search

weserv / images

Source code of wsrv.nl (formerly images.weserv.nl), to be used on your own server(s).
https://wsrv.nl/
BSD 3-Clause "New" or "Revised" License
1.86k stars 187 forks source link

Question: reduce size of docker image #316

Closed giautm closed 2 years ago

giautm commented 2 years ago

Current size of docker image is quite large. Can we reduce size to ~ 300MB for faster pull/push when deploy?

REPOSITORY             TAG  IMAGE ID      CREATED      SIZE
ghcr.io/weserv/images  5.x  da62b9286622  10 days ago  1.12GB
kleisauke commented 2 years ago

This is a known issue. I'm not sure if ~300MB is is possible, since the base CentOS 8 image is already ~239MB, see for example:

$ podman pull centos:8
$ podman images
REPOSITORY             TAG         IMAGE ID      CREATED      SIZE
quay.io/centos/centos  8           5d0da3dc9764  6 weeks ago  239 MB

Of course, any further reduction in size would be great. I've considered changing the base image to another distro, but haven't yet found a better alternative. For example, libvips in Debian 10 is still on version 8.7.4 due to their policy of never updating packages (except for security fixes and critical bugs) because they prioritize stability. Alpine is a very popular rolling release system, but unfortunately only has a default thread stack size of 128k, which can lead to stack overflows in the dependencies of libvips (see for e.g. issue https://github.com/libvips/libvips/issues/1287).

Note that PR https://github.com/weserv/images/pull/276 tried to reduce the size of the image by using a multi-stage build, but this was not merged for several reasons:

A better approach to reduce the image size would be to remove the -devel dependencies, the build directory, and the DNF cache after configuring and building the CMake project. For example, I saw that someone did this on one of the forks: https://github.com/weserv/images/compare/8349d64...palamccc:5.x

Let's tag this as an enhancement. Very happy to accept a PR, if you're able.

giautm commented 2 years ago

Size of image after remove remove the -devel dependencies reduced to 1.07GB (only 50MB). I think there are still a lot of files we can remove (e.g: gcc cache during build phase).

REPOSITORY     TAG     IMAGE ID      CREATED        SIZE
weserv/images  latest  35914800957a  6 seconds ago  1.07GB

The issue https://github.com/libvips/libvips/issues/1287 has been resolved by allow to set VIPS_MIN_STACK_SIZE to change stack size. Is any help to switch to Alpine?

giautm commented 2 years ago

I able to build docker image to reduce size to 451MB. Can you double-check any issue with it?

REPOSITORY     TAG     IMAGE ID      CREATED            SIZE
weserv/images  alpine  969a998f93ce  7 seconds ago      451MB
weserv/images  latest  35914800957a  About an hour ago  1.07GB
FROM alpine:3.13.6

RUN apk add --update-cache \
  --repository https://dl-3.alpinelinux.org/alpine/edge/testing/ \
  --repository https://dl-3.alpinelinux.org/alpine/edge/main \
  build-base cmake git \
  libjpeg-turbo \
  openssl openssl-dev \
  vips vips-dev

# Copy the contents of this repository to the container
COPY . /var/www/imagesweserv

WORKDIR /var/www/imagesweserv/build

# Build CMake-based project
ARG NGINX_VERSION=1.21.3
RUN cmake .. \
  -DCMAKE_BUILD_TYPE=Release \
  -DBUILD_TOOLS=ON \
  -DNGX_VERSION=$NGINX_VERSION \
  -DCUSTOM_NGX_FLAGS="--prefix=/usr/share/nginx;\
--sbin-path=/usr/sbin/nginx;\
--modules-path=/usr/lib64/nginx/modules;\
--conf-path=/etc/nginx/nginx.conf;\
--error-log-path=/var/log/nginx/error.log;\
--http-log-path=/var/log/nginx/access.log;\
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body;\
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy;\
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi;\
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi;\
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi;\
--pid-path=/run/nginx.pid;\
--lock-path=/run/lock/subsys/nginx;\
--user=nginx;\
--group=nginx" \
  && make -j"$(nproc)" \
  && cd .. \
  && rm -Rf build /var/cache/*

