diff --git a/Dockerfile b/Dockerfile index 83080de2..8b89e11b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,14 +11,22 @@ FROM alpine:latest LABEL maintainer="AdGuard Team " # Update CA certs -RUN apk --no-cache --update add ca-certificates && \ - rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome +RUN apk --no-cache --update add ca-certificates libcap && \ + rm -rf /var/cache/apk/* && \ + mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \ + chown -R nobody: /opt/adguardhome -COPY --from=build /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome +COPY --from=build --chown=nobody: /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome + +RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"] +WORKDIR /opt/adguardhome/work + +#USER nobody + ENTRYPOINT ["/opt/adguardhome/AdGuardHome"] -CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"] \ No newline at end of file +CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"] diff --git a/Dockerfile.travis b/Dockerfile.travis index 327ccb8d..bdfbb00a 100644 --- a/Dockerfile.travis +++ b/Dockerfile.travis @@ -2,15 +2,22 @@ FROM alpine:latest LABEL maintainer="AdGuard Team " # Update CA certs -RUN apk --no-cache --update add ca-certificates && \ - rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome +RUN apk --no-cache --update add ca-certificates libcap && \ + rm -rf /var/cache/apk/* && \ + mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \ + chown -R nobody: /opt/adguardhome +COPY --chown=nobody: ./AdGuardHome /opt/adguardhome/AdGuardHome -COPY ./AdGuardHome /opt/adguardhome/AdGuardHome +RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"] +WORKDIR /opt/adguardhome/work + +#USER nobody + ENTRYPOINT ["/opt/adguardhome/AdGuardHome"] CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..1c3d6646 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +%YAML 1.2 +--- +# https://docs.docker.com/compose/compose-file/ + +version: '2.4' + +services: + + adguard-home: + image: adguard/adguardhome:armhf-latest + init: true + ports: + - "53:53/tcp" + - "53:53/udp" + - "67:67/tcp" + - "67:67/udp" + - "68:68/tcp" + - "68:68/udp" + - "80:80/tcp" + - "443:443/tcp" + - "853:853/tcp" + - "853:853/udp" + - "3000:3000/tcp" + volumes: + - /opt/adguard-home:/opt/adguardhome/conf + - /srv/adguard-home:/opt/adguardhome/work + #user: nobody + read_only: true + restart: always + +...