kanidm/server/Dockerfile

# Build the main Kanidmd server
ARG BASE_IMAGE=opensuse/tumbleweed:latest
# ARG BASE_IMAGE=opensuse/leap:15.5

FROM ${BASE_IMAGE} AS repos
ADD scripts/zypper_fixing.sh /zypper_fixing.sh
RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh

# ======================
FROM repos AS builder
ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE="container_generic"
ARG KANIDM_BUILD_OPTIONS=""

# Set the build profile
ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"

RUN \
    --mount=type=cache,id=zypp,target=/var/cache/zypp \
    zypper install -y --no-recommends \
        sccache \
        cargo \
        clang \
        gawk \
        make \
        automake \
        autoconf \
        libopenssl-3-devel \
        pam-devel \
        sqlite3-devel \
        systemd-devel \
        rsync \
        findutils \
        which \
        mold

COPY . /usr/src/kanidm

# ======================

WORKDIR /usr/src/kanidm/kanidmd/daemon

# Exports don't persist through RUN statements.
RUN --mount=type=cache,id=cargo,target=/cargo \
    --mount=type=cache,id=sccache,target=/sccache \
    export CARGO_HOME=/cargo && \
    export SCCACHE_DIR=/sccache && \
    export RUSTC_WRAPPER=/usr/bin/sccache && \
    export CC="/usr/bin/clang" && \
    cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
        --target-dir="/usr/src/kanidm/target/" \
        --features="${KANIDM_FEATURES}" \
        --release; \
    sccache -s

# ======================

FROM repos
RUN \
    --mount=type=cache,id=zypp,target=/var/cache/zypp \
    zypper install -y \
        timezone \
        openssl-3 \
        sqlite3 \
        pam

COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
COPY --from=builder /usr/src/kanidm/server/core/static /hpkg
RUN chmod +x /sbin/kanidmd

WORKDIR /data

EXPOSE 8443 3636

ENV RUST_BACKTRACE=1

HEALTHCHECK \
    --interval=60s \
    --timeout=10s \
    --start-period=60s \
    --start-interval=5s \
    --retries=3 \
    CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]

CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`# Build the main Kanidmd server`
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more. 2020-06-18 02:30:42 +02:00			`ARG BASE_IMAGE=opensuse/tumbleweed:latest`
Add tools for remigration and domain level raising (#2481) 2024-02-06 11:01:06 +01:00			`# ARG BASE_IMAGE=opensuse/leap:15.5`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00			`FROM ${BASE_IMAGE} AS repos`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00			`ADD scripts/zypper_fixing.sh /zypper_fixing.sh`
			`RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh`
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# ======================`
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00			`FROM repos AS builder`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`ARG KANIDM_FEATURES`
			`ARG KANIDM_BUILD_PROFILE="container_generic"`
			`ARG KANIDM_BUILD_OPTIONS=""`
12 totp (#201) Implements #12, TOTP. This adds support for TOTP to the api and server, with server side token generation, authentication and the correct URI for encoding into QR codes for client token addition. Some extra measures have been taken such as in the stepped auth to always notify on the success or failure of the TOTP first (regardless of order) to prevent PW bruteforce attacks. 2020-04-10 07:50:45 +02:00
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`# Set the build profile`
			`ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}`
			`ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`RUN \`
			`--mount=type=cache,id=zypp,target=/var/cache/zypp \`
			`zypper install -y --no-recommends \`
			`sccache \`
			`cargo \`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`clang \`
Resolve issues with dyngroup members (#1986) 2023-08-17 07:52:12 +02:00			`gawk \`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00			`make \`
			`automake \`
			`autoconf \`
			`libopenssl-3-devel \`
			`pam-devel \`
Base web UI (#391) Initial web ui (not-functional yet) 2021-03-26 02:22:00 +01:00			`sqlite3-devel \`
Repair systemd reload notifications (#3355) In order for the RELOAD and the subsequent READY notifications to be correctly processed, the RELOAD notification must be accompanied with a MONOTONIC_USEC one. 2025-01-17 06:17:58 +01:00			`systemd-devel \`
A pile of Wasm UI tweaks (#958) 2022-08-01 07:52:01 +02:00			`rsync \`
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`findutils \`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`which \`
			`mold`
Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. 2020-05-06 09:37:07 +02:00
			`COPY . /usr/src/kanidm`
Large rework of audit logging 2018-12-27 06:22:03 +01:00
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# ======================`

636 consent remembering in oauth2 (#824) 2022-06-20 03:37:39 +02:00			`WORKDIR /usr/src/kanidm/kanidmd/daemon`

Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# Exports don't persist through RUN statements.`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00			`RUN --mount=type=cache,id=cargo,target=/cargo \`
			`--mount=type=cache,id=sccache,target=/sccache \`
			`export CARGO_HOME=/cargo && \`
			`export SCCACHE_DIR=/sccache && \`
			`export RUSTC_WRAPPER=/usr/bin/sccache && \`
			`export CC="/usr/bin/clang" && \`
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \`
			`--target-dir="/usr/src/kanidm/target/" \`
			`--features="${KANIDM_FEATURES}" \`
			`--release; \`
			`sccache -s`
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# ======================`

Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00			`FROM repos`
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`RUN \`
			`--mount=type=cache,id=zypp,target=/var/cache/zypp \`
			`zypper install -y \`
Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. 2020-05-06 09:37:07 +02:00			`timezone \`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`openssl-3 \`
Build improvements 2020-08-06 08:05:33 +02:00			`sqlite3 \`
Dockerized containerybuilds (#741) * let us see if we can dockerize this crab 2022-05-08 05:00:34 +02:00			`pam`
Update outdated libraries and add helper make argument. 2020-04-11 02:32:56 +02:00
Merge pull request #222 from kanidm/20200508-docker-fix This fixes an incorrect path in the suse image 2020-05-08 02:50:05 +02:00			`COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/`
enable build htmx in docker (#2893) 2024-07-15 10:06:15 +02:00			`COPY --from=builder /usr/src/kanidm/server/core/static /hpkg`
Building kanidm cli in docker, disabling ARM kanidmd (#879) * adding kanidm image and config * removing npm deps from build and dockerfiles * moving to a non-root user in the dockerfile 2022-07-05 03:39:38 +02:00			`RUN chmod +x /sbin/kanidmd`
Large rework of audit logging 2018-12-27 06:22:03 +01:00
Docker-and-docs-fixes (#2954) * removing VOLUME entry from server container * link fixing * link fixing in docs 2024-08-05 02:27:45 +02:00			`WORKDIR /data`

199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password. 2020-06-10 04:07:43 +02:00			`EXPOSE 8443 3636`
Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. 2020-05-06 09:37:07 +02:00
Docs updates (#2961) 2024-08-10 11:30:51 +02:00			`ENV RUST_BACKTRACE=1`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00
Oauth2 in htmx (#2912) * Apply suggestions from code review Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2024-07-20 04:30:06 +02:00			`HEALTHCHECK \`
			`--interval=60s \`
			`--timeout=10s \`
			`--start-period=60s \`
			`--start-interval=5s \`
			`--retries=3 \`
			`CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]`

Building kanidm cli in docker, disabling ARM kanidmd (#879) * adding kanidm image and config * removing npm deps from build and dockerfiles * moving to a non-root user in the dockerfile 2022-07-05 03:39:38 +02:00			`CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]`