# Cleanup build dependencies
RUN apk del build-base cmake git openssl-dev vips-dev

WORKDIR /var/www/imagesweserv

RUN addgroup -S nginx && adduser -S nginx -G nginx

# Ensure nginx directories exist
RUN mkdir -m 700 /var/lib/nginx \
  && mkdir -m 700 /var/lib/nginx/tmp \
  # Forward request and error logs to docker log collector
  && ln -sf /dev/stdout /var/log/nginx/weserv-access.log \
  && ln -sf /dev/stderr /var/log/nginx/weserv-error.log \
  # Copy nginx configuration to the appropriate location
  && cp /var/www/imagesweserv/ngx_conf/*.conf /etc/nginx

EXPOSE 80

ENTRYPOINT ["nginx", "-g", "daemon off;"]
kleisauke commented 2 years ago

I'm not sure if VIPS_MIN_STACK_SIZE helps in all scenarios, for example a thread spawned by an external dependency would not honor this env variable. Another thing to consider is that Alpine packages are built with -Os by default (optimized for binary size) whereas CentOS/RHEL/Fedora uses, -O2 (optimized for performance). libvips from Remi's RPM repository also enables auto-vectorization, which would speed things up even more.

Given this, I'm a bit reluctant to switch the pre-built Docker image to Alpine Linux, but you're always free to use an other Linux distro of your choice.

Can you double-check any issue with it?

I will review PR #317 in the course of next week.

giautm commented 2 years ago

Can we compile libvips from source code for alpine?

https://github.com/felixbuenemann/vips-alpine/blob/master/Dockerfile#L5-L30

kleisauke commented 2 years ago

With commit https://github.com/weserv/images/commit/a9488c4112e714970c40e34a0f684688e372b36c and https://github.com/weserv/images/commit/cee18376672cf37a1e5fed3ea05c85f7cfd5f5f5 I now see:

$ podman images
REPOSITORY                TAG         IMAGE ID      CREATED        SIZE
localhost/weserv/images   custom      61c3cce52b29  3 seconds ago  588 MB
localhost/weserv/images   alpine      b04aa046a324  4 minutes ago  96.4 MB
localhost/weserv/images   latest      325490d9ea82  6 minutes ago  622 MB
quay.io/centos/centos     8           5d0da3dc9764  6 weeks ago    239 MB
docker.io/library/alpine  3.14        14119a10abf4  2 months ago   5.87 MB

The weserv/images:custom tag is based on the experimental RPMS repo from https://rpms.weserv.nl, see comment https://github.com/weserv/images/issues/298#issuecomment-955697355 on how to use that.

Can we compile libvips from source code for alpine?

I prefer to install libvips through the standard package managers, this ensures that it can be easily updated in a running container and avoids some maintenance.

kleisauke commented 2 years ago

FWIW, the released image on the GitHub Container Registry is even smaller :tada:

$ docker images
REPOSITORY              TAG       IMAGE ID       CREATED          SIZE
ghcr.io/weserv/images   5.x       e13dfa2278ad   15 minutes ago   595MB
giautm commented 2 years ago

The results are amazing. Thank you very much!

giautm commented 2 years ago

Hi @kleisauke, I just build alpine in local and facing an error.

giautm ➜ ~/develop $ docker run -p 8080:80 --name=imagesweserv giautm/weserv-images:alpine-3.14
nginx: [emerg] mkdir() "/var/cache/nginx/fastcgi_temp" failed (2: No such file or directory)
giautm commented 2 years ago

My bad, new docker requires a volume to mount

docker run -p 8080:80 --name=imagesweserv -v $(pwd)/nginx-cache:/var/cache/nginx -v $(pwd)/nginx-pid:/var/run giautm/weserv-images:alpine-3.14
kleisauke commented 2 years ago

Those host volumes mount points shouldn't be necessary, commit https://github.com/weserv/images/commit/82771fc62b27e8d32eb428edc17f71efd6273725 fixes this.

After further testing, I noticed that AVIF and GIF output doesn't work in the Alpine based Docker image, the former needs further investigation, the latter is due to the missing ImageMagick dependency. The upcoming libvips 8.12 has a gifsave operation that uses cgif, so IM should then not be necessary (for saving GIF images at least).

For now, I can recommend disabling these savers in the Alpine based Docker image by using a custom nginx configuration that includes:

weserv_savers jpg png webp tiff json; # Disable AVIF and GIF output
kleisauke commented 2 years ago

AVIF output in the Alpine-based Docker image should work after commit https://github.com/weserv/images/commit/a0c4337b33bd71223c0cac7870daa7b32215a6ca. GIF output should work once Alpine updates libvips to 8.12 and builds against libcgif.