Multistage dockerfile.

Result image size from 750MB to 16MB
2025-08-16 13:43:46 +02:00 · 2022-01-05 10:36:29 +01:00 · 2022-01-05 10:36:29 +01:00 · 2fcead680c
commit 2fcead680c
parent bd10329828
1 changed files with 32 additions and 32 deletions
--- a/dev/docker/Dockerfile
+++ b/dev/docker/Dockerfile
@ -1,13 +1,19 @@
-FROM alpine:latest
+# builder stage
+FROM golang as builder

-RUN apk add --no-cache gcc git make musl-dev go openssl curl
+# define architectures which could be run rdpgw
+RUN dpkgArch="$(dpkg --print-architecture)"; \
+    case "$dpkgArch" in \
+        arm) ARCH='arm' ;; \
+        arm64) ARCH='arm64' ;; \
+        amd64) ARCH='amd64' ;; \
+        386) ARCH='386' ;; \
+        *) echo >&2 "error: unsupported architecture: $apkArch"; exit 1 ;; \
+    esac

-# Configure Go
-ENV GOROOT /usr/lib/go
-ENV GOPATH /go
-ENV PATH /go/bin:$PATH
-
-RUN random=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) && \
+# certificate
+RUN mkdir -p /opt/rdpgw && cd /opt/rdpgw && \
+    random=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) && \
    openssl genrsa -des3 -passout pass:$random -out server.pass.key 2048 && \
    openssl rsa -passin pass:$random -in server.pass.key -out key.pem && \
    rm server.pass.key && \
@ -15,33 +21,27 @@ RUN random=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) &&
    -subj "/C=US/ST=VA/L=SomeCity/O=MyCompany/OU=MyDivision/CN=localhost" && \
    openssl x509 -req -days 365 -in server.csr -signkey key.pem -out server.pem

-RUN apkArch="$(apk --print-arch)"; \
-    case "$apkArch" in \
-        armhf) ARCH='arm' ;; \
-        aarch64) ARCH='arm64' ;; \
-        x86_64) ARCH='amd64' ;; \
-        x86) ARCH='386' ;; \ 
-        *) echo >&2 "error: unsupported architecture: $apkArch"; exit 1 ;; \
-    esac && \
-    git clone https://github.com/bolkedebruin/rdpgw.git && \
-    cd rdpgw && \
+# add user
+RUN adduser --disabled-password --gecos "" --home /opt/rdpgw --uid 1001 rdgw
+
+# build rdwgw and set rights
+RUN git clone https://github.com/bolkedebruin/rdpgw.git /app && \
+    cd /app && \
    go mod tidy && \
-    go build -trimpath -tags '' -ldflags '' -o '/rdpgw/bin/rdpgw' ./cmd/rdpgw && \
-    mkdir -p /opt/rdpgw && \
-    mv /rdpgw/bin/rdpgw /opt/rdpgw/rdpgw && \
-    rm -rf /root/go && \
-    rm -rf /rdpgw
-
-RUN rm -rf /go
+    CGO_ENABLED=0 GOOS=linux go build -trimpath -tags '' -ldflags '' -o '/opt/rdpgw/rdpgw' ./cmd/rdpgw && \
+    chmod +x /opt/rdpgw/rdpgw && \
+    chown -R 1001 /opt/rdpgw

+# FROM scratch
+# FROM scratch is missing /bin/sh which is sadly needed to start the container.
+FROM busybox
+# Copy stuff from builder
+COPY --from=builder /opt/rdpgw /opt/rdpgw
+COPY --from=builder /etc/passwd /etc/passwd
+# COPY --from=builder /bin/sh /bin/sh
+# COPY rdpgw.yaml
 COPY rdpgw.yaml /opt/rdpgw/rdpgw.yaml

-RUN adduser --disabled-password --gecos "" -h /opt/rdpgw -u 1001 rdgw && \
-    mv server.pem /opt/rdpgw/server.pem && \
-    mv key.pem /opt/rdpgw/key.pem && \
-    chown -R 1001 /opt/rdpgw && \
-    chmod +x /opt/rdpgw/rdpgw
-
 USER 1001
 WORKDIR /opt/rdpgw
-ENTRYPOINT /opt/rdpgw/rdpgw
+ENTRYPOINT /opt/rdpgw/rdpgw