boostchicken
commented
4 years ago FYI, this is considered a Docker best practice, and also a security one. You don't want a c compiler sitting around incase your box gets compromised :)
Closed boostchicken closed 4 years ago
boostchicken
commented
4 years ago FYI, this is considered a Docker best practice, and also a security one. You don't want a c compiler sitting around incase your box gets compromised :)
tusc
commented
4 years ago @boostchicken have a look at my Dockerfile which gets pushed to dockerhub: https://github.com/tusc/ntopng-udm/blob/master/Dockerfile
I don't include gcc and all the build tools in that image. I build two deb packages, ntop.deb and ntop-data.deb and package them with their dependancies using the debian package build files provided by ntopng.
I agree the image is a little big. Ideally I would like to use alpine Linux but the ntopng team doesn't maintain a recent apkbuild file.
I do provide a secondary Dockerfile for folks that want to build ntopng: https://github.com/tusc/ntopng-udm/blob/master/source/Dockerfile
It is a docker best practice to keep the image as minimal as possible. It would be great to build all these binaries and then copy them over to a fresh image. Here is a very simple example
https://github.com/boostchicken/udm-utilities/blob/master/nextdns/docker/Dockerfile
It would look like everything you have now, just in the 2nd part you only copy the files you need to have over from the builder image. That looks like redis server, nDPI, and the ntopng binaries.