Dockerfile optimization

[IvanBayan]

Dockerfile modifications, allow to reduce build time and size.

➜  Part-DB git:(master) ✗ time docker build -t partdb/original . > /tmp/partdb_original 
docker build -t partdb/original . > /tmp/partdb_original  0.47s user 0.29s system 0% cpu 5:20.56 total
➜  Part-DB git:(master) ✗ git checkout docker
M   docker-compose.yml
Switched to branch 'docker'
➜  Part-DB git:(docker) ✗ time docker build -t partdb/optimized . > /tmp/partdb_optimized
docker build -t partdb/optimized . > /tmp/partdb_optimized  0.42s user 0.28s system 0% cpu 2:53.87 total
➜  Part-DB git:(docker) ✗ docker image ls|grep partdb/
partdb/optimized                                       latest              90dc38b9ea00        2 minutes ago       733MB
partdb/original                                        latest              d5d61bf91a22        32 minutes ago      1.15GB

Files/directories permissions is a topic to discuss.

[jbtronics]

Has you tested what happens when you keep the section that sets permissions (the find and chmod stuff)? I dont think that this should have a big impact on build time.

On the other hand you dont have any other users in the container, so i does not make much sense trying to protect the files against other users...

[IvanBayan]

Yes, I had. It's doubled the size of image and build time. You can read more about it there. Docker was developed with container isolation in mind, so even if you run apache as root it will not so easy to harm docker host, anyway I like idea to grant minimal required permissions. If you want to protect code from modification in case of break in, then better idea to change owner of files to root:root. If you want to protect code against other users (in case of shared hosting for example), chowning to www-data|: will not work. Do you need data dir writable only for saving config file or you use it as upload dir too?