added docker files
This commit is contained in:
parent
8093ed42b7
commit
eaa65fa8ad
46
docker/Dockerfile.nginx
Normal file
46
docker/Dockerfile.nginx
Normal file
|
@ -0,0 +1,46 @@
|
|||
FROM alpine:latest as build
|
||||
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
|
||||
ARG NGINX_VER=1.17.6
|
||||
ARG NGINX_CONF="--prefix=/app --with-cc-opt='-static' \
|
||||
--with-ld-opt="-static" --with-cpu-opt=generic --with-pcre \
|
||||
--sbin-path=/app/nginx \
|
||||
--http-log-path=/app/log/access.log \
|
||||
--error-log-path=/app/log/error.log \
|
||||
--pid-path=/app/nginx.pid \
|
||||
--lock-path=/app/nginx.lock \
|
||||
--without-http_gzip_module \
|
||||
--without-http_uwsgi_module \
|
||||
--without-http_scgi_module \
|
||||
--without-http_fastcgi_module \
|
||||
--without-http_memcached_module \
|
||||
--with-threads \
|
||||
--with-ld-opt='-static'"
|
||||
|
||||
WORKDIR /tmp
|
||||
|
||||
RUN apk --update upgrade && \
|
||||
apk add --no-cache --no-progress build-base pcre-dev wget && \
|
||||
wget http://nginx.org/download/nginx-${NGINX_VER}.tar.gz && \
|
||||
tar xzf nginx-${NGINX_VER}.tar.gz && \
|
||||
cd /tmp/nginx-${NGINX_VER} && \
|
||||
./configure ${NGINX_CONF} && \
|
||||
make -j 1 && \
|
||||
make install && \
|
||||
mkdir /app/tmp && \
|
||||
chown -R ${UID}:${GID} /app && \
|
||||
chmod 7777 /app/tmp
|
||||
|
||||
|
||||
FROM scratch
|
||||
|
||||
COPY --from=build /app /app
|
||||
COPY ./docker/nginx.conf /app/nginx.conf
|
||||
COPY ./client /app/www
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
ENTRYPOINT ["/app/nginx"]
|
||||
CMD ["-c", "/app/nginx.conf"]
|
29
docker/Dockerfile.oeffisearch
Normal file
29
docker/Dockerfile.oeffisearch
Normal file
|
@ -0,0 +1,29 @@
|
|||
FROM nimlang/nim:latest-alpine as build
|
||||
|
||||
COPY ./src /app
|
||||
COPY ./docker/config.nims /app/config.nims
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
ENV LIBRESSLVER=3.0.2
|
||||
|
||||
RUN apk upgrade --update && \
|
||||
apk add --no-cache --no-progress openssl-dev pcre-dev file make && \
|
||||
nim installLibreSsl
|
||||
|
||||
RUN nim musl -d:release -d:libressl oeffisearch.nim
|
||||
|
||||
|
||||
FROM scratch
|
||||
|
||||
COPY --from=build /app/oeffisearch /oeffisearch
|
||||
|
||||
VOLUME ["/data"]
|
||||
|
||||
WORKDIR /
|
||||
|
||||
ENV CACHE_PATH=/data
|
||||
|
||||
EXPOSE 8081
|
||||
|
||||
CMD ["/oeffisearch"]
|
233
docker/config.nims
Normal file
233
docker/config.nims
Normal file
|
@ -0,0 +1,233 @@
|
|||
from macros import error
|
||||
|
||||
when NimMajor < 1 and NimMinor <= 19 and NimPatch < 9:
|
||||
from ospaths import `/`, splitFile
|
||||
else:
|
||||
from os import `/`, splitFile
|
||||
|
||||
const
|
||||
doOptimize = true
|
||||
|
||||
let
|
||||
# pcre
|
||||
pcreVersion = getEnv("PCREVER", "8.42")
|
||||
pcreSourceDir = "pcre-" & pcreVersion
|
||||
pcreArchiveFile = pcreSourceDir & ".tar.bz2"
|
||||
pcreDownloadLink = "https://downloads.sourceforge.net/pcre/" & pcreArchiveFile
|
||||
pcreInstallDir = (thisDir() / "pcre/") & pcreVersion
|
||||
# http://www.linuxfromscratch.org/blfs/view/8.1/general/pcre.html
|
||||
pcreConfigureCmd = ["./configure", "--prefix=" & pcreInstallDir, "--enable-pcre16", "--enable-pcre32", "--disable-shared"]
|
||||
pcreIncludeDir = pcreInstallDir / "include"
|
||||
pcreLibDir = pcreInstallDir / "lib"
|
||||
pcreLibFile = pcreLibDir / "libpcre.a"
|
||||
# libressl
|
||||
libreSslVersion = getEnv("LIBRESSLVER", "2.8.1")
|
||||
libreSslSourceDir = "libressl-" & libreSslVersion
|
||||
libreSslArchiveFile = libreSslSourceDir & ".tar.gz"
|
||||
libreSslDownloadLink = "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/" & libreSslArchiveFile
|
||||
libreSslInstallDir = (thisDir() / "libressl/") & libreSslVersion
|
||||
libreSslConfigureCmd = ["./configure", "--disable-shared", "--prefix=" & libreSslInstallDir]
|
||||
libreSslLibDir = libreSslInstallDir / "lib"
|
||||
libreSslLibFile = libreSslLibDir / "libssl.a"
|
||||
libreCryptoLibFile = libreSslLibDir / "libcrypto.a"
|
||||
libreSslIncludeDir = libreSslInstallDir / "include/openssl"
|
||||
# openssl
|
||||
openSslSeedConfigOsCompiler = "linux-x86_64"
|
||||
openSslVersion = getEnv("OPENSSLVER", "1.1.1")
|
||||
openSslSourceDir = "openssl-" & openSslVersion
|
||||
openSslArchiveFile = openSslSourceDir & ".tar.gz"
|
||||
openSslDownloadLink = "https://www.openssl.org/source/" & openSslArchiveFile
|
||||
openSslInstallDir = (thisDir() / "openssl/") & openSslVersion
|
||||
# "no-async" is needed for openssl to compile using musl
|
||||
# - https://gitter.im/nim-lang/Nim?at=5bbf75c3ae7be940163cc198
|
||||
# - https://www.openwall.com/lists/musl/2016/02/04/5
|
||||
# -DOPENSSL_NO_SECURE_MEMORY is needed to make openssl compile using musl.
|
||||
# - https://github.com/openssl/openssl/issues/7207#issuecomment-420814524
|
||||
openSslConfigureCmd = ["./Configure", openSslSeedConfigOsCompiler, "no-shared", "no-zlib", "no-async", "-fPIC", "-DOPENSSL_NO_SECURE_MEMORY", "--prefix=" & openSslInstallDir]
|
||||
openSslLibDir = openSslInstallDir / "lib"
|
||||
openSslLibFile = openSslLibDir / "libssl.a"
|
||||
openCryptoLibFile = openSslLibDir / "libcrypto.a"
|
||||
openSslIncludeDir = openSslInstallDir / "include/openssl"
|
||||
|
||||
# https://github.com/kaushalmodi/nimy_lisp
|
||||
proc dollar[T](s: T): string =
|
||||
result = $s
|
||||
proc mapconcat[T](s: openArray[T]; sep = " "; op: proc(x: T): string = dollar): string =
|
||||
## Concatenate elements of ``s`` after applying ``op`` to each element.
|
||||
## Separate each element using ``sep``.
|
||||
for i, x in s:
|
||||
result.add(op(x))
|
||||
if i < s.len-1:
|
||||
result.add(sep)
|
||||
|
||||
task installPcre, "Installs PCRE using musl-gcc":
|
||||
if not existsFile(pcreLibFile):
|
||||
if not existsDir(pcreSourceDir):
|
||||
if not existsFile(pcreArchiveFile):
|
||||
exec("curl -LO " & pcreDownloadLink)
|
||||
exec("tar xf " & pcreArchiveFile)
|
||||
else:
|
||||
echo "PCRE lib source dir " & pcreSourceDir & " already exists"
|
||||
withDir pcreSourceDir:
|
||||
putEnv("CC", "/usr/bin/x86_64-alpine-linux-musl-gcc -static")
|
||||
exec(pcreConfigureCmd.mapconcat())
|
||||
exec("make -j8")
|
||||
exec("make install")
|
||||
else:
|
||||
echo pcreLibFile & " already exists"
|
||||
setCommand("nop")
|
||||
|
||||
task installLibreSsl, "Installs LIBRESSL using musl-gcc":
|
||||
if (not existsFile(libreSslLibFile)) or (not existsFile(libreCryptoLibFile)):
|
||||
if not existsDir(libreSslSourceDir):
|
||||
if not existsFile(libreSslArchiveFile):
|
||||
exec("curl -LO " & libreSslDownloadLink)
|
||||
exec("tar xf " & libreSslArchiveFile)
|
||||
else:
|
||||
echo "LibreSSL lib source dir " & libreSslSourceDir & " already exists"
|
||||
withDir libreSslSourceDir:
|
||||
# -idirafter /usr/include/ # Needed for linux/sysctl.h
|
||||
# -idirafter /usr/include/x86_64-linux-gnu/ # Needed for Travis/Ubuntu build to pass, for asm/types.h
|
||||
putEnv("CC", "/usr/bin/x86_64-alpine-linux-musl-gcc -static -idirafter /usr/include/ -idirafter /usr/include/x86_64-linux-gnu/")
|
||||
putEnv("C_INCLUDE_PATH", libreSslIncludeDir)
