diff --git a/Dockerfile b/Dockerfile index de0ec90..5d8c03f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,6 @@ FROM debian:bookworm-slim AS builder ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-utils \ gcc \ make \ libssl-dev \ @@ -14,6 +13,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ git \ ca-certificates \ + && apt-get upgrade -y \ && rm -rf /var/lib/apt/lists/* @@ -27,12 +27,13 @@ FROM debian:bookworm-slim ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-utils \ libssl3 \ libmagic1 \ libnghttp2-14 \ + zlib1g \ ca-certificates \ curl \ + && apt-get upgrade -y \ && rm -rf /var/lib/apt/lists/* @@ -40,22 +41,45 @@ RUN useradd -m -u 1000 -s /bin/bash carbon WORKDIR /app RUN mkdir -p /app/www /app/log /app/ssl/cert /app/ssl/key && \ - chown -R carbon:carbon /app + chown -R carbon:carbon /app && \ + chmod 755 /app && \ + chmod 750 /app/ssl -COPY --from=builder /build/server /app/ -COPY --from=builder /build/server.conf /app/ -COPY --from=builder /build/www/ /app/www/ -COPY --from=builder /build/README.md /app/ -COPY --from=builder /build/DOCUMENTATION.md /app/ -COPY --from=builder /build/LICENSE /app/ +COPY --from=builder --chown=carbon:carbon /build/server /app/ +COPY --from=builder --chown=carbon:carbon /build/www/ /app/www/ +COPY --from=builder --chown=carbon:carbon /build/README.md /app/ +COPY --from=builder --chown=carbon:carbon /build/DOCUMENTATION.md /app/ +COPY --from=builder --chown=carbon:carbon /build/LICENSE /app/ -RUN chown -R carbon:carbon /app +RUN chmod 500 /app/server USER carbon +ENV SERVER_NAME=0.0.0.0 \ + PORT=8080 \ + USE_HTTPS=false \ + ENABLE_HTTP2=false \ + ENABLE_WEBSOCKET=false \ + MAX_THREADS=4 \ + VERBOSE=true + +CMD echo "# Carbon Server Configuration (Generated from ENV)" > /app/server.conf && \ + echo "running = true" >> /app/server.conf && \ + echo "port = ${PORT}" >> /app/server.conf && \ + echo "use_https = ${USE_HTTPS}" >> /app/server.conf && \ + echo "enable_http2 = ${ENABLE_HTTP2}" >> /app/server.conf && \ + echo "enable_websocket = ${ENABLE_WEBSOCKET}" >> /app/server.conf && \ + echo "server_name = ${SERVER_NAME}" >> /app/server.conf && \ + echo "max_threads = ${MAX_THREADS}" >> /app/server.conf && \ + echo "max_connections = 1024" >> /app/server.conf && \ + echo "log_file = log/server.log" >> /app/server.conf && \ + echo "verbose = ${VERBOSE}" >> /app/server.conf && \ + echo "www_path = www" >> /app/server.conf && \ + echo "ssl_cert_path = ssl/cert/cert.pem" >> /app/server.conf && \ + echo "ssl_key_path = ssl/key/key.key" >> /app/server.conf && \ + ./server + EXPOSE 8080 8443 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ - CMD curl -f http://localhost:8080/ || exit 1 - -CMD ["./server"] + CMD curl -f http://localhost:${PORT:-8080}/ || exit 1 diff --git a/docker-compose.yml b/docker-compose.yml index e848890..4d753d9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,34 +5,17 @@ services: image: azreyo/carbon:latest container_name: carbon-http-server ports: - - "8080:8080" # HTTP port - - "8443:8443" # HTTPS port + - "8080:8080" + - "8443:8443" environment: - - TZ=UTC - - SERVER_NAME=yourdomain.com # Change this to your domain or IP + - SERVER_NAME=0.0.0.0 + - PORT=8080 + - USE_HTTPS=false + - ENABLE_HTTP2=false + - ENABLE_WEBSOCKET=false + - MAX_THREADS=4 + - VERBOSE=true restart: unless-stopped - networks: - - carbon-net - # Resource limits - deploy: - resources: - limits: - cpus: '2' - memory: 512M - reservations: - cpus: '0.5' - memory: 128M - # Security options - security_opt: - - no-new-privileges:true - cap_drop: - - ALL - cap_add: - - NET_BIND_SERVICE - read_only: true - tmpfs: - - /tmp - - /app/log networks: carbon-net: