@ -63,7 +63,7 @@ COPY config/runtime.exs config/ COPY rel rel RUN mix release -# start a new build stage so that the final image will only contain +# Start a new build stage so that the final image will only contain # the compiled release and other runtime necessities FROM ${RUNNER_IMAGE} @@ -81,12 +81,16 @@ ENV LC_ALL en_US.UTF-8 WORKDIR "/app" RUN chown nobody /app -# set runner ENV +# Set runner ENV ENV MIX_ENV="prod" # Only copy the final release from the build stage COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/chronoscope ./ +# Add in any local CA Certificates +COPY ca-certificates/* /usr/local/share/ca-certificates/ +RUN update-ca-certificates + USER nobody # If using an environment that doesn't automatically reap zombie processes, it is diff --git a/ca-certificates/.gitignore b/ca-certificates/.gitignore new file mode 100644 index 0000000..9b57329 --- /dev/null +++ b/ca-certificates/.gitignore @@ -0,0 +1,3 @@ +* +!/ +!/.gitignore