-
Notifications
You must be signed in to change notification settings - Fork 5
/
Dockerfile-debian
35 lines (26 loc) · 1.1 KB
/
Dockerfile-debian
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
FROM golang:1.22 AS builder
COPY ${PWD} /app
WORKDIR /app
# Toggle CGO based on your app requirement. CGO_ENABLED=1 for enabling CGO
RUN CGO_ENABLED=0 go build -ldflags '-s -w -extldflags "-static"' -o /app/appbin *.go
# Use below if using vendor
# RUN CGO_ENABLED=0 go build -mod=vendor -ldflags '-s -w -extldflags "-static"' -o /app/appbin *.go
FROM debian:stable-slim
LABEL MAINTAINER Author <author@example.com>
# Following commands are for installing CA certs (for proper functioning of HTTPS and other TLS)
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
netbase \
&& rm -rf /var/lib/apt/lists/ \
&& apt-get autoremove -y && apt-get autoclean -y
# Add new user 'appuser'. App should be run without root privileges as a security measure
RUN adduser --home "/appuser" --disabled-password appuser \
--gecos "appuser,-,-,-"
USER appuser
COPY --from=builder /app /home/appuser/app
WORKDIR /home/appuser/app
# Since running as a non-root user, port bindings < 1024 are not possible
# 8000 for HTTP; 8443 for HTTPS;
EXPOSE 8000
EXPOSE 8443
CMD ["./appbin"]