search

akaunting / docker

Docker Image for Akaunting
https://github.com/akaunting/akaunting
GNU General Public License v3.0
182 stars 85 forks source link

Dev packages in containers and layers number improvemant ! #79

Open Brettdah opened 1 year ago

Brettdah commented 1 year ago

Hello there,

why do you use, the "-dev" packages in the container it's OK to use it when you are developping the app, so on a dev branch for exemple, but on master you should use the non dev to have containers as little as possible and production ready !

https://devops.stackexchange.com/questions/8017/how-do-dev-apk-packages-differ-on-alpine-for-the-purposes-of-creating-docker-im

a container should have as little number of layers as possible in production environnement I can see ways too impove yours in that way too.

it's OK to divide the RUNs when creating your container, to be able to start building from the last good step, but when you push a stable version you should just have 1 RUN (at least in this file) and just 1 COPY usualy I a create the "rootfs" of my containers in a file named data and then I do so your instructions should look like this :

RUN apt-get update \
  && apt-get -y upgrade --no-install-recommends \
  && apt-get install -y build-essential imagemagick libfreetype6 libicu libjpeg62-turbo libjpeg \
    libmcrypt libonig libpng libpq libssl libxml2 libxrender1 libzip locales openssl unzip zip zlib1g \
    --no-install-recommends \
  && apt-get clean && rm -rf /var/lib/apt/lists/* \
  && for locale in ${SUPPORTED_LOCALES}; do \
    sed -i 's/^# '"${locale}/${locale}/" /etc/locale.gen; done \
  && locale-gen \
  && docker-php-ext-configure gd --with-freetype --with-jpeg \
  && docker-php-ext-install -j$(nproc) gd bcmath intl mbstring pcntl pdo pdo_mysql zip \
  && mkdir -p /var/www/akaunting \
  && curl -Lo /tmp/akaunting.zip 'https://akaunting.com/download.php?version=latest&utm_source=docker&utm_campaign=developers' \
  && unzip /tmp/akaunting.zip -d /var/www/html \
  && rm -f /tmp/akaunting.zip

COPY ./data /

Or something like that... (I may have missed spaces or indent, be warned)

Then are you sure your app need build-essential package ? or are you installing it by habit As stated here if you don't need to create deb packages you shouldn't need-it !

As for openssl or libssl if you run a container with a web app you should use a revers proxy in front if you want to expose it, so let this proxy use the HTTPS protocole, if you run it on your computer why bother using SSL if you just set it to listen to 127.0.0.1 only you can touch your container, or any one gaining access to your computer... (in that case you are already screwed, ssl or not) and "\n" after each package is a bit to much for a production docker file ;) I wonder about "&&"

I will look over the alpine dockerfile that is more in my standard deployment ;) and propose a merge/pull request when tested on my side ;)

Brettdah commented 1 year ago

On my search for the lib without the "-dev" I search for libmycrypt, and remember that mcrypt is deprecated shouldn't you switch to libsodium ?