nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-28 23:04:50 -05:00
Code

build: move rootful operations into conditional block; build in docker

Browse Source
This commit is contained in:
tangowithfoxtrot 2025-03-04 20:17:02 +00:00 committed by GitHub
parent 431dd34729
commit 3b79e4e5f5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 520 additions and 557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
bitwarden_license/src/Scim/Dockerfile
View File

@ -1,7 +1,21 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=Scim
WORKDIR /build
COPY ../../ ./
WORKDIR /build/bitwarden_license/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Scim
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
@ -9,11 +23,12 @@ RUN apt-get update \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
WORKDIR /app
COPY --from=build /build/bitwarden_license/src/${PROJECT_NAME}/out /app
COPY ./bitwarden_license/src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1

56
bitwarden_license/src/Scim/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Scim"
# Setup
@ -19,31 +21,41 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Scim.dll
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

23
bitwarden_license/src/Sso/Dockerfile
View File

@ -1,7 +1,21 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=Sso
WORKDIR /build
COPY ../../ ./
WORKDIR /build/bitwarden_license/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Sso
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
@ -9,11 +23,12 @@ RUN apt-get update \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
WORKDIR /app
COPY --from=build /build/bitwarden_license/src/${PROJECT_NAME}/out /app
COPY ./bitwarden_license/src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1

67
bitwarden_license/src/Sso/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Sso"
# Setup
@ -19,37 +21,48 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
mkdir -p /etc/bitwarden/identity
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
chown -R $USERNAME:$GROUPNAME /app
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Sso.dll
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx || \
if [[ -z $globalSettings__identityServer__certificateLocation ]]; then
export globalSettings__identityServer__certificateLocation=/home/app/config/identity.pfx
fi
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

68
src/Admin/Dockerfile
View File

@ -1,77 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Admin
ENV PROJECT_NAME=Admin
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Admin
# RUN groupadd \
# --gid=$APP_UID \
# app \
# && useradd -l \
# --uid=$APP_UID \
# --gid=$APP_UID \
# --create-home \
# app
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Admin"]
ENTRYPOINT ["/entrypoint.sh"]

56
src/Admin/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Admin"
# Setup
@ -19,31 +21,41 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Admin.dll
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

66
src/Api/Dockerfile
View File

@ -1,82 +1,36 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Api
ENV PROJECT_NAME=Api
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0
FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden"
ENV APP_UID=1654
ENV ASPNETCORE_HTTP_PORTS=8080
ENV DOTNET_RUNNING_IN_CONTAINER=true
ENV PROJECT_NAME=Api
RUN groupadd \
--gid=$APP_UID \
app \
&& useradd -l \
--uid=$APP_UID \
--gid=$APP_UID \
--create-home \
app
RUN mkdir -p {/admin,/api,/identity,/events,/notifications} \
&& chown -R app:app {/admin,/api,/identity,/events,/notifications}
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
\
# .NET dependencies
libc6 \
libgcc-s1 \
# libicu70 \
libicu74 \
libssl3 \
libstdc++6 \
tzdata \
zlib1g \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Api"]
ENTRYPOINT ["/entrypoint.sh"]

56
src/Api/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Api"
# Setup
@ -19,31 +21,41 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Api.dll
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

41
src/Billing/Dockerfile
View File

@ -1,50 +1,33 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Identity
ENV PROJECT_NAME=Billing
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Identity
ENV PROJECT_NAME=Billing
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000
# END: move to base image
WORKDIR /app
EXPOSE 5000
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Billing"]
ENTRYPOINT ["./entrypoint.sh"]

45
src/Billing/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Billing"
# Setup
@ -19,25 +21,32 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Billing.dll
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

69
src/Events/Dockerfile
View File

@ -1,76 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Events
ENV PROJECT_NAME=Events
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Events
# RUN groupadd \
# --gid=$APP_UID \
# app \
# && useradd -l \
# --uid=$APP_UID \
# --gid=$APP_UID \
# --create-home \
# app
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
USER app
ENTRYPOINT ["./Events"]
ENTRYPOINT ["/entrypoint.sh"]

56
src/Events/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Events"
# Setup
@ -19,31 +21,41 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Events.dll
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

