175 lines
5.3 KiB
Docker
175 lines
5.3 KiB
Docker
|
# Initial base from https://github.com/leonardochaia/docker-monerod/blob/master/src/Dockerfile
|
||
|
# Alpine specifics from https://github.com/cornfeedhobo/docker-monero/blob/f96711415f97af1fc9364977d1f5f5ecd313aad0/Dockerfile
|
||
|
|
||
|
# Set Monero branch or tag to build
|
||
|
ARG MONERO_BRANCH
|
||
|
|
||
|
# Set the proper HEAD commit hash for the given branch/tag in MONERO_BRANCH
|
||
|
ARG MONERO_COMMIT_HASH
|
||
|
|
||
|
# Select Alpine 3.x for the build image base
|
||
|
FROM alpine:3.16 as build
|
||
|
|
||
|
# Upgrade base image
|
||
|
RUN set -ex && apk --update --no-cache upgrade
|
||
|
|
||
|
# Install all dependencies for a static build
|
||
|
RUN set -ex && apk add --update --no-cache \
|
||
|
autoconf \
|
||
|
automake \
|
||
|
boost \
|
||
|
boost-atomic \
|
||
|
boost-build \
|
||
|
boost-build-doc \
|
||
|
boost-chrono \
|
||
|
boost-container \
|
||
|
boost-context \
|
||
|
boost-contract \
|
||
|
boost-coroutine \
|
||
|
boost-date_time \
|
||
|
boost-dev \
|
||
|
boost-doc \
|
||
|
boost-fiber \
|
||
|
boost-filesystem \
|
||
|
boost-graph \
|
||
|
boost-iostreams \
|
||
|
boost-libs \
|
||
|
boost-locale \
|
||
|
boost-log \
|
||
|
boost-log_setup \
|
||
|
boost-math \
|
||
|
boost-prg_exec_monitor \
|
||
|
boost-program_options \
|
||
|
boost-python3 \
|
||
|
boost-random \
|
||
|
boost-regex \
|
||
|
boost-serialization \
|
||
|
boost-stacktrace_basic \
|
||
|
boost-stacktrace_noop \
|
||
|
boost-static \
|
||
|
boost-system \
|
||
|
boost-thread \
|
||
|
boost-timer \
|
||
|
boost-type_erasure \
|
||
|
boost-unit_test_framework \
|
||
|
boost-wave \
|
||
|
boost-wserialization \
|
||
|
ca-certificates \
|
||
|
cmake \
|
||
|
curl \
|
||
|
dev86 \
|
||
|
doxygen \
|
||
|
eudev-dev \
|
||
|
file \
|
||
|
g++ \
|
||
|
git \
|
||
|
graphviz \
|
||
|
libexecinfo-dev \
|
||
|
libsodium-dev \
|
||
|
libtool \
|
||
|
libusb-dev \
|
||
|
linux-headers \
|
||
|
make \
|
||
|
miniupnpc-dev \
|
||
|
ncurses-dev \
|
||
|
openssl-dev \
|
||
|
pcsc-lite-dev \
|
||
|
pkgconf \
|
||
|
protobuf-dev \
|
||
|
rapidjson-dev \
|
||
|
readline-dev \
|
||
|
zeromq-dev
|
||
|
|
||
|
# Set necessary args and environment variables for building Monero
|
||
|
ARG MONERO_BRANCH
|
||
|
ARG MONERO_COMMIT_HASH
|
||
|
ARG NPROC
|
||
|
ARG TARGETARCH
|
||
|
ENV CFLAGS='-fPIC'
|
||
|
ENV CXXFLAGS='-fPIC -DELPP_FEATURE_CRASH_LOG'
|
||
|
ENV USE_SINGLE_BUILDDIR 1
|
||
|
ENV BOOST_DEBUG 1
|
||
|
|
||
|
# Build expat, a dependency for libunbound
|
||
|
RUN set -ex && wget https://github.com/libexpat/libexpat/releases/download/R_2_4_8/expat-2.4.8.tar.bz2 && \
|
||
|
echo "a247a7f6bbb21cf2ca81ea4cbb916bfb9717ca523631675f99b3d4a5678dcd16 expat-2.4.8.tar.bz2" | sha256sum -c && \
|
||
|
tar -xf expat-2.4.8.tar.bz2 && \
|
||
|
rm expat-2.4.8.tar.bz2 && \
|
||
|
cd expat-2.4.8 && \
|
||
|
./configure --enable-static --disable-shared --prefix=/usr && \
|
||
|
make -j${NPROC:-$(nproc)} && \
|
||
|
make -j${NPROC:-$(nproc)} install
|
||
|
|
||
|
# Build libunbound for static builds
|
||
|
WORKDIR /tmp
|
||
|
