-
Notifications
You must be signed in to change notification settings - Fork 14
/
Dockerfile
77 lines (60 loc) · 3.62 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# This Dockerfile is used to build a container image for running Ghost, a popular open-source blogging platform, on Kubernetes.
# The image is built with official Node 20 on Debian Bookworm (LTS Iron) image and uses the Distroless base image for security and minimalism.
# Stage 1: Build Environment
FROM node:iron-bookworm@sha256:f4755c9039bdeec5c736b2e0dd5b47700d6393b65688b9e9f807ec12f54a8690 AS build-env
USER root
# Create a new user and group named "nonroot" with the UID 65532 and GID 65532, not a member of the root, sudo, and sys groups, and set the home directory to /home/nonroot.
# This user is used to run the Ghost application in the container for security reasons.
RUN groupadd -g 65532 nonroot && \
useradd -u 65532 -g 65532 -d /home/nonroot nonroot && \
usermod -aG nonroot nonroot && \
mkdir -pv /home/nonroot && \
chown -Rfv 65532:65532 /home/nonroot
USER nonroot
SHELL ["/bin/bash", "-c"]
ENV NODE_ENV=production
# Define the GHOST_VERSION build argument and set it as an environment variable
ARG GHOST_VERSION
ENV GHOST_VERSION=$GHOST_VERSION
# Set the installation directory, content directory, and original content directory for Ghost
ENV GHOST_INSTALL=/home/nonroot/app/ghost
ENV GHOST_CONTENT=/home/nonroot/app/ghost/content
ENV GHOST_CONTENT_ORIGINAL=/home/nonroot/app/ghost/content.orig
RUN mkdir -pv "$GHOST_INSTALL"
# Install the latest version of Ghost CLI globally and config some workarounds to build arm64 version in Github without timeout failures
RUN yarn config set network-timeout 60000 && \
yarn config set inline-builds true && \
npm config set fetch-timeout 60000 && \
npm config set omit dev
RUN export NODE_ENV=production && \
npx ghost-cli install $GHOST_VERSION --dir $GHOST_INSTALL --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --color --process local
# Move the original content directory to a backup location, create a new content directory, set the correct ownership and permissions, and switch back to the "node" user
RUN mv -v $GHOST_CONTENT $GHOST_CONTENT_ORIGINAL && \
mkdir -v $GHOST_CONTENT && \
chown -Rfv 65532 $GHOST_CONTENT_ORIGINAL && \
chown -Rfv 65532 $GHOST_CONTENT && \
chown -fv 65532 $GHOST_INSTALL && \
chmod -v 1755 $GHOST_CONTENT
# Stage 2: Final Image
FROM gcr.io/distroless/nodejs20-debian12:latest@sha256:a6c0e95f6f70fb21586757a846d8b8d287609f2414bcc2399895adb055768648 AS runtime
# Set the installation directory and content directory for Ghost
ENV GHOST_INSTALL_SRC=/home/nonroot/app/ghost
ENV GHOST_INSTALL=/home/nonroot/app/ghost
ENV GHOST_CONTENT=/home/nonroot/app/ghost/content
ENV GHOST_CONTENT_ORIGINAL=/home/nonroot/app/ghost/content.orig
ENV NODE_ENV=production
USER nonroot
# Copy the Ghost installation directory from the build environment to the final image
COPY --from=build-env $GHOST_INSTALL_SRC $GHOST_INSTALL
# Set the working directory to the Ghost installation directory and create a volume for the content directory
# The volume is used to persist the data across container restarts, upgrades, and migrations.
# It's going to be handled with an init container that will copy the content from your original content directory to the new content directory (If there is any)
# The CMD script will handle default themes included (Casper and Source) and init Ghost.
WORKDIR $GHOST_INSTALL
VOLUME $GHOST_CONTENT
# Copy the entrypoint script to the current Ghost version.
COPY --chown=65532 entrypoint.js current/entrypoint.js
# Expose port 2368 for Ghost
EXPOSE 2368
# Set the command to start Ghost with the entrypoint (See https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/entrypoint.js)
CMD ["current/entrypoint.js"]