nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-30 15:50:33 -05:00
Code

build: move rootful operations into conditional block; build in docker

Browse Source
This commit is contained in:
tangowithfoxtrot 2025-03-04 20:17:02 +00:00 committed by GitHub
parent 431dd34729
commit 3b79e4e5f5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 520 additions and 557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
bitwarden_license/src/Scim/Dockerfile
View File

@ -1,7 +1,21 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=Scim
WORKDIR /build
COPY ../../ ./
WORKDIR /build/bitwarden_license/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Scim
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
gosu \ gosu \
@ -9,11 +23,12 @@ RUN apt-get update \
krb5-user \ krb5-user \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
WORKDIR /app
EXPOSE 5000 EXPOSE 5000
COPY obj/build-output/publish . WORKDIR /app
COPY entrypoint.sh / COPY --from=build /build/bitwarden_license/src/${PROJECT_NAME}/out /app
COPY ./bitwarden_license/src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1

56
bitwarden_license/src/Scim/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Scim"
# Setup # Setup
@ -19,31 +21,41 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf fi
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Scim.dll if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

23
bitwarden_license/src/Sso/Dockerfile
View File

@ -1,7 +1,21 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=Sso
WORKDIR /build
COPY ../../ ./
WORKDIR /build/bitwarden_license/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Sso
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
gosu \ gosu \
@ -9,11 +23,12 @@ RUN apt-get update \
krb5-user \ krb5-user \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
WORKDIR /app
EXPOSE 5000 EXPOSE 5000
COPY obj/build-output/publish . WORKDIR /app
COPY entrypoint.sh / COPY --from=build /build/bitwarden_license/src/${PROJECT_NAME}/out /app
COPY ./bitwarden_license/src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1

67
bitwarden_license/src/Sso/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Sso"
# Setup # Setup
@ -19,37 +21,48 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
mkdir -p /etc/bitwarden/identity chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# fi && update-ca-certificates
fi
chown -R $USERNAME:$GROUPNAME /app if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
# if [[ $globalSettings__selfHosted == "true" ]]; then gosu_cmd="gosu $USERNAME:$GROUPNAME"
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ else
# && update-ca-certificates gosu_cmd=""
# fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Sso.dll if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx || \
if [[ -z $globalSettings__identityServer__certificateLocation ]]; then
export globalSettings__identityServer__certificateLocation=/home/app/config/identity.pfx
fi
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

68
src/Admin/Dockerfile
View File

@ -1,77 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Admin ENV PROJECT_NAME=Admin
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME} WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Admin ENV PROJECT_NAME=Admin
# RUN groupadd \ RUN apt-get update \
# --gid=$APP_UID \ && apt-get install -y --no-install-recommends \
# app \ gosu \
# && useradd -l \ curl \
# --uid=$APP_UID \ krb5-user \
# --gid=$APP_UID \ && rm -rf /var/lib/apt/lists/*
# --create-home \
# app
RUN mkdir -p {/config} \ ENV ASPNETCORE_URLS=http://+:5000
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
EXPOSE 5000 EXPOSE 5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}` ENTRYPOINT ["/entrypoint.sh"]
USER app
ENTRYPOINT ["./Admin"]

56
src/Admin/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Admin"
# Setup # Setup
@ -19,31 +21,41 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf fi
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Admin.dll if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

66
src/Api/Dockerfile
View File

@ -1,82 +1,36 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Api ENV PROJECT_NAME=Api
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME} WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*) FROM mcr.microsoft.com/dotnet/aspnet:8.0
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV APP_UID=1654
ENV ASPNETCORE_HTTP_PORTS=8080
ENV DOTNET_RUNNING_IN_CONTAINER=true
ENV PROJECT_NAME=Api ENV PROJECT_NAME=Api
RUN groupadd \
--gid=$APP_UID \
app \
&& useradd -l \
--uid=$APP_UID \
--gid=$APP_UID \
--create-home \
app
RUN mkdir -p {/admin,/api,/identity,/events,/notifications} \
&& chown -R app:app {/admin,/api,/identity,/events,/notifications}
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
ca-certificates \ gosu \
\ curl \
# .NET dependencies krb5-user \
libc6 \
libgcc-s1 \
# libicu70 \
libicu74 \
libssl3 \
libstdc++6 \
tzdata \
zlib1g \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV HOME=/home/app ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
EXPOSE 5000 EXPOSE 5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}` ENTRYPOINT ["/entrypoint.sh"]
USER app
ENTRYPOINT ["./Api"]

56
src/Api/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Api"
# Setup # Setup
@ -19,31 +21,41 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf fi
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Api.dll if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

41
src/Billing/Dockerfile
View File

@ -1,50 +1,33 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Identity ENV PROJECT_NAME=Billing
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME} WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Identity ENV PROJECT_NAME=Billing
RUN mkdir -p {/config} \ RUN apt-get update \
&& chown -R app:app {/config} && apt-get install -y --no-install-recommends \
gosu \
# RUN apt-get update \ curl \
# && apt-get install -y --no-install-recommends \ krb5-user \
# gosu \ && rm -rf /var/lib/apt/lists/*
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
# END: move to base image
WORKDIR /app WORKDIR /app
EXPOSE 5000 EXPOSE 5000
COPY --from=build /build/src/${PROJECT_NAME}/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}` ENTRYPOINT ["./entrypoint.sh"]
USER app
ENTRYPOINT ["./Billing"]

45
src/Billing/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Billing"
# Setup # Setup
@ -19,25 +21,32 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Billing.dll gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

69
src/Events/Dockerfile
View File

@ -1,76 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Events ENV PROJECT_NAME=Events
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME} WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Events ENV PROJECT_NAME=Events
# RUN groupadd \ RUN apt-get update \
# --gid=$APP_UID \ && apt-get install -y --no-install-recommends \
# app \ gosu \
# && useradd -l \ curl \
# --uid=$APP_UID \ krb5-user \
# --gid=$APP_UID \ && rm -rf /var/lib/apt/lists/*
# --create-home \
# app
RUN mkdir -p {/config} \ ENV ASPNETCORE_URLS=http://+:5000
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
EXPOSE 5000 EXPOSE 5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1 COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
USER app ENTRYPOINT ["/entrypoint.sh"]
ENTRYPOINT ["./Events"]

56
src/Events/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Events"
# Setup # Setup
@ -19,31 +21,41 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf fi
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Events.dll if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

27
src/EventsProcessor/Dockerfile
View File

@ -1,20 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=EventsProcessor
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=EventsProcessor
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
gosu \ gosu \
curl \ curl \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
CMD ["./../entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

43
src/EventsProcessor/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="EventsProcessor"
# Setup # Setup
@ -19,24 +21,31 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
#mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/EventsProcessor.dll gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

67
src/Icons/Dockerfile
View File

@ -1,76 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Icons ENV PROJECT_NAME=Icons
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME} WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Icons ENV PROJECT_NAME=Icons
# RUN groupadd \ RUN apt-get update \
# --gid=$APP_UID \ && apt-get install -y --no-install-recommends \
# app \ gosu \
# && useradd -l \ curl \
# --uid=$APP_UID \ krb5-user \
# --gid=$APP_UID \ && rm -rf /var/lib/apt/lists/*
# --create-home \
# app
RUN mkdir -p {/config} \ ENV ASPNETCORE_URLS=http://+:5000
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
EXPOSE 5000 EXPOSE 5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1
USER app ENTRYPOINT ["./entrypoint.sh"]
ENTRYPOINT ["./Icons"]

53
src/Icons/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Icons"
# Setup # Setup
@ -19,24 +21,41 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/logs
chown -R $USERNAME:$GROUPNAME /etc/bitwarden mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Icons.dll if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
$gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

40
src/Identity/Dockerfile
View File

@ -1,53 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Identity ENV PROJECT_NAME=Identity
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME} WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Identity ENV PROJECT_NAME=Identity
RUN mkdir -p {/config} \ RUN apt-get update \
&& chown -R app:app {/config} && apt-get install -y --no-install-recommends \
gosu \
# RUN apt-get update \ curl \
# && apt-get install -y --no-install-recommends \ krb5-user \
# gosu \ && rm -rf /var/lib/apt/lists/*
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
# END: move to base image
EXPOSE 5000 EXPOSE 5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/.well-known/openid-configuration || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/.well-known/openid-configuration || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}` ENTRYPOINT ["/entrypoint.sh"]
USER app
ENTRYPOINT ["./Identity"]

