FROM alpine:3.12.3 LABEL maintainer "Talmai Oliveira , James Addison " ARG GROCY_VERSION # Install build-time dependencies RUN apk add --no-cache \ openssl \ git \ gnupg \ wget \ yarn # Install system dependencies RUN apk update && \ apk add --no-cache \ nginx # Generate TLS certificates RUN openssl req \ -x509 \ -newkey rsa:2048 \ -keyout /etc/ssl/private/grocy-nginx.key \ -out /etc/ssl/private/grocy-nginx.crt \ -days 365 \ -nodes \ -subj /CN=localhost && \ chown nginx /etc/ssl/private/grocy-nginx.key && \ chown nginx /etc/ssl/private/grocy-nginx.crt # Configure directory permissions RUN chown -R nginx /var/log/nginx && \ rm -rf /var/www/localhost && \ chown nginx /var/www COPY docker_nginx/nginx.conf /etc/nginx/nginx.conf COPY docker_nginx/common.conf /etc/nginx/common.conf COPY docker_nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf COPY docker_nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf # Install application dependencies (unprivileged) USER nginx WORKDIR /var/www # Extract application release package ENV GROCY_RELEASE_KEY_URI="https://berrnd.de/data/Bernd_Bestel.asc" RUN set -o pipefail && \ export GNUPGHOME=$(mktemp -d) && \ wget ${GROCY_RELEASE_KEY_URI} -O - | gpg --batch --import && \ git clone --branch ${GROCY_VERSION} --config advice.detachedHead=false --depth 1 "https://github.com/grocy/grocy.git" . && \ git verify-commit ${GROCY_VERSION} && \ rm -rf ${GNUPGHOME} # Install application dependencies RUN yarn install --modules-folder /var/www/public/node_modules --production && \ yarn cache clean # Remove build-time dependencies (privileged) USER root RUN apk del \ openssl \ git \ gnupg \ wget \ yarn VOLUME ["/var/log/nginx"] EXPOSE 8080 8443 USER nginx CMD ["nginx", "-g", "daemon off;"]