2021-10-15 01:47:18 +02:00
|
|
|
# Switch to the target image
|
2025-11-08 12:56:24 +01:00
|
|
|
FROM alpine:3.22
|
2020-02-13 12:49:10 +01:00
|
|
|
|
2022-12-11 22:48:04 +01:00
|
|
|
ARG BUILD_COMMIT=unknown
|
|
|
|
|
ARG BUILD_BRANCH=unknown
|
|
|
|
|
|
2025-11-08 13:39:34 +01:00
|
|
|
ENV IP=::
|
|
|
|
|
ENV DUALSTACK=1
|
|
|
|
|
ENV PORT=1688
|
|
|
|
|
ENV EPID=""
|
|
|
|
|
ENV LCID=1033
|
|
|
|
|
ENV CLIENT_COUNT=26
|
|
|
|
|
ENV ACTIVATION_INTERVAL=120
|
|
|
|
|
ENV RENEWAL_INTERVAL=10080
|
|
|
|
|
ENV HWID=RANDOM
|
|
|
|
|
ENV LOGLEVEL=INFO
|
|
|
|
|
ENV LOGFILE=STDOUT
|
|
|
|
|
ENV LOGSIZE=""
|
|
|
|
|
ENV TZ=America/Chicago
|
|
|
|
|
ENV WEBUI=1
|
2020-02-13 12:49:10 +01:00
|
|
|
|
2022-12-09 20:16:01 +01:00
|
|
|
COPY docker/docker-py3-kms/requirements.txt /home/py-kms/
|
2020-02-13 12:49:10 +01:00
|
|
|
RUN apk add --no-cache --update \
|
2021-11-09 19:03:28 +01:00
|
|
|
bash \
|
|
|
|
|
python3 \
|
2022-04-22 23:41:55 +02:00
|
|
|
py3-pip \
|
2021-11-09 19:03:28 +01:00
|
|
|
sqlite-libs \
|
|
|
|
|
ca-certificates \
|
|
|
|
|
tzdata \
|
|
|
|
|
shadow \
|
2025-11-08 12:56:24 +01:00
|
|
|
&& pip3 install --break-system-packages --no-cache-dir -r /home/py-kms/requirements.txt \
|
2021-11-09 19:03:28 +01:00
|
|
|
&& mkdir /db/ \
|
|
|
|
|
&& adduser -S py-kms -G users -s /bin/bash \
|
|
|
|
|
&& chown py-kms:users /home/py-kms \
|
|
|
|
|
# Fix undefined timezone, in case the user did not mount the /etc/localtime
|
|
|
|
|
&& ln -sf /usr/share/zoneinfo/UTC /etc/localtime
|
2020-02-13 12:49:10 +01:00
|
|
|
|
2022-12-11 21:56:08 +01:00
|
|
|
COPY py-kms /home/py-kms/
|
2021-10-15 01:47:18 +02:00
|
|
|
COPY docker/entrypoint.py /usr/bin/entrypoint.py
|
2023-05-06 17:55:58 +02:00
|
|
|
COPY docker/healthcheck.py /usr/bin/healthcheck.py
|
2021-10-15 01:47:18 +02:00
|
|
|
COPY docker/start.py /usr/bin/start.py
|
2023-05-06 17:55:58 +02:00
|
|
|
RUN chmod 555 /usr/bin/entrypoint.py /usr/bin/healthcheck.py /usr/bin/start.py
|
2022-12-11 22:48:04 +01:00
|
|
|
|
2025-11-08 12:56:11 +01:00
|
|
|
# Additional permission hardening: All files read-only for the executing user
|
|
|
|
|
RUN chown root: -R /home/py-kms && \
|
|
|
|
|
chmod 444 -R /home/py-kms && \
|
|
|
|
|
chown py-kms: /home/py-kms && \
|
|
|
|
|
chmod 700 /home/py-kms && \
|
|
|
|
|
find /home/py-kms -type d -print -exec chmod +x {} ';'
|
|
|
|
|
|
2022-12-11 22:48:04 +01:00
|
|
|
# Web-interface specifics
|
2022-12-11 21:56:08 +01:00
|
|
|
COPY LICENSE /LICENSE
|
2022-12-11 22:48:04 +01:00
|
|
|
RUN echo "$BUILD_COMMIT" > /VERSION && echo "$BUILD_BRANCH" >> /VERSION
|
2021-10-14 11:45:17 +02:00
|
|
|
|
2021-10-15 01:47:18 +02:00
|
|
|
WORKDIR /home/py-kms
|
2022-04-14 01:48:06 +02:00
|
|
|
|
2021-10-26 22:56:47 +02:00
|
|
|
EXPOSE ${PORT}/tcp
|
2022-12-11 21:56:08 +01:00
|
|
|
EXPOSE 8080/tcp
|
2020-02-13 12:49:10 +01:00
|
|
|
|
2023-05-06 17:55:58 +02:00
|
|
|
HEALTHCHECK --interval=5m --timeout=10s --start-period=10s --retries=3 CMD /usr/bin/python3 /usr/bin/healthcheck.py
|
2021-10-26 22:56:47 +02:00
|
|
|
|
2022-05-12 13:55:20 +02:00
|
|
|
ENTRYPOINT [ "/usr/bin/python3", "-u", "/usr/bin/entrypoint.py" ]
|
