-
Notifications
You must be signed in to change notification settings - Fork 158
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
105 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,67 +1,62 @@ | ||
# syntax=docker/dockerfile:1 | ||
|
||
ARG SYNAPSE_VERSION=latest | ||
ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION | ||
|
||
# first of all, we create a base image with an nginx which we can copy into the | ||
# target image. For repeated rebuilds, this is much faster than apt installing | ||
# each time. | ||
|
||
FROM docker.io/library/debian:bookworm-slim AS deps_base | ||
RUN \ | ||
--mount=type=cache,target=/var/cache/apt,sharing=locked \ | ||
--mount=type=cache,target=/var/lib/apt,sharing=locked \ | ||
apt-get update -qq && \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \ | ||
redis-server nginx-light | ||
|
||
# Similarly, a base to copy the redis server from. | ||
# | ||
# The redis docker image has fewer dynamic libraries than the debian package, | ||
# which makes it much easier to copy (but we need to make sure we use an image | ||
# based on the same debian version as the synapse image, to make sure we get | ||
# the expected version of libc. | ||
FROM docker.io/library/redis:7-bookworm AS redis_base | ||
ARG SYNAPSE_IMAGE=docker.io/matrixdotorg/synapse:$SYNAPSE_VERSION | ||
|
||
ARG MAS_VERSION=latest | ||
ARG MAS_IMAGE=ghcr.io/matrix-org/matrix-authentication-service:$MAS_VERSION | ||
|
||
ARG REDIS_VERSION=7.4.0 | ||
ARG REDIS_IMAGE=docker.io/library/redis:$REDIS_VERSION-bookworm | ||
|
||
ARG NGINX_VERSION=1.26.1 | ||
ARG NGINX_IMAGE=docker.io/library/nginx:$NGINX_VERSION-bookworm | ||
|
||
FROM $NGINX_IMAGE AS nginx | ||
FROM $REDIS_IMAGE AS redis | ||
FROM $MAS_IMAGE AS mas | ||
|
||
# now build the final image, based on the the regular Synapse docker image | ||
FROM $FROM | ||
|
||
# Install supervisord with pip instead of apt, to avoid installing a second | ||
# copy of python. | ||
RUN --mount=type=cache,target=/root/.cache/pip \ | ||
pip install supervisor~=4.2 | ||
RUN mkdir -p /etc/supervisor/conf.d | ||
|
||
# Copy over redis and nginx | ||
COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin | ||
|
||
COPY --from=deps_base /usr/sbin/nginx /usr/sbin | ||
COPY --from=deps_base /usr/share/nginx /usr/share/nginx | ||
COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx | ||
COPY --from=deps_base /etc/nginx /etc/nginx | ||
RUN rm /etc/nginx/sites-enabled/default | ||
RUN mkdir /var/log/nginx /var/lib/nginx | ||
RUN chown www-data /var/lib/nginx | ||
|
||
# have nginx log to stderr/out | ||
RUN ln -sf /dev/stdout /var/log/nginx/access.log | ||
RUN ln -sf /dev/stderr /var/log/nginx/error.log | ||
|
||
# Copy Synapse worker, nginx and supervisord configuration template files | ||
COPY ./docker/conf-workers/* /conf/ | ||
|
||
# Copy a script to prefix log lines with the supervisor program name | ||
COPY ./docker/prefix-log /usr/local/bin/ | ||
|
||
# Expose nginx listener port | ||
EXPOSE 8080/tcp | ||
|
||
# A script to read environment variables and create the necessary | ||
# files to run the desired worker configuration. Will start supervisord. | ||
COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py | ||
ENTRYPOINT ["/configure_workers_and_start.py"] | ||
|
||
# Replace the healthcheck with one which checks *all* the workers. The script | ||
# is generated by configure_workers_and_start.py. | ||
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \ | ||
CMD /bin/sh /healthcheck.sh | ||
FROM $SYNAPSE_IMAGE | ||
|
||
# Install supervisord with pip instead of apt, to avoid installing a second | ||
# copy of python. | ||
RUN --mount=type=cache,target=/root/.cache/pip \ | ||
pip install supervisor~=4.2 | ||
RUN mkdir -p /etc/supervisor/conf.d | ||
|
||
# Copy over redis, nginx and matrix-authentication-service | ||
COPY --from=redis /usr/local/bin/redis-server /usr/local/bin | ||
|
||
COPY --from=nginx /usr/sbin/nginx /usr/sbin | ||
COPY --from=nginx /usr/share/nginx /usr/share/nginx | ||
COPY --from=nginx /usr/lib/nginx /usr/lib/nginx | ||
COPY --from=nginx /etc/nginx /etc/nginx | ||
RUN mkdir /var/log/nginx /var/lib/nginx | ||
RUN chown www-data /var/lib/nginx | ||
|
||
# have nginx log to stderr/out | ||
RUN ln -sf /dev/stdout /var/log/nginx/access.log | ||
RUN ln -sf /dev/stderr /var/log/nginx/error.log | ||
|
||
COPY --from=mas /usr/local/bin/mas-cli /usr/local/bin | ||
COPY --from=mas /usr/local/share/mas-cli /usr/local/share | ||
|
||
# Copy Synapse worker, nginx and supervisord configuration template files | ||
COPY ./docker/conf-workers/* /conf/ | ||
|
||
# Copy a script to prefix log lines with the supervisor program name | ||
COPY ./docker/prefix-log /usr/local/bin/ | ||
|
||
# Expose nginx listener port | ||
EXPOSE 8080/tcp | ||
|
||
# A script to read environment variables and create the necessary | ||
# files to run the desired worker configuration. Will start supervisord. | ||
COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py | ||
ENTRYPOINT ["/configure_workers_and_start.py"] | ||
|
||
# Replace the healthcheck with one which checks *all* the workers. The script | ||
# is generated by configure_workers_and_start.py. | ||
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \ | ||
CMD /bin/sh /healthcheck.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters