Files
OxiCloud/Dockerfile.rootless

62 lines
1.8 KiB
Docker
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Stage 1: Builder compile the application
FROM rust:1.82-alpine AS builder
# Install build dependencies
RUN apk add --no-cache musl-dev pkgconfig openssl-dev postgresql-dev
# Create a non-root user with UID 10001 (we use the same UID across stages)
RUN adduser -D -u 10001 oxicloud
WORKDIR /app
# Copy dependency files first to leverage Docker cache for dependency compilation
COPY Cargo.toml Cargo.lock ./
# Prepare dummy source to build dependencies (improves caching)
RUN mkdir -p src && \
echo "fn main() {}" > src/main.rs && \
touch src/lib.rs && \
cargo build --release && \
rm -rf src
# Copy the actual source code and additional files
COPY src ./src
COPY static ./static
COPY db ./db
# Build the actual application and strip debug symbols for a smaller binary
RUN cargo build --release && \
strip target/release/oxicloud
# Stage 2: Runtime only include what is necessary to run the app
FROM alpine:3.21.3
# Install runtime dependencies and clean up cache
RUN apk add --no-cache libgcc openssl ca-certificates tzdata && \
rm -rf /var/cache/apk/*
# Create a non-root user with the same UID (10001) for consistent file ownership
RUN adduser -D -u 10001 oxicloud
# Create application directories, assign proper permissions
WORKDIR /app
RUN mkdir -p /app/static /app/storage /app/db && \
chown -R oxicloud:oxicloud /app
# Copy the built binary from the builder stage and additional runtime files
COPY --from=builder /app/target/release/oxicloud /app/oxicloud
COPY --from=builder /app/static /app/static
COPY --from=builder /app/db /app/db
# Ensure all files are owned by the non-root user
RUN chown -R oxicloud:oxicloud /app
# Set the non-root user for running the application
USER oxicloud
# Expose the port the application listens on
EXPOSE 8086 8085
# Run the binary in release mode
CMD ["./oxicloud", "--release"]