1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
FROM debian:bullseye-20221114-slim@sha256:df172d92d287ec4d4a538e5db8026fcde5f91f5f90061423d69d6148ff05cc47
EXPOSE 8000
COPY ./requirements.txt /app/requirements.txt
RUN apt-get update \
&& apt-get install -y python3 python3-pip \
&& pip3 install -r /app/requirements.txt \
&& apt-get remove -y \
gcc \
curl \
wget \
python3-pip \
python3-dev \
&& apt-get autoremove -y \
&& apt-get clean
# Remove setuid and setgid
RUN find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true
# Add user
RUN useradd soc_collector -u 1500 -s /usr/sbin/nologin
COPY ./src /app/src
COPY ./data/logging.json /app/logging.json
COPY ./data/collector-dev.soc.sunet.se.crt /app/collector-dev.soc.sunet.se.crt
COPY ./data/collector-dev.soc.sunet.se.key /app/collector-dev.soc.sunet.se.key
COPY ./data/collector_root_ca.crt /app/collector_root_ca.crt
COPY ./data/api_keys.txt /app/api_keys.txt
COPY ./data/healthcheck.sh /app/healthcheck.sh
COPY ./data/healthcheck.py /app/healthcheck.py
WORKDIR /app/
USER soc_collector
# Add healthcheck
HEALTHCHECK --interval=2m --timeout=15s --retries=1 --start-period=30s \
CMD sh ./healthcheck.sh COLLECTOR || bash -c 'kill -s 15 1 && (sleep 7; kill -s 9 1)'
ENTRYPOINT ["uvicorn", "src.soc_collector.main:app", "--log-config", "./logging.json", "--host", "0.0.0.0", "--port", "8000", "--ssl-keyfile", "./collector-dev.soc.sunet.se.key", "--ssl-certfile", "./collector-dev.soc.sunet.se.crt", "--ssl-version", "2", "--workers", "1", "--header", "server:collector"]
|
