grim/gf2b

We need ca-certificates at runtime so just do a single stage image
draft default tip
2019-05-25, Gary Kramlich
1c9f750990ce
Parents bb2efaa4e4db
Children
We need ca-certificates at runtime so just do a single stage image
1 files changed, 12 insertions(+), 18 deletions(-)
  • +12 -18
    Dockerfile.fail2ban
    • --- a/Dockerfile.fail2ban Sat May 25 00:20:20 2019 -0500
    +++ b/Dockerfile.fail2ban Sat May 25 01:50:38 2019 -0500
    @@ -1,30 +1,24 @@
    -# grad doctl in a separate container so we can keep the final one tiny
    -FROM debian:buster-slim as doctl
    -
    -ENV DOCTL_VERSION=1.18.0
    -
    -RUN set -ex && \
    - apt-get update && \
    - apt-get install -y --no-install-recommends wget ca-certificates
    -
    -RUN set -ex && \
    - wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.tar.gz -O doctl.tar.gz && \
    - wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.sha256 -O doctl.sha256 && \
    - tar zxf doctl.tar.gz && \
    - sha256sum -c doctl.sha256 && \
    - chmod +x /doctl
    -
    # The actual image with fail2ban
    FROM debian:buster-slim
    RUN set -ex && \
    apt-get update && \
    - apt-get install --no-install-recommends -y fail2ban && \
    + apt-get install --no-install-recommends -y ca-certificates fail2ban wget && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists && \
    rm -f /etc/fail2ban/jail.d/* && \
    mkdir -p /var/run/fail2ban
    -COPY --from=doctl /doctl /usr/local/bin/doctl
    +ENV DOCTL_VERSION=1.18.0
    +
    +RUN set -ex && \
    + cd /tmp && \
    + wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.tar.gz -O doctl.tar.gz && \
    + wget https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.sha256 -O doctl.sha256 && \
    + tar zxf doctl.tar.gz && \
    + sha256sum -c doctl.sha256 && \
    + chmod +x doctl && \
    + mv doctl /usr/local/bin && \
    + rm doctl.tar.gz doctl.sha256
    CMD ["/usr/bin/fail2ban-server", "-f", "--logtarget", "stdout"]