use a minimalist+secure image for ffmpeg as a base

[dolanor]

As the image ran by the server only needs emissary + ffmpeg, we don't need the whole debian heavy base. And as ffmpeg is the more annoying to install because of its dependencies, it's better to go that way.

chainguard are well known to keep the images small and secure. I think they could be a good base. And we go from 800~MB -> 150MB.

[benpate]

This is a fantastic suggestion. I’m going to try out your images, then most likely merge it in instead of the images that I picked.

One question: (and I’ll try to answer this directly with Chainguard, too) it appears that they’re a for profit company. Is there any restriction on using their “community” images on a production server? Are their paid instances only for professional support, or are they required for any true public-facing use? For context, several people have expressed concern about Emissary’s use of MongoDB because of its semi-open-source-but-also-proprietary license structure. So, I’ll hope to provide default docker images that are 100% free to use in production.

[dolanor]

Well, I would put that on pause for the moment as it seems I had issues myself with uploads and file permissions in general. Maybe a little bit too secure 😅

I'll update it once I figure out how to make it good!

[benpate]

The default docker compose should use a separate volume for uploads, so that shouldn't be a problem.

In any case, I'll be curious to hear what you find. Thank you for this!