up
This commit is contained in:
parent
ed90577f95
commit
b8abce4d4a
28
Dockerfile
28
Dockerfile
@ -1,19 +1,27 @@
|
||||
# ----- build -----
|
||||
FROM golang:1.24 AS builder
|
||||
# ---------- build ----------
|
||||
FROM golang:1.22-alpine AS builder
|
||||
WORKDIR /src
|
||||
RUN apk add --no-cache build-base # gcc/make/musl-dev pour cgo
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
|
||||
COPY . .
|
||||
# Si ton main est à la racine (main.go), garde ./ ; sinon mets le chemin du main
|
||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /out/shelfy .
|
||||
# Si ton main est à la racine : "."
|
||||
# Sinon remplace le dernier "." par le chemin du package main.
|
||||
RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o /out/shelfy .
|
||||
|
||||
# ----- runtime -----
|
||||
# ---------- runtime ----------
|
||||
FROM alpine:3.20
|
||||
# sh est présent (utile pour le "tee")
|
||||
RUN adduser -D -u 10001 appuser
|
||||
# utilitaires utiles (shell, certificats, timezone)
|
||||
RUN apk add --no-cache ca-certificates tzdata
|
||||
|
||||
WORKDIR /app
|
||||
COPY --from=builder /out/shelfy /app/shelfy
|
||||
RUN chmod +x /app/shelfy && mkdir -p /app/data /app/upload /var/log/shelfy && chown -R appuser:appuser /app
|
||||
USER appuser
|
||||
ENTRYPOINT ["/bin/sh","-c","/app/shelfy 2>&1 | tee -a /var/log/shelfy/shelfy.log"]
|
||||
|
||||
# Prépare les répertoires (DB, upload, logs)
|
||||
RUN mkdir -p /app/data /app/upload /var/log/shelfy \
|
||||
&& chmod -R 0775 /var/log/shelfy /app
|
||||
|
||||
# Lance l'appli et duplique les logs vers un fichier pour Fail2ban
|
||||
ENTRYPOINT ["/bin/sh","-lc","/app/shelfy 2>&1 | tee -a /var/log/shelfy/shelfy.log"]
|
||||
|
||||
@ -9,14 +9,17 @@ services:
|
||||
working_dir: /app
|
||||
ports:
|
||||
- "8090:8080"
|
||||
- "2121:2121" # si tu gardes FTP
|
||||
- "30000-30100:30000-30100" # si tu gardes FTP
|
||||
- "2222:2222" # SFTP
|
||||
|
||||
- "2121:2121"
|
||||
- "30000-30100:30000-30100"
|
||||
- "2222:2222"
|
||||
extra_hosts:
|
||||
- "dockerhost:host-gateway" # accès à l'hôte depuis le conteneur
|
||||
- "dockerhost:host-gateway"
|
||||
environment:
|
||||
- SHELFY_DATA_DIR=/app/data # si ton code lit cette var (cf. patch précédent)
|
||||
volumes:
|
||||
- shelfy_upload:/app/upload
|
||||
- shelfy_data:/app/data # <-- volume pour SQLite
|
||||
- shelfy_logs:/var/log/shelfy # <-- logs lus par Fail2ban
|
||||
labels:
|
||||
- traefik.http.routers.shelfy.middlewares=webdav-allow-methods@docker
|
||||
- traefik.http.middlewares.webdav-allow-methods.headers.accesscontrolallowmethods=GET,PUT,POST,DELETE,PROPFIND,OPTIONS,LOCK,UNLOCK,HEAD
|
||||
@ -25,6 +28,25 @@ services:
|
||||
- 8.8.8.8
|
||||
- 1.1.1.1
|
||||
restart: unless-stopped
|
||||
# ⚠️ Supprime la directive 'command:' ici, l'ENTRYPOINT du Dockerfile s'en charge.
|
||||
|
||||
fail2ban:
|
||||
image: crazymax/fail2ban:latest
|
||||
container_name: fail2ban
|
||||
network_mode: host
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
- F2B_LOG_TARGET=STDOUT
|
||||
- F2B_DB_PURGE_AGE=1d
|
||||
volumes:
|
||||
- ./fail2ban:/data
|
||||
- shelfy_logs:/var/log/shelfy:ro
|
||||
restart: unless-stopped
|
||||
|
||||
volumes:
|
||||
shelfy_upload:
|
||||
shelfy_data:
|
||||
shelfy_logs:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user