Removed redundant runtime dependencies (#2750)
Applied consistent formatting Minimized layer overhead Improved port handling (making it modifiable from docker build) Co-authored-by: Fabian Portner <fportner@seemoo.tu-darmstadt.de>
This commit is contained in:
Fabian
GitHub
89
Dockerfile
89
Dockerfile
@@ -4,60 +4,85 @@
|
||||
## Please read the Wiki Installation section on set-up using Docker prior to building this container. ##
|
||||
## BeEF does NOT allow authentication with default credentials. So please, at the very least ##
|
||||
## change the username:password in the config.yaml file to something secure that is not beef:beef ##
|
||||
## before building or you will to denied access and have to rebuild anyway. ##
|
||||
## before building or you will be denied access and have to rebuild anyway. ##
|
||||
## ##
|
||||
###########################################################################################################
|
||||
###########################################################################################################
|
||||
|
||||
# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
|
||||
FROM ruby:2.7.5-alpine AS builder
|
||||
LABEL maintainer="Beef Project: github.com/beefproject/beef"
|
||||
|
||||
# Install gems in parallel with 4 workers to expedite build process.=
|
||||
ARG BUNDLER_ARGS="--jobs=4"
|
||||
|
||||
# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
|
||||
RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
|
||||
FROM ruby:3.2.1-slim-bullseye AS builder
|
||||
|
||||
COPY . /beef
|
||||
|
||||
# Add bundler/gem dependencies and then install
|
||||
RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
|
||||
bundle install --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
|
||||
# Temp fix for https://github.com/bundler/bundler/issues/6680
|
||||
rm -rf /usr/local/bundle/cache
|
||||
|
||||
WORKDIR /beef
|
||||
|
||||
# So we don't need to run as root
|
||||
RUN chmod -R a+r /usr/local/bundle
|
||||
# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files.
|
||||
# Then add bundler/gem dependencies and install.
|
||||
# Finally change permissions of bundle installs so we don't need to run as root.
|
||||
RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
git \
|
||||
curl \
|
||||
xz-utils \
|
||||
make \
|
||||
g++ \
|
||||
libcurl4-openssl-dev \
|
||||
ruby-dev \
|
||||
libffi-dev \
|
||||
zlib1g-dev \
|
||||
libsqlite3-dev \
|
||||
sqlite3 \
|
||||
&& bundle install --gemfile=/beef/Gemfile --jobs=`nproc` \
|
||||
&& rm -rf /usr/local/bundle/cache \
|
||||
&& chmod -R a+r /usr/local/bundle \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
# ------------------------------------- End of Builder 0 -------------------------------------------------
|
||||
|
||||
|
||||
# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
|
||||
FROM ruby:2.7.5-alpine
|
||||
LABEL maintainer="Beef Project: github.com/beefproject/beef"
|
||||
FROM ruby:3.2.1-slim-bullseye
|
||||
LABEL maintainer="Beef Project" \
|
||||
source_url="github.com/beefproject/beef" \
|
||||
homepage="https://beefproject.com/"
|
||||
|
||||
# Create service account to run BeEF
|
||||
RUN adduser -h /beef -g beef -D beef
|
||||
# BeEF UI/Hook port
|
||||
ARG UI_PORT=3000
|
||||
ARG PROXY_PORT=6789
|
||||
ARG WEBSOCKET_PORT=61985
|
||||
ARG WEBSOCKET_SECURE_PORT=61986
|
||||
|
||||
COPY --chown=1000:1000 . /beef
|
||||
|
||||
# Create service account to run BeEF and install BeEF's runtime dependencies
|
||||
RUN adduser --home /beef --gecos beef --disabled-password beef \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
curl \
|
||||
openssl \
|
||||
libssl-dev \
|
||||
libreadline-dev \
|
||||
libyaml-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
libncurses5-dev \
|
||||
libsqlite3-dev \
|
||||
sqlite3 \
|
||||
zlib1g \
|
||||
bison \
|
||||
nodejs \
|
||||
&& apt-get -y clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Use gemset created by the builder above
|
||||
COPY --chown=beef:beef . /beef
|
||||
COPY --from=builder /usr/local/bundle /usr/local/bundle
|
||||
|
||||
# Install BeEF's runtime dependencies
|
||||
RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses automake libtool bison nodejs
|
||||
|
||||
WORKDIR /beef
|
||||
|
||||
# Ensure we are using our service account by default
|
||||
USER beef
|
||||
|
||||
# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
|
||||
EXPOSE 3000 6789 61985 61986
|
||||
# Expose UI, Proxy, WebSocket server, and WebSocketSecure server ports
|
||||
EXPOSE $UI_PORT $PROXY_PORT $WEBSOCKET_PORT $WEBSOCKET_SECURE_PORT
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:3000" ]
|
||||
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:$UI_PORT" ]
|
||||
|
||||
WORKDIR /beef
|
||||
ENTRYPOINT ["/beef/beef"]
|
||||
# ------------------------------------- End of Builder 1 -------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user