RUN set -ex && wget https://www.nlnetlabs.nl/downloads/unbound/unbound-1.16.1.tar.gz && \
|
||
|
echo "2fe4762abccd564a0738d5d502f57ead273e681e92d50d7fba32d11103174e9a unbound-1.16.1.tar.gz" | sha256sum -c && \
|
||
|
tar -xzf unbound-1.16.1.tar.gz && \
|
||
|
rm unbound-1.16.1.tar.gz && \
|
||
|
cd unbound-1.16.1 && \
|
||
|
./configure --disable-shared --enable-static --without-pyunbound --with-libexpat=/usr --with-ssl=/usr --with-libevent=no --without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only --with-pic && \
|
||
|
make -j${NPROC:-$(nproc)} && \
|
||
|
make -j${NPROC:-$(nproc)} install
|
||
|
|
||
|
# Switch to Monero source directory
|
||
|
WORKDIR /monero
|
||
|
|
||
|
# Git pull Monero source at specified tag/branch and compile statically-linked monerod binary
|
||
|
RUN set -ex && git clone --recursive --branch ${MONERO_BRANCH} \
|
||
|
--depth 1 --shallow-submodules \
|
||
|
https://github.com/monero-project/monero . \
|
||
|
&& test `git rev-parse HEAD` = ${MONERO_COMMIT_HASH} || exit 1 \
|
||
|
&& case ${TARGETARCH:-amd64} in \
|
||
|
"arm64") CMAKE_ARCH="armv8-a"; CMAKE_BUILD_TAG="linux-armv8" ;; \
|
||
|
"amd64") CMAKE_ARCH="x86-64"; CMAKE_BUILD_TAG="linux-x64" ;; \
|
||
|
*) echo "Dockerfile does not support this platform"; exit 1 ;; \
|
||
|
esac \
|
||
|
&& mkdir -p build/release && cd build/release \
|
||
|
&& cmake -D ARCH=${CMAKE_ARCH} -D STATIC=ON -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG=${CMAKE_BUILD_TAG} ../.. \
|
||
|
&& cd /monero && nice -n 19 ionice -c2 -n7 make -j${NPROC:-$(nproc)} -C build/release daemon
|
||
|
|
||
|
# Begin final image build
|
||
|
# Select Alpine 3.x for the base image
|
||
|
FROM alpine:3.16
|
||
|
|
||
|
# Upgrade base image
|
||
|
RUN set -ex && apk --update --no-cache upgrade
|
||
|
|
||
|
# Install all dependencies for static binaries + curl for healthcheck
|
||
|
RUN set -ex && apk add --update --no-cache \
|
||
|
curl \
|
||
|
ca-certificates \
|
||
|
libexecinfo \
|
||
|
libsodium \
|
||
|
ncurses-libs \
|
||
|
pcsc-lite-libs \
|
||
|
readline \
|
||
|
tzdata \
|
||
|
zeromq
|
||
|
|
||
|
# Add user and setup directories for monerod
|
||
|
RUN set -ex && \
|
||
|
adduser -u 1000 -Ds /bin/bash monero && \
|
||
|
mkdir -p /home/monero/.bitmonero && \
|
||
|
chown -R monero:monero /home/monero/.bitmonero
|
||
|
USER monero
|
||
|
|
||
|
# Add the built monerod binary
|
||
|
COPY --chown=monero:monero --from=build /monero/build/release/bin/monerod /usr/local/bin/monerod
|
||
|
|
||
|
# Switch to home directory
|
||
|
WORKDIR /home/monero
|
||
|
|
||
|
# Expose p2p port
|
||
|
EXPOSE 18080
|
||
|
|
||
|
# Expose RPC port
|
||
|
EXPOSE 18081
|
||
|
|
||
|
# Add HEALTHCHECK against get_info endpoint
|
||
|
HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:18081/get_info || exit 1
|
||
|
|
||
|
# Start monerod with required --non-interactive flag and sane defaults that are overridden by user input (if applicable)
|
||
|
ENTRYPOINT ["monerod"]
|
||
|
CMD ["--rpc-restricted-bind-ip=0.0.0.0", "--rpc-restricted-bind-port=18089", "--no-igd", "--no-zmq", "--enable-dns-blocklist"]
|