65
src/Identity/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Identity"
# Setup # Setup
@ -19,37 +21,48 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
mkdir -p /etc/bitwarden/identity chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates
fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos
fi
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi fi
chown -R $USERNAME:$GROUPNAME /app
# if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates
# fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf
cp -f /etc/bitwarden/kerberos/krb5.conf /etc/krb5.conf $gosu_cmd kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
gosu $USERNAME:$GROUPNAME kinit $globalSettings__kerberosUser -k -t /etc/bitwarden/kerberos/bitwarden.keytab
fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Identity.dll if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx || \
if [[ -z $globalSettings__identityServer__certificateLocation ]]; then
export globalSettings__identityServer__certificateLocation=/home/app/config/identity.pfx
fi
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

27
src/Notifications/Dockerfile
View File

@ -1,20 +1,35 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ENV PROJECT_NAME=Notifications
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN dotnet publish --self-contained /p:PublishSingleFile=true -o out
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Notifications
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
gosu \ gosu \
curl \ curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
WORKDIR /app
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
COPY ./src/${PROJECT_NAME}/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

44
src/Notifications/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Notifications"
# Setup # Setup
@ -19,24 +21,32 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/core
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/logs
chown -R $USERNAME:$GROUPNAME /etc/bitwarden mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden
# if [[ $globalSettings__selfHosted == "true" ]]; then if [[ $globalSettings__selfHosted == "true" ]]; then
# cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
# && update-ca-certificates && update-ca-certificates
# fi fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Notifications.dll gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec $gosu_cmd /app/"${PROJECT_NAME}"

10
util/Attachments/Dockerfile
View File

@ -1,13 +1,9 @@
FROM bitwarden/server:latest as build FROM bitwarden/server:latest AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Attachments ENV PROJECT_NAME=Attachments
RUN mkdir -p {/storage/attachments,/bitwarden_server,/config} \
&& chown -R app:app {/storage/attachments,/bitwarden_server,/config}
EXPOSE 5000 EXPOSE 5000
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
USER app ENTRYPOINT ["/bitwarden_server/Server", "/contentRoot=/etc/bitwarden/core/attachments", "/webRoot=.", "/serveUnknown=true"]
ENTRYPOINT ["/bitwarden_server/Server", "/contentRoot=/config/core/attachments", "/webRoot=.", "/serveUnknown=true"]

36
util/Attachments/entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/usr/bin/env bash
PROJECT_NAME="Attachments"
# Setup # Setup
@ -19,19 +21,27 @@ then
LGID=65534 LGID=65534
fi fi
# Create user and group if [ "$(id -u)" = "0" ]
then
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME mkhomedir_helper $USERNAME
# The rest... # The rest...
chown -R $USERNAME:$GROUPNAME /bitwarden_server chown -R $USERNAME:$GROUPNAME /bitwarden_server
mkdir -p /etc/bitwarden/core/attachments mkdir -p /etc/bitwarden/core/attachments
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
gosu_cmd="gosu $USERNAME:$GROUPNAME"
else
gosu_cmd=""
fi
exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \ exec $gosu_cmd /bitwarden_server/Server \
/contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true /contentRoot=/etc/bitwarden/core/attachments \
/webRoot=. \
/serveUnknown=true

39
util/Server/Dockerfile
View File

@ -1,48 +1,29 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Server ENV PROJECT_NAME=Server
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/util/${PROJECT_NAME} WORKDIR /build/util/${PROJECT_NAME}
RUN <<EOF RUN dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -o out
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -r linux-x64 -o out # || \
# ls -hal && exit 1
;;
*"linux/arm64"*)
dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out # || \
# ls -hal && exit 1
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1
;;
esac
EOF
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
RUN true
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Server ENV PROJECT_NAME=Server
# RUN apt-get update \ RUN apt-get update \
# && apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
# gosu \ gosu \
# curl \ curl \
# krb5-user \ krb5-user \
# && rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
# file will be in: /build/util/Server/bin/Release/net8.0/linux-arm64/Server.dll
COPY --from=build /build/util/${PROJECT_NAME}/out/ /bitwarden_server COPY --from=build /build/util/${PROJECT_NAME}/out/ /bitwarden_server
RUN mkdir -p {/app,/bitwarden_server,/config,/storage} \
&& chown -R app:app {/app,/bitwarden_server,/config,/storage}