mirror of
https://github.com/bitwarden/server.git
synced 2025-07-25 11:31:10 -05:00
wip: rework containers for rootless images
This commit is contained in:
@ -1,3 +1,3 @@
|
|||||||
**/bin
|
# **/bin
|
||||||
**/obj
|
# **/obj
|
||||||
**/node_modules
|
# **/node_modules
|
||||||
|
@ -7,7 +7,6 @@
|
|||||||
|
|
||||||
<RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
|
<RootNamespace>Bit.$(MSBuildProjectName)</RootNamespace>
|
||||||
<ImplicitUsings>enable</ImplicitUsings>
|
<ImplicitUsings>enable</ImplicitUsings>
|
||||||
<IncludeSourceRevisionInInformationalVersion>false</IncludeSourceRevisionInInformationalVersion>
|
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
@ -46,22 +45,4 @@
|
|||||||
<AutoFixtureAutoNSubstituteVersion>4.18.1</AutoFixtureAutoNSubstituteVersion>
|
<AutoFixtureAutoNSubstituteVersion>4.18.1</AutoFixtureAutoNSubstituteVersion>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<!--
|
|
||||||
This section is for getting & setting the gitHash value, which can easily be accessed
|
|
||||||
via the Core.Utilities.AssemblyHelpers class.
|
|
||||||
-->
|
|
||||||
<Target Name="SetSourceRevisionId" BeforeTargets="CoreGenerateAssemblyInfo">
|
|
||||||
<Exec Command="git describe --long --always --dirty --exclude=* --abbrev=8" ConsoleToMSBuild="True" IgnoreExitCode="False">
|
|
||||||
<Output PropertyName="SourceRevisionId" TaskParameter="ConsoleOutput"/>
|
|
||||||
</Exec>
|
|
||||||
</Target>
|
|
||||||
<Target Name="WriteRevision" AfterTargets="SetSourceRevisionId">
|
|
||||||
<ItemGroup>
|
|
||||||
<AssemblyAttribute Include="System.Reflection.AssemblyMetadataAttribute">
|
|
||||||
<_Parameter1>GitHash</_Parameter1>
|
|
||||||
<_Parameter2>$(SourceRevisionId)</_Parameter2>
|
|
||||||
</AssemblyAttribute>
|
|
||||||
</ItemGroup>
|
|
||||||
</Target>
|
|
||||||
|
|
||||||
</Project>
|
</Project>
|
||||||
|
25
docker-compose.yml
Normal file
25
docker-compose.yml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
services:
|
||||||
|
api:
|
||||||
|
image: api
|
||||||
|
ports:
|
||||||
|
- "4000:5000"
|
||||||
|
environment:
|
||||||
|
globalSettings__DataProtection__directory: /home/app/.aspnet/DataProtection-Keys
|
||||||
|
globalSettings__selfHosted: true
|
||||||
|
identity:
|
||||||
|
image: identity
|
||||||
|
ports:
|
||||||
|
- "33656:5000"
|
||||||
|
environment:
|
||||||
|
globalSettings__DataProtection__directory: /home/app/.aspnet/DataProtection-Keys
|
||||||
|
globalSettings__selfHosted: true
|
||||||
|
globalSettings__IdentityServer__CertificateLocation: /home/app/config/identity.pfx
|
||||||
|
volumes:
|
||||||
|