|
||||
exec(libreSslConfigureCmd.mapconcat())
|
||||
exec("make -j8 -C crypto") # build just the "crypto" component
|
||||
exec("make -j8 -C ssl") # build just the "ssl" component
|
||||
exec("make -C crypto install")
|
||||
exec("make -C ssl install")
|
||||
else:
|
||||
echo libreSslLibFile & " already exists"
|
||||
setCommand("nop")
|
||||
|
||||
task installOpenSsl, "Installs OPENSSL using musl-gcc":
|
||||
if (not existsFile(openSslLibFile)) or (not existsFile(openCryptoLibFile)):
|
||||
if not existsDir(openSslSourceDir):
|
||||
if not existsFile(openSslArchiveFile):
|
||||
exec("curl -LO " & openSslDownloadLink)
|
||||
exec("tar xf " & openSslArchiveFile)
|
||||
else:
|
||||
echo "OpenSSL lib source dir " & openSslSourceDir & " already exists"
|
||||
withDir openSslSourceDir:
|
||||
# https://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html
|
||||
# -idirafter /usr/include/ # Needed for Travis/Ubuntu build to pass, for linux/version.h, etc.
|
||||
# -idirafter /usr/include/x86_64-linux-gnu/ # Needed for Travis/Ubuntu build to pass, for asm/types.h
|
||||
putEnv("CC", "/usr/bin/x86_64-alpine-linux-musl-gcc -static -idirafter /usr/include/ -idirafter /usr/include/x86_64-linux-gnu/")
|
||||
putEnv("C_INCLUDE_PATH", openSslIncludeDir)
|
||||
exec(openSslConfigureCmd.mapconcat())
|
||||
echo "The insecure switch -DOPENSSL_NO_SECURE_MEMORY is needed so that OpenSSL can be compiled using MUSL."
|
||||
exec("make -j8 depend")
|
||||
exec("make -j8")
|
||||
exec("make install_sw")
|
||||
else:
|
||||
echo openSslLibFile & " already exists"
|
||||
setCommand("nop")
|
||||
|
||||
# -d:musl
|
||||
when defined(musl):
|
||||
var
|
||||
muslGccPath: string
|
||||
echo " [-d:musl] Building a static binary using musl .."
|
||||
muslGccPath = findExe("x86_64-alpine-linux-musl-gcc")
|
||||
# echo "debug: " & muslGccPath
|
||||
if muslGccPath == "":
|
||||
error("'musl-gcc' binary was not found in PATH.")
|
||||
switch("passL", "-static")
|
||||
switch("gcc.exe", muslGccPath)
|
||||
switch("gcc.linkerexe", muslGccPath)
|
||||
# -d:pcre
|
||||
when defined(pcre):
|
||||
if not existsFile(pcreLibFile):
|
||||
selfExec "installPcre" # Install PCRE in current dir if pcreLibFile is not found
|
||||
switch("passC", "-I" & pcreIncludeDir) # So that pcre.h is found when running the musl task
|
||||
switch("define", "usePcreHeader")
|
||||
switch("passL", pcreLibFile)
|
||||
# -d:libressl or -d:openssl
|
||||
when defined(libressl) or defined(openssl):
|
||||
switch("define", "ssl") # Pass -d:ssl to nim
|
||||
when defined(libressl):
|
||||
let
|
||||
sslLibFile = libreSslLibFile
|
||||
cryptoLibFile = libreCryptoLibFile
|
||||
sslIncludeDir = libreSslIncludeDir
|
||||
sslLibDir = libreSslLibDir
|
||||
when defined(openssl):
|
||||
let
|
||||
sslLibFile = openSslLibFile
|
||||
cryptoLibFile = openCryptoLibFile
|
||||
sslIncludeDir = openSslIncludeDir
|
||||
sslLibDir = openSslLibDir
|
||||
|
||||
if (not existsFile(sslLibFile)) or (not existsFile(cryptoLibFile)):
|
||||
# Install SSL in current dir if sslLibFile or cryptoLibFile is not found
|
||||
when defined(libressl):
|
||||
selfExec "installLibreSsl"
|
||||
when defined(openssl):
|
||||
selfExec "installOpenSsl"
|
||||
switch("passC", "-I" & sslIncludeDir) # So that ssl.h is found when running the musl task
|
||||
switch("passL", "-L" & sslLibDir)
|
||||
switch("passL", "-lssl")
|
||||
switch("passL", "-lcrypto") # This *has* to come *after* -lssl
|
||||
switch("dynlibOverride", "libssl")
|
||||
switch("dynlibOverride", "libcrypto")
|
||||
|
||||
proc binOptimize(binFile: string) =
|
||||
## Optimize size of the ``binFile`` binary.
|
||||
echo ""
|
||||
if findExe("strip") != "":
|
||||
echo "Running 'strip -s' .."
|
||||
exec "strip -s " & binFile
|
||||
if findExe("upx") != "":
|
||||
# https://github.com/upx/upx/releases/
|
||||
echo "Running 'upx --best' .."
|
||||
exec "upx --best " & binFile
|
||||
|
||||
# nim musl foo.nim
|
||||
task musl, "Builds an optimized static binary using musl":
|
||||
## Usage: nim musl [-d:pcre] [-d:libressl|-d:openssl] <FILE1> <FILE2> ..
|
||||
var
|
||||
switches: seq[string]
|
||||
nimFiles: seq[string]
|
||||
let
|
||||
numParams = paramCount()
|
||||
|
||||
when defined(libressl) and defined(openssl):
|
||||
error("Define only 'libressl' or 'openssl', not both.")
|
||||
|
||||
# param 0 will always be "nim"
|
||||
# param 1 will always be "musl"
|
||||
for i in 2 .. numParams:
|
||||
if paramStr(i)[0] == '-': # -d:foo or --define:foo
|
||||
switches.add(paramStr(i))
|
||||
else:
|
||||
# Non-switch parameters are assumed to be Nim file names.
|
||||
nimFiles.add(paramStr(i))
|
||||
|
||||
if nimFiles.len == 0:
|
||||
error(["The 'musl' sub-command accepts at least one Nim file name",
|
||||
" Examples: nim musl FILE.nim",
|
||||
" nim musl FILE1.nim FILE2.nim",
|
||||
" nim musl -d:pcre FILE.nim",
|
||||
" nim musl -d:libressl FILE.nim",
|
||||
" nim musl -d:pcre -d:openssl FILE.nim"].mapconcat("\n"))
|
||||
|
||||
for f in nimFiles:
|
||||
let
|
||||
extraSwitches = switches.mapconcat()
|
||||
(dirName, baseName, _) = splitFile(f)
|
||||
binFile = dirName / baseName # Save the binary in the same dir as the nim file
|
||||
nimArgsArray = when doOptimize:
|
||||
["c", "-d:musl", "-d:release", "--opt:size", extraSwitches, f]
|
||||
else:
|
||||
["c", "-d:musl", extraSwitches, f]
|
||||
nimArgs = nimArgsArray.mapconcat()
|
||||
# echo "[debug] f = " & f & ", binFile = " & binFile
|
||||
|
||||
# Build binary
|
||||
echo "\nRunning 'nim " & nimArgs & "' .."
|
||||
selfExec nimArgs
|
||||
|
||||
when doOptimize:
|
||||
# Optimize binary
|
||||
binOptimize(binFile)
|
||||
|
||||
echo "\nCreated binary: " & binFile
|
42
docker/nginx.conf
Normal file
42
docker/nginx.conf
Normal file
|
@ -0,0 +1,42 @@
|
|||
worker_processes auto;
|
||||
pid /app/tmp/nginx.pid;
|
||||
daemon off;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http {
|
||||
include /app/conf/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
access_log /app/log/access.log combined;
|
||||
error_log /app/log/error.log error;
|
||||
|
||||
client_body_temp_path /app/tmp/client_body_temp;
|
||||
proxy_temp_path /app/tmp/poxy_temp;
|
||||
|
||||
sendfile on;
|
||||
keepalive_timeout 15;
|
||||
keepalive_disable msie6;
|
||||
keepalive_requests 100;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay off;
|
||||
server_tokens off;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
server_name default;
|
||||
|
||||
port_in_redirect off;
|
||||
|
||||
root /app/www;
|
||||
index index.html;
|
||||
|
||||
location ~ ^/(suggestions|journeys|moreJourneys|refreshJourneys) {
|
||||
proxy_pass http://oeffisearch:8081;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in a new issue