nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-13 09:08:17 -05:00
Code

wip: build projects in image instead of host; comment-out problematic root-only operations

Browse Source
This commit is contained in:
tangowithfoxtrot 2025-02-25 10:05:35 -08:00
parent f356d0a2b1
commit 9c67d7cf5b
No known key found for this signature in database
20 changed files with 455 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -225,3 +225,7 @@ src/Notifications/Notifications.zip
bitwarden_license/src/Portal/Portal.zip bitwarden_license/src/Portal/Portal.zip
bitwarden_license/src/Sso/Sso.zip bitwarden_license/src/Sso/Sso.zip
**/src/**/flags.json **/src/**/flags.json
logs/*
config/*
storage/*

8
bitwarden_license/src/Scim/entrypoint.sh
View File

@ -35,10 +35,10 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos

14
bitwarden_license/src/Sso/entrypoint.sh
View File

@ -35,16 +35,16 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx # cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx
fi # fi
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos

67
docker-compose.yml
View File

@ -1,29 +1,80 @@
services: services:
base: # this is just here to build the base image for the others to use
build:
context: .
dockerfile: ./util/Server/Dockerfile
entrypoint: ["true"]
admin:
build:
context: .
dockerfile: ./src/Admin/Dockerfile
ports:
- "62911:5000"
volumes:
- ./config/:/config
- ./logs/:/var/log/bitwarden
env_file:
- ./dev/.env
attachments:
build:
context: .
dockerfile: ./util/Attachments/Dockerfile
ports:
- "50004:5000"
volumes:
- ./config/:/config
- ./logs/:/var/log/bitwarden
environment:
LOCAL_UID: "${PUID}"
LOCAL_GID: "${PGID}"
env_file:
- ./dev/.env
api: api:
build: build:
context: . context: .
dockerfile: ./src/Api/Dockerfile dockerfile: ./src/Api/Dockerfile
ports: ports:
- "4000:5000" - "4000:5000"
environment: volumes:
globalSettings__DataProtection__directory: /home/app/.aspnet/DataProtection-Keys - ./config/:/config
globalSettings__selfHosted: true - ./logs/:/var/log/bitwarden
env_file:
- ./dev/.env
icons:
build:
context: .
dockerfile: ./src/Icons/Dockerfile
ports:
- "50024:5000"
env_file:
- ./dev/.env
identity: identity:
build: build:
context: . context: .
dockerfile: ./src/Identity/Dockerfile dockerfile: ./src/Identity/Dockerfile
ports: ports:
- "33656:5000" - "33656:5000"
environment:
globalSettings__DataProtection__directory: /home/app/.aspnet/DataProtection-Keys
globalSettings__selfHosted: true
globalSettings__IdentityServer__CertificateLocation: /home/app/config/identity_server_dev.pfx
volumes: volumes:
- ./config/:/config
- ./logs/:/var/log/bitwarden
- ./dev:/home/app/config # identity.pfx exists here - ./dev:/home/app/config # identity.pfx exists here
env_file:
- ./dev/.env
mssql: mssql:
image: bitwarden/mssql:2024.10.0 image: bitwarden/mssql:2025.1.4
container_name: bitwarden-mssql container_name: bitwarden-mssql
ports: ports:
- "1433:1433" - "1433:1433"
environment: environment:
ACCEPT_EULA: true ACCEPT_EULA: true
env_file:
- ./dev/.env
# nginx:
# image: nginx:alpine
# container_name: nginx
# volumes:
# - "./dev/reverse-proxy.conf:/etc/nginx/conf.d/default.conf"
# ports:
# - "${API_PROXY_PORT:-4100}:${API_PROXY_PORT:-4100}"
# - "${IDENTITY_PROXY_PORT:-33756}:${IDENTITY_PROXY_PORT:-33756}"

84
src/Admin/Dockerfile
View File

@ -1,21 +1,77 @@
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Admin
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
RUN apt-get update \ ENV PROJECT_NAME=Admin
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
# RUN groupadd \
# --gid=$APP_UID \
# app \
# && useradd -l \
# --uid=$APP_UID \
# --gid=$APP_UID \
# --create-home \
# app
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app # END: move to base image
EXPOSE 5000 EXPOSE 5000
COPY obj/build-output/publish . WORKDIR /app
COPY entrypoint.sh / COPY --from=build /build/src/${PROJECT_NAME}/out /app
RUN chmod +x /entrypoint.sh HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1 # TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["./Admin"]

8
src/Admin/entrypoint.sh
View File

@ -35,10 +35,10 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos

51
src/Api/Dockerfile
View File

@ -1,11 +1,12 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Api
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/Api WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN <<EOF
case "$TARGETPLATFORM" in case "$TARGETPLATFORM" in
@ -21,11 +22,30 @@ RUN <<EOF
esac esac
EOF EOF
FROM ghcr.io/linuxserver/baseimage-ubuntu:noble FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV APP_UID=1654
ENV ASPNETCORE_HTTP_PORTS=8080
ENV DOTNET_RUNNING_IN_CONTAINER=true
ENV PROJECT_NAME=Api
RUN groupadd \
--gid=$APP_UID \
app \
&& useradd -l \
--uid=$APP_UID \
--gid=$APP_UID \
--create-home \
app
RUN mkdir -p {/admin,/api,/identity,/events,/notifications} \
&& chown -R app:app {/admin,/api,/identity,/events,/notifications}
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \ # RUN apt-get update \
# && apt-get install -y --no-install-recommends \ # && apt-get install -y --no-install-recommends \
# gosu \ # gosu \
@ -33,10 +53,6 @@ LABEL com.bitwarden.product="bitwarden"
# krb5-user \ # krb5-user \
# && rm -rf /var/lib/apt/lists/* # && rm -rf /var/lib/apt/lists/*
ENV APP_UID=1654
ENV ASPNETCORE_HTTP_PORTS=8080
ENV DOTNET_RUNNING_IN_CONTAINER=true
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
ca-certificates \ ca-certificates \
@ -52,22 +68,15 @@ RUN apt-get update \
zlib1g \ zlib1g \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Create a non-root user and group
RUN groupadd \
--gid=$APP_UID \
app \
&& useradd -l \
--uid=$APP_UID \
--gid=$APP_UID \
--create-home \
app
EXPOSE 5000
USER app
ENV HOME=/home/app ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
# END: move to base image
EXPOSE 5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/Api/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Api"] ENTRYPOINT ["./Api"]

8
src/Api/entrypoint.sh
View File

@ -35,10 +35,10 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos

55
src/Billing/Dockerfile
View File

@ -1,21 +1,50 @@
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Identity
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
RUN apt-get update \ ENV PROJECT_NAME=Identity
&& apt-get install -y --no-install-recommends \
gosu \ RUN mkdir -p {/config} \
curl \ && chown -R app:app {/config}
&& rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000
# END: move to base image
ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app WORKDIR /app
EXPOSE 5000 EXPOSE 5000
COPY entrypoint.sh / COPY --from=build /build/src/${PROJECT_NAME}/out /app
RUN chmod +x /entrypoint.sh
COPY obj/build-output/publish .
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
ENTRYPOINT ["/entrypoint.sh"] # TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Billing"]

8
src/Billing/entrypoint.sh
View File

@ -35,9 +35,9 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Billing.dll exec gosu $USERNAME:$GROUPNAME dotnet /app/Billing.dll

83
src/Events/Dockerfile
View File

@ -1,21 +1,76 @@
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Events
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
RUN apt-get update \ ENV PROJECT_NAME=Events
&& apt-get install -y --no-install-recommends \
gosu \
curl \
krb5-user \
&& rm -rf /var/lib/apt/lists/*
# RUN groupadd \
# --gid=$APP_UID \
# app \
# && useradd -l \
# --uid=$APP_UID \
# --gid=$APP_UID \
# --create-home \
# app
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app # END: move to base image
EXPOSE 5000 EXPOSE 5000
COPY obj/build-output/publish . WORKDIR /app
COPY entrypoint.sh / COPY --from=build /build/src/${PROJECT_NAME}/out /app
RUN chmod +x /entrypoint.sh HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 USER app
ENTRYPOINT ["./Events"]
ENTRYPOINT ["/entrypoint.sh"]

8
src/Events/entrypoint.sh
View File

@ -35,10 +35,10 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos

8
src/EventsProcessor/entrypoint.sh
View File

@ -34,9 +34,9 @@ mkdir -p /etc/bitwarden/logs
#mkdir -p /etc/bitwarden/ca-certificates #mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/EventsProcessor.dll exec gosu $USERNAME:$GROUPNAME dotnet /app/EventsProcessor.dll

80
src/Icons/Dockerfile
View File

@ -1,20 +1,76 @@
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Icons
WORKDIR /build
COPY ../../ ./
WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-x64 -o out
;;
*"linux/arm64"*)
dotnet publish --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1;;
esac
EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
# TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
RUN apt-get update \ ENV PROJECT_NAME=Icons
&& apt-get install -y --no-install-recommends \
gosu \
curl \
&& rm -rf /var/lib/apt/lists/*
# RUN groupadd \
# --gid=$APP_UID \
# app \
# && useradd -l \
# --uid=$APP_UID \
# --gid=$APP_UID \
# --create-home \
# app
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
# RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# ca-certificates \
# \
# # .NET dependencies
# libc6 \
# libgcc-s1 \
# # libicu70 \
# libicu74 \
# libssl3 \
# libstdc++6 \
# tzdata \
# zlib1g \
# && rm -rf /var/lib/apt/lists/*
# ENV HOME=/home/app
ENV ASPNETCORE_URLS http://+:5000 ENV ASPNETCORE_URLS http://+:5000
WORKDIR /app # END: move to base image
EXPOSE 5000
COPY obj/build-output/publish .
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
EXPOSE 5000
WORKDIR /app
COPY --from=build /build/src/${PROJECT_NAME}/out /app
HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/google.com/icon.png || exit 1
ENTRYPOINT ["/entrypoint.sh"] USER app
ENTRYPOINT ["./Icons"]

8
src/Icons/entrypoint.sh
View File

@ -34,9 +34,9 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Icons.dll exec gosu $USERNAME:$GROUPNAME dotnet /app/Icons.dll

54
src/Identity/Dockerfile
View File

@ -1,11 +1,12 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ARG PROJECT_NAME=Identity
WORKDIR /build WORKDIR /build
COPY ../../ ./ COPY ../../ ./
WORKDIR /build/src/Identity WORKDIR /build/src/${PROJECT_NAME}
RUN <<EOF RUN <<EOF
case "$TARGETPLATFORM" in case "$TARGETPLATFORM" in
@ -21,11 +22,17 @@ RUN <<EOF
esac esac
EOF EOF
# FROM ghcr.io/linuxserver/baseimage-ubuntu:noble
FROM mcr.microsoft.com/dotnet/aspnet:8.0
FROM ghcr.io/linuxserver/baseimage-ubuntu:noble # TODO: move this to a base image
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV PROJECT_NAME=Identity
RUN mkdir -p {/config} \
&& chown -R app:app {/config}
# RUN apt-get update \ # RUN apt-get update \
# && apt-get install -y --no-install-recommends \ # && apt-get install -y --no-install-recommends \
# gosu \ # gosu \
@ -33,41 +40,14 @@ LABEL com.bitwarden.product="bitwarden"
# krb5-user \ # krb5-user \
# && rm -rf /var/lib/apt/lists/* # && rm -rf /var/lib/apt/lists/*
ENV APP_UID=1654 ENV ASPNETCORE_URLS=http://+:5000
ENV ASPNETCORE_HTTP_PORTS=8080 # END: move to base image
ENV DOTNET_RUNNING_IN_CONTAINER=true
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
\
# .NET dependencies
libc6 \
libgcc-s1 \
# libicu70 \
libicu74 \
libssl3 \
libstdc++6 \
tzdata \
zlib1g \
&& rm -rf /var/lib/apt/lists/*
# Create a non-root user and group
RUN groupadd \
--gid=$APP_UID \
app \
&& useradd -l \
--uid=$APP_UID \
--gid=$APP_UID \
--create-home \
app
EXPOSE 5000 EXPOSE 5000
USER app
ENV HOME=/home/app
ENV ASPNETCORE_URLS=http://+:5000
WORKDIR /app WORKDIR /app
COPY --from=build /build/src/Identity/out /app COPY --from=build /build/src/${PROJECT_NAME}/out /app
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/.well-known/openid-configuration || exit 1
# TODO: use an entrypoint script with `set -e && exec ${PROJECT_NAME}`
USER app
ENTRYPOINT ["./Identity"] ENTRYPOINT ["./Identity"]

