78 lines
2.8 KiB
Plaintext
78 lines
2.8 KiB
Plaintext
# syntax=docker/dockerfile:1
|
|
|
|
ARG SYNAPSE_VERSION=latest
|
|
ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION
|
|
ARG DEBIAN_VERSION=bookworm
|
|
ARG DEBIAN_VERSION_NUMERIC=12
|
|
ARG PYTHON_VERSION=3.12
|
|
|
|
# first of all, we create a base image with an nginx which we can copy into the
|
|
# target image. For repeated rebuilds, this is much faster than apt installing
|
|
# each time.
|
|
|
|
FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base
|
|
|
|
# This silences a warning as uv isn't able to do hardlinks between its cache
|
|
# (mounted as --mount=type=cache) and the target directory.
|
|
ENV UV_LINK_MODE=copy
|
|
|
|
RUN \
|
|
--mount=type=cache,target=/var/cache/apt,sharing=locked \
|
|
--mount=type=cache,target=/var/lib/apt,sharing=locked \
|
|
apt-get update -qq && \
|
|
apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances --no-pre-depends \
|
|
redis-server \
|
|
nginx-light \
|
|
mawk \
|
|
| grep '^\w' > /tmp/pkg-list && \
|
|
mkdir -p /tmp/debs && \
|
|
cat /tmp/pkg-list && \
|
|
cd /tmp/debs && \
|
|
xargs apt-get download </tmp/pkg-list
|
|
|
|
# Extract the debs for each architecture
|
|
RUN \
|
|
mkdir -p /install/var/lib/dpkg/status.d/ && \
|
|
for deb in /tmp/debs/*.deb; do \
|
|
package_name=$(dpkg-deb -I ${deb} | awk '/^ Package: .*$/ {print $2}'); \
|
|
echo "Extracting: ${package_name}"; \
|
|
dpkg --ctrl-tarfile $deb | tar -Ox ./control > /install/var/lib/dpkg/status.d/${package_name}; \
|
|
dpkg --extract $deb /install; \
|
|
done;
|
|
|
|
RUN --mount=type=cache,target=/root/.cache/uv \
|
|
uv pip install --prefix="/install/usr/local" supervisor~=4.2
|
|
|
|
# now build the final image, based on the the regular Synapse docker image
|
|
FROM $FROM
|
|
|
|
# Copy over redis, nginx and supervisor
|
|
COPY --from=deps_base /install /
|
|
RUN mkdir -p /etc/supervisor/conf.d
|
|
RUN addgroup -S -g 33 www-data
|
|
RUN adduser -S -u 33 -G www-data -h /var/www -s /usr/sbin/nologin -H www-data
|
|
RUN chown www-data /var/lib/nginx
|
|
|
|
# have nginx log to stderr/out
|
|
RUN ln -sf /dev/stdout /var/log/nginx/access.log
|
|
RUN ln -sf /dev/stderr /var/log/nginx/error.log
|
|
|
|
# Copy Synapse worker, nginx and supervisord configuration template files
|
|
COPY ./docker/conf-workers/* /conf/
|
|
|
|
# Copy a script to prefix log lines with the supervisor program name
|
|
COPY ./docker/prefix-log /usr/local/bin/
|
|
|
|
# Expose nginx listener port
|
|
EXPOSE 8080/tcp
|
|
|
|
# A script to read environment variables and create the necessary
|
|
# files to run the desired worker configuration. Will start supervisord.
|
|
COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py
|
|
ENTRYPOINT ["/configure_workers_and_start.py"]
|
|
|
|
# Replace the healthcheck with one which checks *all* the workers. The script
|
|
# is generated by configure_workers_and_start.py.
|
|
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
|
|
CMD /bin/sh /healthcheck.sh
|