Dockerfile

# Initial base from https://github.com/leonardochaia/docker-monerod/blob/master/src/Dockerfile
# Alpine specifics from https://github.com/cornfeedhobo/docker-monero/blob/f96711415f97af1fc9364977d1f5f5ecd313aad0/Dockerfile

# Set Monero branch or tag to build
ARG MONERO_BRANCH

# Set the proper HEAD commit hash for the given branch/tag in MONERO_BRANCH
ARG MONERO_COMMIT_HASH

# Select Alpine 3.x for the build image base
FROM alpine:3.16 as build

# Upgrade base image
RUN set -ex && apk --update --no-cache upgrade

# Install all dependencies for a static build
RUN set -ex && apk add --update --no-cache \
    autoconf \
    automake \
    boost \
    boost-atomic \
    boost-build \
    boost-build-doc \
    boost-chrono \
    boost-container \
    boost-context \
    boost-contract \
    boost-coroutine \
    boost-date_time \
    boost-dev \
    boost-doc \
    boost-fiber \
    boost-filesystem \
    boost-graph \
    boost-iostreams \
    boost-libs \
    boost-locale \
    boost-log \
    boost-log_setup \
    boost-math \
    boost-prg_exec_monitor \
    boost-program_options \
    boost-python3 \
    boost-random \
    boost-regex \
    boost-serialization \
    boost-stacktrace_basic \
    boost-stacktrace_noop \
    boost-static \
    boost-system \
    boost-thread \
    boost-timer \
    boost-type_erasure \
    boost-unit_test_framework \
    boost-wave \
    boost-wserialization \
    ca-certificates \
    cmake \
    curl \
    dev86 \
    doxygen \
    eudev-dev \
    file \
    g++ \
    git \
    graphviz \
    libexecinfo-dev \
    libsodium-dev \
    libtool \
    libusb-dev \
    linux-headers \
    make \
    miniupnpc-dev \
    ncurses-dev \
    openssl-dev \
    pcsc-lite-dev \
    pkgconf \
    protobuf-dev \
    rapidjson-dev \
    readline-dev \
    zeromq-dev

# Set necessary args and environment variables for building Monero
ARG MONERO_BRANCH
ARG MONERO_COMMIT_HASH
ARG NPROC
ARG TARGETARCH
ENV CFLAGS='-fPIC'
ENV CXXFLAGS='-fPIC -DELPP_FEATURE_CRASH_LOG'
ENV USE_SINGLE_BUILDDIR 1
ENV BOOST_DEBUG         1

# Build expat, a dependency for libunbound
RUN set -ex && wget https://github.com/libexpat/libexpat/releases/download/R_2_4_8/expat-2.4.8.tar.bz2 && \
    echo "a247a7f6bbb21cf2ca81ea4cbb916bfb9717ca523631675f99b3d4a5678dcd16  expat-2.4.8.tar.bz2" | sha256sum -c && \
    tar -xf expat-2.4.8.tar.bz2 && \
    rm expat-2.4.8.tar.bz2 && \
    cd expat-2.4.8 && \
    ./configure --enable-static --disable-shared --prefix=/usr && \
    make -j${NPROC:-$(nproc)} && \
    make -j${NPROC:-$(nproc)} install

# Build libunbound for static builds
WORKDIR /tmp
RUN set -ex && wget https://www.nlnetlabs.nl/downloads/unbound/unbound-1.16.1.tar.gz && \
    echo "2fe4762abccd564a0738d5d502f57ead273e681e92d50d7fba32d11103174e9a  unbound-1.16.1.tar.gz" | sha256sum -c && \
    tar -xzf unbound-1.16.1.tar.gz && \
    rm unbound-1.16.1.tar.gz && \
    cd unbound-1.16.1 && \
    ./configure --disable-shared --enable-static --without-pyunbound --with-libexpat=/usr --with-ssl=/usr --with-libevent=no --without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only --with-pic && \
    make -j${NPROC:-$(nproc)} && \
    make -j${NPROC:-$(nproc)} install

# Switch to Monero source directory
WORKDIR /monero

# Git pull Monero source at specified tag/branch and compile statically-linked monerod binary
RUN set -ex && git clone --recursive --branch ${MONERO_BRANCH} \
    --depth 1 --shallow-submodules \
    https://github.com/monero-project/monero . \
    && test `git rev-parse HEAD` = ${MONERO_COMMIT_HASH} || exit 1 \
    && case ${TARGETARCH:-amd64} in \
        "arm64") CMAKE_ARCH="armv8-a"; CMAKE_BUILD_TAG="linux-armv8" ;; \
        "amd64") CMAKE_ARCH="x86-64"; CMAKE_BUILD_TAG="linux-x64" ;; \
        *) echo "Dockerfile does not support this platform"; exit 1 ;; \
    esac \
    && mkdir -p build/release && cd build/release \
    && cmake -D ARCH=${CMAKE_ARCH} -D STATIC=ON -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG=${CMAKE_BUILD_TAG} ../.. \
    && cd /monero && nice -n 19 ionice -c2 -n7 make -j${NPROC:-$(nproc)} -C build/release daemon

# Begin final image build
# Select Alpine 3.x for the base image
FROM alpine:3.16

# Upgrade base image
RUN set -ex && apk --update --no-cache upgrade

# Install all dependencies for static binaries + curl for healthcheck
RUN set -ex && apk add --update --no-cache \
    curl \
    ca-certificates \
    libexecinfo \
    libsodium \
    ncurses-libs \
    pcsc-lite-libs \
    readline \
    tzdata \
    zeromq

# Add user and setup directories for monerod
RUN set -ex && \
    adduser -u 1000 -Ds /bin/bash monero && \
    mkdir -p /home/monero/.bitmonero && \
    chown -R monero:monero /home/monero/.bitmonero
USER monero

# Add the built monerod binary
COPY --chown=monero:monero --from=build /monero/build/release/bin/monerod /usr/local/bin/monerod

# Switch to home directory
WORKDIR /home/monero

# Expose p2p port
EXPOSE 18080

# Expose RPC port
EXPOSE 18081

# Add HEALTHCHECK against get_info endpoint
HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:18081/get_info || exit 1

# Start monerod with required --non-interactive flag and sane defaults that are overridden by user input (if applicable)
ENTRYPOINT ["monerod"]
CMD ["--rpc-restricted-bind-ip=0.0.0.0", "--rpc-restricted-bind-port=18089", "--no-igd", "--no-zmq", "--enable-dns-blocklist"]
initial commit 2023-04-01 02:10:15 +02:00			`# Initial base from https://github.com/leonardochaia/docker-monerod/blob/master/src/Dockerfile`
			`# Alpine specifics from https://github.com/cornfeedhobo/docker-monero/blob/f96711415f97af1fc9364977d1f5f5ecd313aad0/Dockerfile`

			`# Set Monero branch or tag to build`
			`ARG MONERO_BRANCH`

			`# Set the proper HEAD commit hash for the given branch/tag in MONERO_BRANCH`
			`ARG MONERO_COMMIT_HASH`

			`# Select Alpine 3.x for the build image base`
			`FROM alpine:3.16 as build`

			`# Upgrade base image`
			`RUN set -ex && apk --update --no-cache upgrade`

			`# Install all dependencies for a static build`
			`RUN set -ex && apk add --update --no-cache \`
			`autoconf \`
			`automake \`
			`boost \`
			`boost-atomic \`
			`boost-build \`
			`boost-build-doc \`
			`boost-chrono \`
			`boost-container \`
			`boost-context \`
			`boost-contract \`
			`boost-coroutine \`
			`boost-date_time \`
			`boost-dev \`
			`boost-doc \`
			`boost-fiber \`
			`boost-filesystem \`
			`boost-graph \`
			`boost-iostreams \`
			`boost-libs \`
			`boost-locale \`
			`boost-log \`
			`boost-log_setup \`
			`boost-math \`
			`boost-prg_exec_monitor \`
			`boost-program_options \`
			`boost-python3 \`
			`boost-random \`
			`boost-regex \`
			`boost-serialization \`
			`boost-stacktrace_basic \`
			`boost-stacktrace_noop \`
			`boost-static \`
			`boost-system \`
			`boost-thread \`
			`boost-timer \`
			`boost-type_erasure \`
			`boost-unit_test_framework \`
			`boost-wave \`
			`boost-wserialization \`
			`ca-certificates \`
			`cmake \`
			`curl \`
			`dev86 \`
			`doxygen \`
			`eudev-dev \`
			`file \`
			`g++ \`
			`git \`
			`graphviz \`
			`libexecinfo-dev \`
			`libsodium-dev \`
			`libtool \`
			`libusb-dev \`
			`linux-headers \`
			`make \`
			`miniupnpc-dev \`
			`ncurses-dev \`
			`openssl-dev \`
			`pcsc-lite-dev \`
			`pkgconf \`
			`protobuf-dev \`
			`rapidjson-dev \`
			`readline-dev \`
			`zeromq-dev`

			`# Set necessary args and environment variables for building Monero`
			`ARG MONERO_BRANCH`
			`ARG MONERO_COMMIT_HASH`
			`ARG NPROC`
			`ARG TARGETARCH`
			`ENV CFLAGS='-fPIC'`
			`ENV CXXFLAGS='-fPIC -DELPP_FEATURE_CRASH_LOG'`
			`ENV USE_SINGLE_BUILDDIR 1`
			`ENV BOOST_DEBUG 1`

