MarvAmBass
commented
9 years ago Hey Felix,
there are some things I don't like on this request. (But I've merged the reverse Proxy part from your other branch)
The Squashed Part:
for me in theory this shouldn't work in docker. Why? Docker uses different images (layers) and overlays them. So you think you make you're Image smaller, but in reality you just add a new Layer where some of the files are removed. This should make it at least a few Bytes fatter than before. You can check that, the size of you complete build should be nearly the same, or a bit higher.
Please let me know if I'm wrong here, it would be nice if that helps to reduce the size of the Containers.
A usefull benefit would be to increase the security, if you remove everything not needed for your application you reduce the size of the attackable surface of your Container internals. But on the other Hand it's much harder to use your Image as a base Image for something new.
The Piwik Version Part:
If you specify a piwik Version inside the Dockerfile, you always need to touch your Image if there is a new Version. And you need to know that there is a new Version available... It's right that this would be more stable, but not up to date.
I know that there are many Images out there that work that way. But I try to use a more secure (not stable) approach.
Let me show you a example why my approach is more secure and just a little less stable
If you don't build your own Images, you allways relay on other peoples work, as in this I've just created this Container for later use. There might be other old, orphaned or forgotten Containers who work great but use a old Software Version with many known and unfixed bugs.
The reason people don't know or just don't care which version you've specified - it runs maybe greater than other Images (like my headless install mode - currently marvambass/piwik is the only piwik Container who offers this kind of feature)
Imagine I don't care much about this Container - I don't have a usecase and it just lays around. In two years people might risk a lot of security without knowing.
By using the latest Image, new people react differently: "nice Container Feature - but it doesn't build/work etc., I'll ask the maintainer/file a Report/open a Ticket/fix it and create a pull request etc."
If you want to update, you should always test the Image before using it. Nothing is easier to test like a docker Container. Just start the new one on a internal port or internal reverse Proxy, check if everything works and Switch to the new Container. Or you have a script that checks it for you ;)
soupdiver
I shrunk the image a bit while reducing the amount of layers and removed unneeded unzip. Also added a new environment variable to specify the version of Piwik to use. This should make the image a bit more reliable.
Just check if you like the changes :)