-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathDockerfile
96 lines (91 loc) · 3.75 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
FROM --platform=$BUILDPLATFORM rust:1-bullseye AS rust_builder
ENV moproxy_tag=v0.5.1
ENV udp_over_tcp_tag=v0.4.0
ARG TARGETARCH
RUN set -eux \
&& { [ "${TARGETARCH}" = "arm64" ] && TARGETARCH="aarch64" || TARGETARCH="x86-64"; } \
&& RUST_TARGET="$(echo $TARGETARCH | tr '-' '_')" \
&& apt-get update -y \
&& apt-get install -y git libc-dev gcc-${TARGETARCH}-linux-gnu binutils-${TARGETARCH}-linux-gnu \
# moproxy \
&& git clone https://github.com/sorz/moproxy \
&& cd moproxy \
&& git checkout -b tags/$moproxy_tag \
&& rustup target add ${RUST_TARGET}-unknown-linux-gnu \
&& env CARGO_TARGET_$(echo ${RUST_TARGET} | tr [:lower:] [:upper:])_UNKNOWN_LINUX_GNU_LINKER="${RUST_TARGET}-linux-gnu-gcc-10" cargo build --release --target ${RUST_TARGET}-unknown-linux-gnu \
&& mkdir -p target/release \
&& cp target/${RUST_TARGET}-unknown-linux-gnu/release/moproxy target/release \
# udp-over-tcp \
&& cd / \
&& git clone https://github.com/Probely/udp-over-tcp.git \
&& cd udp-over-tcp \
&& git checkout -b tags/$udp_over_tcp_tag \
&& rustup target add ${RUST_TARGET}-unknown-linux-gnu \
&& env \
CARGO_TARGET_$(echo ${RUST_TARGET} | tr [:lower:] [:upper:])_UNKNOWN_LINUX_GNU_LINKER="${RUST_TARGET}-linux-gnu-gcc-10" \
cargo build --release --target ${RUST_TARGET}-unknown-linux-gnu \
--features env_logger --features clap --bins \
&& mkdir -p target/release \
&& cp target/${RUST_TARGET}-unknown-linux-gnu/release/udp2tcp target/release
FROM --platform=$BUILDPLATFORM golang:1.23-bullseye AS go_builder
COPY ./farconn /build/farconn
COPY ./farcaster-go /build/farcaster-go
ARG TARGETARCH
ARG VERSION
RUN set -eux \
&& mkdir -p /build \
&& cd /build \
&& apt-get update -y \
&& apt-get install -y git libc-dev gcc libmnl-dev iptables \
\
&& cd farconn \
&& env GOOS=linux GOARCH=$TARGETARCH make build-fast \
&& cd - \
&& cd farcaster-go \
&& env VERSION=${VERSION} GOOS=linux GOARCH=$TARGETARCH make \
&& cd -
FROM debian:bullseye-slim
COPY ./scripts/. /farcaster/bin/
COPY --from=go_builder /build/farconn/farconn /usr/local/bin
COPY --from=go_builder /build/farcaster-go/bin/farcasterd /usr/local/bin
COPY --from=rust_builder /moproxy/target/release/moproxy /usr/local/bin
COPY --from=rust_builder /udp-over-tcp/target/release/udp2tcp /usr/local/bin
ARG VERSION
ENV FARCASTER_VERSION=${VERSION}
RUN set -eux \
&& umask 077 \
&& apt-get update -y \
&& apt-get install -y --no-install-suggests --no-install-recommends \
bash \
libmnl0 \
iptables \
openresolv \
iproute2 \
dnsmasq \
dnsutils \
curl \
wireguard-tools \
ca-certificates \
&& apt-get clean \
&& for d in bin etc lib run sbin; do mkdir -p /farcaster/"${d}"; done \
&& ln -s /run/farcaster/wg-tunnel.conf /farcaster/etc/ \
&& ln -s /run/farcaster/wg-gateway.conf /farcaster/etc/ \
&& rm -rf /var/run \
&& ln -s /run /var/run \
&& mkdir -m 0700 -p /secrets/farcaster/data \
&& chmod +x /farcaster/bin/* \
&& { useradd --system --home-dir / --shell /bin/false proxy || true; } \
&& useradd --system --home-dir / --shell /bin/false diag \
&& useradd --system --home-dir / --shell /bin/false tcptun \
&& ln /usr/local/bin/farconn /usr/local/bin/diag \
&& chgrp diag /usr/local/bin/diag \
&& chmod g+s /usr/local/bin/diag \
# Cleanup
&& apt-get clean \
&& rm -rf /var/lib/apt \
# Make sure that binaries were properly built
&& /usr/local/bin/moproxy --help >/dev/null 2>&1 \
&& /usr/local/bin/udp2tcp --help >/dev/null 2>&1 \
&& /usr/local/bin/farconn >/dev/null 2>&1 \
&& /usr/local/bin/farcasterd --help >/dev/null 2>&1
ENTRYPOINT ["/farcaster/bin/entrypoint.sh"]