			`# Build expat, a dependency for libunbound`
			`RUN set -ex && wget https://github.com/libexpat/libexpat/releases/download/R_2_4_8/expat-2.4.8.tar.bz2 && \`
			`echo "a247a7f6bbb21cf2ca81ea4cbb916bfb9717ca523631675f99b3d4a5678dcd16 expat-2.4.8.tar.bz2" \| sha256sum -c && \`
			`tar -xf expat-2.4.8.tar.bz2 && \`
			`rm expat-2.4.8.tar.bz2 && \`
			`cd expat-2.4.8 && \`
			`./configure --enable-static --disable-shared --prefix=/usr && \`
			`make -j${NPROC:-$(nproc)} && \`
			`make -j${NPROC:-$(nproc)} install`

			`# Build libunbound for static builds`
			`WORKDIR /tmp`
			`RUN set -ex && wget https://www.nlnetlabs.nl/downloads/unbound/unbound-1.16.1.tar.gz && \`
			`echo "2fe4762abccd564a0738d5d502f57ead273e681e92d50d7fba32d11103174e9a unbound-1.16.1.tar.gz" \| sha256sum -c && \`
			`tar -xzf unbound-1.16.1.tar.gz && \`
			`rm unbound-1.16.1.tar.gz && \`
			`cd unbound-1.16.1 && \`
			`./configure --disable-shared --enable-static --without-pyunbound --with-libexpat=/usr --with-ssl=/usr --with-libevent=no --without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only --with-pic && \`
			`make -j${NPROC:-$(nproc)} && \`
			`make -j${NPROC:-$(nproc)} install`

			`# Switch to Monero source directory`
			`WORKDIR /monero`

			`# Git pull Monero source at specified tag/branch and compile statically-linked monerod binary`
			`RUN set -ex && git clone --recursive --branch ${MONERO_BRANCH} \`
			`--depth 1 --shallow-submodules \`
			`https://github.com/monero-project/monero . \`
			&& test `git rev-parse HEAD` = ${MONERO_COMMIT_HASH} \|\| exit 1 \
			`&& case ${TARGETARCH:-amd64} in \`
			`"arm64") CMAKE_ARCH="armv8-a"; CMAKE_BUILD_TAG="linux-armv8" ;; \`
			`"amd64") CMAKE_ARCH="x86-64"; CMAKE_BUILD_TAG="linux-x64" ;; \`
			`*) echo "Dockerfile does not support this platform"; exit 1 ;; \`
			`esac \`
			`&& mkdir -p build/release && cd build/release \`
			`&& cmake -D ARCH=${CMAKE_ARCH} -D STATIC=ON -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG=${CMAKE_BUILD_TAG} ../.. \`
			`&& cd /monero && nice -n 19 ionice -c2 -n7 make -j${NPROC:-$(nproc)} -C build/release daemon`

			`# Begin final image build`
			`# Select Alpine 3.x for the base image`
			`FROM alpine:3.16`

			`# Upgrade base image`
			`RUN set -ex && apk --update --no-cache upgrade`

			`# Install all dependencies for static binaries + curl for healthcheck`
			`RUN set -ex && apk add --update --no-cache \`
			`curl \`
			`ca-certificates \`
			`libexecinfo \`
			`libsodium \`
			`ncurses-libs \`
			`pcsc-lite-libs \`
			`readline \`
			`tzdata \`
			`zeromq`

			`# Add user and setup directories for monerod`
			`RUN set -ex && \`
			`adduser -u 1000 -Ds /bin/bash monero && \`
			`mkdir -p /home/monero/.bitmonero && \`
			`chown -R monero:monero /home/monero/.bitmonero`
			`USER monero`

			`# Add the built monerod binary`
			`COPY --chown=monero:monero --from=build /monero/build/release/bin/monerod /usr/local/bin/monerod`

			`# Switch to home directory`
			`WORKDIR /home/monero`

			`# Expose p2p port`
			`EXPOSE 18080`

			`# Expose RPC port`
			`EXPOSE 18081`

			`# Add HEALTHCHECK against get_info endpoint`
			`HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:18081/get_info \|\| exit 1`

			`# Start monerod with required --non-interactive flag and sane defaults that are overridden by user input (if applicable)`
			`ENTRYPOINT ["monerod"]`
			`CMD ["--rpc-restricted-bind-ip=0.0.0.0", "--rpc-restricted-bind-port=18089", "--no-igd", "--no-zmq", "--enable-dns-blocklist"]`