- /tmp/server:/home/app/config # identity.pfx exists here
|
||||||
|
mssql:
|
||||||
|
image: bitwarden/mssql:2024.10.0
|
||||||
|
container_name: bitwarden-mssql
|
||||||
|
ports:
|
||||||
|
- "1433:1433"
|
||||||
|
environment:
|
||||||
|
ACCEPT_EULA: true
|
@ -1,4 +1,4 @@
|
|||||||
*
|
# *
|
||||||
!obj/build-output/publish/*
|
# !obj/build-output/publish/*
|
||||||
!obj/Docker/empty/
|
# !obj/Docker/empty/
|
||||||
!entrypoint.sh
|
# !entrypoint.sh
|
||||||
|
@ -1,21 +1,73 @@
|
|||||||
FROM mcr.microsoft.com/dotnet/aspnet:8.0
|
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
|
||||||
|
ARG TARGETPLATFORM
|
||||||
|
ARG BUILDPLATFORM
|
||||||
|
|
||||||
|
WORKDIR /build
|
||||||
|
COPY ../../ ./
|
||||||
|
|
||||||
|
WORKDIR /build/src/Api
|
||||||
|
|
||||||
|
RUN <<EOF
|
||||||
|
case "$TARGETPLATFORM" in
|
||||||
|
*"linux/amd64"*)
|
||||||
|
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
|
||||||
|
;;
|
||||||
|
*"linux/arm64"*)
|
||||||
|
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "unsupported target platform: $TARGETPLATFORM"
|
||||||
|
exit 1;;
|
||||||
|
esac
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
|
||||||
|
|
||||||
LABEL com.bitwarden.product="bitwarden"
|
LABEL com.bitwarden.product="bitwarden"
|
||||||
|
|
||||||
|
# RUN apt-get update \
|
||||||
|
# && apt-get install -y --no-install-recommends \
|
||||||
|
# gosu \
|
||||||
|
# curl \
|
||||||
|
# krb5-user \
|
||||||
|
# && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
ENV APP_UID=1654
|
||||||
|
ENV ASPNETCORE_HTTP_PORTS=8080
|
||||||
|
ENV DOTNET_RUNNING_IN_CONTAINER=true
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y --no-install-recommends \
|
&& apt-get install -y --no-install-recommends \
|
||||||
gosu \
|
ca-certificates \
|
||||||
curl \
|
\
|
||||||
krb5-user \
|
# .NET dependencies
|
||||||
|
libc6 \
|
||||||
|
libgcc-s1 \
|
||||||
|
# libicu70 \
|
||||||
|
libicu74 \
|
||||||
|
libssl3 \
|
||||||
|
libstdc++6 \
|
||||||
|
tzdata \
|
||||||
|
zlib1g \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Create a non-root user and group
|
||||||
|
RUN groupadd \
|
||||||
|
--gid=$APP_UID \
|
||||||
|
app \
|
||||||
|
&& useradd -l \
|
||||||
|
--uid=$APP_UID \
|
||||||
|
--gid=$APP_UID \
|
||||||
|
--create-home \
|
||||||
|
app
|
||||||
|
|
||||||
|
EXPOSE 5000
|
||||||
|
|
||||||
|
USER app
|
||||||
|
ENV HOME=/home/app
|
||||||
ENV ASPNETCORE_URLS http://+:5000
|
ENV ASPNETCORE_URLS http://+:5000
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
EXPOSE 5000
|
COPY --from=build /build/src/Api/out /app
|
||||||
COPY obj/build-output/publish .
|
|
||||||
COPY entrypoint.sh /
|
|
||||||
RUN chmod +x /entrypoint.sh
|
|
||||||
|
|
||||||
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
|
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
|
||||||
|
ENTRYPOINT ["./Api"]
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
|
||||||
|
@ -336,6 +336,7 @@ public class GlobalSettings : IGlobalSettings
|
|||||||
|
|
||||||
public class IdentityServerSettings
|
public class IdentityServerSettings
|
||||||
{
|
{
|
||||||
|
public string CertificateLocation { get; set; } = "identity.pfx";
|
||||||
public string CertificateThumbprint { get; set; }
|
public string CertificateThumbprint { get; set; }
|
||||||
public string CertificatePassword { get; set; }
|
public string CertificatePassword { get; set; }
|
||||||
public string RedisConnectionString { get; set; }
|
public string RedisConnectionString { get; set; }
|
||||||
|
@ -656,9 +656,9 @@ public static class CoreHelpers
|
|||||||
{
|
{
|
||||||
if (globalSettings.SelfHosted &&
|
if (globalSettings.SelfHosted &&
|
||||||
SettingHasValue(globalSettings.IdentityServer.CertificatePassword)
|
SettingHasValue(globalSettings.IdentityServer.CertificatePassword)
|
||||||
&& File.Exists("identity.pfx"))
|
&& File.Exists(globalSettings.IdentityServer.CertificateLocation))
|
||||||
{
|
{
|
||||||
return GetCertificate("identity.pfx",
|
return GetCertificate(globalSettings.IdentityServer.CertificateLocation,
|
||||||
globalSettings.IdentityServer.CertificatePassword);
|
globalSettings.IdentityServer.CertificatePassword);
|
||||||
}
|
}
|
||||||
else if (SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint))
|
else if (SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint))
|
||||||
|
@ -1,21 +1,73 @@
|
|||||||
FROM mcr.microsoft.com/dotnet/aspnet:8.0
|
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
|
||||||
|
ARG TARGETPLATFORM
|
||||||
|
ARG BUILDPLATFORM
|
||||||
|
|
||||||
|
WORKDIR /build
|
||||||
|
COPY ../../ ./
|
||||||
|
|
||||||
|
WORKDIR /build/src/Identity
|
||||||
|
|
||||||
|
RUN <<EOF
|
||||||
|
case "$TARGETPLATFORM" in
|
||||||
|
*"linux/amd64"*)
|
||||||
|
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
|
||||||
|
;;
|
||||||
|
*"linux/arm64"*)
|
||||||
|
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "unsupported target platform: $TARGETPLATFORM"
|
||||||
|
exit 1;;
|
||||||
|
esac
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
|
||||||
|
|
||||||
LABEL com.bitwarden.product="bitwarden"
|
LABEL com.bitwarden.product="bitwarden"
|
||||||
|
|
||||||
|
# RUN apt-get update \
|
||||||
|
# && apt-get install -y --no-install-recommends \
|
||||||
|
# gosu \
|
||||||
|
# curl \
|
||||||
|
# krb5-user \
|
||||||
|
# && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
ENV APP_UID=1654
|
||||||
|
ENV ASPNETCORE_HTTP_PORTS=8080
|
||||||
|
ENV DOTNET_RUNNING_IN_CONTAINER=true
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y --no-install-recommends \
|
&& apt-get install -y --no-install-recommends \
|
||||||
gosu \
|
ca-certificates \
|
||||||
curl \
|
\
|
||||||
krb5-user \
|
# .NET dependencies
|
||||||
|
libc6 \
|
||||||
|
libgcc-s1 \
|
||||||
|
# libicu70 \
|
||||||
|
libicu74 \
|
||||||
|
libssl3 \
|
||||||
|
libstdc++6 \
|
||||||
|
tzdata \
|
||||||
|
zlib1g \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
ENV ASPNETCORE_URLS http://+:5000
|
# Create a non-root user and group
|
||||||
WORKDIR /app
|
RUN groupadd \
|
||||||
|
--gid=$APP_UID \
|
||||||
|
app \
|
||||||
|
&& useradd -l \
|
||||||
|
--uid=$APP_UID \
|
||||||
|
--gid=$APP_UID \
|
||||||
|
--create-home \
|
||||||
|
app
|
||||||
|
|
||||||
EXPOSE 5000
|
EXPOSE 5000
|
||||||
COPY obj/build-output/publish .
|
|
||||||
COPY entrypoint.sh /
|
|
||||||
RUN chmod +x /entrypoint.sh
|
|
||||||
|
|
||||||
HEALTHCHECK CMD curl -f http://localhost:5000/.well-known/openid-configuration || exit 1
|
USER app
|
||||||
|
ENV HOME=/home/app
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENV ASPNETCORE_URLS=http://+:5000
|
||||||
|
WORKDIR /app
|
||||||
|
COPY --from=build /build/src/Identity/out /app
|
||||||
|
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
|
||||||
|
ENTRYPOINT ["./Identity"]
|
||||||
|
Reference in New Issue
Block a user