mike
/
chronoscope
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow local CA certificates to be used

This commit is contained in:
Mike Cifelli 2024-03-18 09:47:18 -04:00
parent dbf3c32a78
commit d2c23bb324
Signed by: mike
GPG Key ID: 6B08C6BE47D08E4C
3 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@ -43,3 +43,6 @@ erl_crash.dump
/assets/node_modules/ /assets/node_modules/
/priv/static/assets/ /priv/static/assets/
/priv/static/cache_manifest.json /priv/static/cache_manifest.json
# Ignore .gitignore file for ca-certificates
/ca-certificates/.gitignore

22
Dockerfile
View File

@ -20,26 +20,26 @@ ARG RUNNER_IMAGE="debian:${DEBIAN_VERSION}"
FROM ${BUILDER_IMAGE} as builder FROM ${BUILDER_IMAGE} as builder
# install build dependencies # Install build dependencies
RUN apt-get update -y && apt-get install -y build-essential git \ RUN apt-get update -y && apt-get install -y build-essential git \
&& apt-get clean && rm -f /var/lib/apt/lists/*_* && apt-get clean && rm -f /var/lib/apt/lists/*_*
# prepare build dir # Prepare build dir
WORKDIR /app WORKDIR /app
# install hex + rebar # Install hex + rebar
RUN mix local.hex --force && \ RUN mix local.hex --force && \
mix local.rebar --force mix local.rebar --force
# set build ENV # Set build ENV
ENV MIX_ENV="prod" ENV MIX_ENV="prod"
# install mix dependencies # Install mix dependencies
COPY mix.exs mix.lock ./ COPY mix.exs mix.lock ./
RUN mix deps.get --only $MIX_ENV RUN mix deps.get --only $MIX_ENV
RUN mkdir config RUN mkdir config
# copy compile-time config files before we compile dependencies # Copy compile-time config files before we compile dependencies
# to ensure any relevant config change will trigger the dependencies # to ensure any relevant config change will trigger the dependencies
# to be re-compiled. # to be re-compiled.
COPY config/config.exs config/${MIX_ENV}.exs config/ COPY config/config.exs config/${MIX_ENV}.exs config/
@ -51,7 +51,7 @@ COPY lib lib
COPY assets assets COPY assets assets
# compile assets # Compile assets
RUN mix assets.deploy RUN mix assets.deploy
# Compile the release # Compile the release
@ -63,7 +63,7 @@ COPY config/runtime.exs config/
COPY rel rel COPY rel rel
RUN mix release RUN mix release
# start a new build stage so that the final image will only contain # Start a new build stage so that the final image will only contain
# the compiled release and other runtime necessities # the compiled release and other runtime necessities
FROM ${RUNNER_IMAGE} FROM ${RUNNER_IMAGE}
@ -81,12 +81,16 @@ ENV LC_ALL en_US.UTF-8
WORKDIR "/app" WORKDIR "/app"
RUN chown nobody /app RUN chown nobody /app
# set runner ENV # Set runner ENV
ENV MIX_ENV="prod" ENV MIX_ENV="prod"
# Only copy the final release from the build stage # Only copy the final release from the build stage
COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/chronoscope ./ COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/chronoscope ./
# Add in any local CA Certificates
COPY ca-certificates/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
USER nobody USER nobody
# If using an environment that doesn't automatically reap zombie processes, it is # If using an environment that doesn't automatically reap zombie processes, it is

3
ca-certificates/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!/
!/.gitignore