27
src/EventsProcessor/Dockerfile
View File

@ -1,20 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=EventsProcessor
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=EventsProcessor
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
&& rm -rf /var/lib/apt/lists/*
ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
CMD ["./../entrypoint.sh"]
ENTRYPOINT ["/entrypoint.sh"]

43
src/EventsProcessor/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="EventsProcessor"
# Setup
@ -19,24 +21,31 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs
#mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/EventsProcessor.dll
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

67
src/Icons/Dockerfile
View File

@ -1,76 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Icons
ENV PROJECT_NAME=Icons
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Icons
# RUN groupadd \
# --gid=$APP_UID \
# app \
# && useradd -l \
# --uid=$APP_UID \
# --gid=$APP_UID \
# --create-home \
# app
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1
USER app
ENTRYPOINT ["./Icons"]
ENTRYPOINT ["./entrypoint.sh"]

53
src/Icons/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Icons"
# Setup
@ -19,24 +21,41 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Icons.dll
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

40
src/Identity/Dockerfile
View File

@ -1,53 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Identity
ENV PROJECT_NAME=Identity
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Identity
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000
# END: move to base image
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/.well-known/openid-configuration || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Identity"]
ENTRYPOINT ["/entrypoint.sh"]

65
src/Identity/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Identity"
# Setup
@ -19,37 +21,48 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
mkdir -p /etc/bitwarden/identity
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
chown -R $USERNAME:$GROUPNAME /app
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Identity.dll
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx || \
if [[ -z $globalSettings__identityServer__certificateLocation ]]; then
export globalSettings__identityServer__certificateLocation=/home/app/config/identity.pfx
fi
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

27
src/Notifications/Dockerfile
View File

@ -1,20 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=Notifications
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Notifications
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
ENTRYPOINT ["/entrypoint.sh"]

44
src/Notifications/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Notifications"
# Setup
@ -19,24 +21,32 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Notifications.dll
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

10
util/Attachments/Dockerfile
View File

@ -1,13 +1,9 @@
FROM bitwarden/server:latest as build
FROM bitwarden/server:latest AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Attachments
RUN mkdir -p {/storage/attachments,/bitwarden_server,/config} \
&& chown -R app:app {/storage/attachments,/bitwarden_server,/config}
ENV PROJECT_NAME=Attachments
EXPOSE 5000
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
USER app
ENTRYPOINT ["/bitwarden_server/Server", "/contentRoot=/config/core/attachments", "/webRoot=.", "/serveUnknown=true"]
ENTRYPOINT ["/bitwarden_server/Server", "/contentRoot=/etc/bitwarden/core/attachments", "/webRoot=.", "/serveUnknown=true"]

36
util/Attachments/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash
#!/usr/bin/env bash
PROJECT_NAME="Attachments"
# Setup
@ -19,19 +21,27 @@ then
LGID=65534
fi
# Create user and group
if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME
# The rest...
# The rest...
chown -R $USERNAME:$GROUPNAME /bitwarden_server
mkdir -p /etc/bitwarden/core/attachments
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
chown -R $USERNAME:$GROUPNAME /bitwarden_server
mkdir -p /etc/bitwarden/core/attachments
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
/contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true
exec $gosu_cmd /bitwarden_server/Server \
/contentRoot=/etc/bitwarden/core/attachments \
/webRoot=. \
/serveUnknown=true

39
util/Server/Dockerfile
View File

@ -1,48 +1,29 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Server
ENV PROJECT_NAME=Server
WORKDIR /build
COPY ../../ ./
WORKDIR /build/util/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -r linux-x64 -o out # || \
# ls -hal && exit 1
;;
*"linux/arm64"*)
dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out # || \
# ls -hal && exit 1
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1
;;
esac
EOF
RUN dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0
RUN true
LABEL com.bitwarden.product="bitwarden"
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Server
ENV PROJECT_NAME=Server
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000
# file will be in: /build/util/Server/bin/Release/net8.0/linux-arm64/Server.dll
COPY --from=build /build/util/${PROJECT_NAME}/out/ /bitwarden_server
RUN mkdir -p {/app,/bitwarden_server,/config,/storage} \
&& chown -R app:app {/app,/bitwarden_server,/config,/storage}