8
src/Identity/entrypoint.sh
View File

@ -41,10 +41,10 @@ fi
chown -R $USERNAME:$GROUPNAME /app chown -R $USERNAME:$GROUPNAME /app
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then if [[ -f "/etc/bitwarden/kerberos/bitwarden.keytab" && -f "/etc/bitwarden/kerberos/krb5.conf" ]]; then
chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos chown -R $USERNAME:$GROUPNAME /etc/bitwarden/kerberos

8
src/Notifications/entrypoint.sh
View File

@ -34,9 +34,9 @@ mkdir -p /etc/bitwarden/logs
mkdir -p /etc/bitwarden/ca-certificates mkdir -p /etc/bitwarden/ca-certificates
chown -R $USERNAME:$GROUPNAME /etc/bitwarden chown -R $USERNAME:$GROUPNAME /etc/bitwarden
if [[ $globalSettings__selfHosted == "true" ]]; then # if [[ $globalSettings__selfHosted == "true" ]]; then
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ # cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \
&& update-ca-certificates # && update-ca-certificates
fi # fi
exec gosu $USERNAME:$GROUPNAME dotnet /app/Notifications.dll exec gosu $USERNAME:$GROUPNAME dotnet /app/Notifications.dll

21
util/Attachments/Dockerfile
View File

@ -1,18 +1,13 @@
FROM bitwarden/server:latest FROM bitwarden/server:latest as build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Attachments
LABEL com.bitwarden.product="bitwarden" RUN mkdir -p {/storage/attachments,/bitwarden_server,/config} \
&& chown -R app:app {/storage/attachments,/bitwarden_server,/config}
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
gosu \
curl \
&& rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS http://+:5000
EXPOSE 5000 EXPOSE 5000
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1
ENTRYPOINT ["/entrypoint.sh"] USER app
ENTRYPOINT ["/bitwarden_server/Server", "/contentRoot=/config/core/attachments", "/webRoot=.", "/serveUnknown=true"]

47
util/Server/Dockerfile
View File

@ -1,5 +1,48 @@
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Server
WORKDIR /build
COPY ../../ ./
WORKDIR /build/util/${PROJECT_NAME}
RUN <<EOF
case "$TARGETPLATFORM" in
*"linux/amd64"*)
dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -r linux-x64 -o out # || \
# ls -hal && exit 1
;;
*"linux/arm64"*)
dotnet publish "./Server.csproj" -c "Release" --self-contained /p:PublishSingleFile=true -r linux-arm64 -o out # || \
# ls -hal && exit 1
;;
*)
echo "unsupported target platform: $TARGETPLATFORM"
exit 1
;;
esac
EOF
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0
RUN true
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG PROJECT_NAME=Server
COPY obj/build-output/publish /bitwarden_server # RUN apt-get update \
# && apt-get install -y --no-install-recommends \
# gosu \
# curl \
# krb5-user \
# && rm -rf /var/lib/apt/lists/*
ENV ASPNETCORE_URLS=http://+:5000
# file will be in: /build/util/Server/bin/Release/net8.0/linux-arm64/Server.dll
COPY --from=build /build/util/${PROJECT_NAME}/out/ /bitwarden_server
RUN mkdir -p {/app,/bitwarden_server,/config,/storage} \
&& chown -R app:app {/app,/bitwarden_server,/config,/storage}