Dockerfile-alpine

FROM behance/docker-base:2.3-alpine
MAINTAINER Bryan Latten <latten@adobe.com>

# Use in multi-phase builds, when an init process requests for the container to gracefully exit, so that it may be committed
# Used with alternative CMD (worker.sh), leverages supervisor to maintain long-running processes
ENV CONTAINER_ROLE=web \
    CONTAINER_PORT=8080 \
    CONF_NGINX_SITE="/etc/nginx/sites-available/default" \
    CONF_NGINX_SERVER="/etc/nginx/nginx.conf" \
    NOT_ROOT_USER=www-data

# Using a non-privileged port to prevent having to use setcap internally
EXPOSE ${CONTAINER_PORT}

# Create an unprivileged user
RUN adduser -D -S -H $NOT_ROOT_USER

RUN apk update --no-cache && \
    apk add \
        nginx \
        ca-certificates \
    && \
    /bin/bash -e /clean.sh

# Overlay the root filesystem from this repo
COPY ./container/root /

# - Set nginx to listen on defined port
# - Fix permissions to run unprivileged
# - Make temp directory for .nginx runtime files
# - Some operations can be completely removed once this ticket is resolved:
# - https://trac.nginx.org/nginx/ticket/1243
# - Remove older WOFF mime-type
# - Add again with newer mime-type
# - Also add mime-type for WOFF2
RUN sed -i "s/listen [0-9]*;/listen ${CONTAINER_PORT};/" $CONF_NGINX_SITE && \
    bash -c "chown www-data:www-data /var/{lib,log}/nginx -Rh" && \
    bash -c "chmod 0755 -R /var/{lib,log}/nginx" && \
    mkdir /tmp/.nginx && \
    sed -i "/application\/font-woff/d" /etc/nginx/mime.types && \
    sed -i "s/}/\n    font\/woff                             woff;&/" /etc/nginx/mime.types && \
    sed -i "s/}/\n    font\/woff2                            woff2;\n&/g" /etc/nginx/mime.types

RUN goss -g /tests/alpine/nginx.goss.yaml validate && \
    /aufs_hack.sh

# NOTE: intentionally NOT using s6 init as the entrypoint
# This would prevent container debugging if any of those service crash
CMD ["/bin/bash", "/run.sh"]