add eclipse temurin jre 17

prasad-1210 · prasad-1210 · commit 17fbc4a171be · 2021-10-11T12:09:20.000+08:00
diff --git a/Dockerfile-tomcat-temurin-jre b/Dockerfile-tomcat-temurin-jre
@@ -0,0 +1,160 @@
+FROM alpine:latest AS stage-0
+
+# Download jdk binary from temurin github (in future add sha checksum verification)
+# Use jlink and we can use it remove more default modules and reduce image size
+
+# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
+# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
+# ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
+
+ENV JDK_MAJOR 17
+ENV JDK_VERSION 17_35
+ENV JDK_DOWNLOAD_URL https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17%2B35/OpenJDK17-jdk_x64_alpine-linux_hotspot_17_35.tar.gz
+ENV JDK_SHA512_URL   https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17%2B35/OpenJDK17-jdk_x64_alpine-linux_hotspot_17_35.tar.gz.sha256.txt
+# https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17%2B35/OpenJDK17-jdk_x64_alpine-linux_hotspot_17_35.tar.gz.sha256.txt
+# ENV TOMCAT_SHA512 307ca646bac267e529fb0862278f7133fe80813f0af64a44aed949f4c7a9a98aeb9bd7f08b087645b40c6fefdd3a7fe519e4858a3dbf0a19c38c53704f92b575
+
+WORKDIR /root
+
+# Download JDK
+RUN set -eux;\
+    mkdir -p target/alpine-linux/x64/hotspot/ \
+    && wget "$JDK_DOWNLOAD_URL" -qO target/alpine-linux/x64/hotspot/OpenJDK17-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz\
+#    && wget -qO- "$JDK_SHA512_URL" | sha512sum -c -\
+    && tar -xf target/alpine-linux/x64/hotspot/OpenJDK17-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz --strip-components=1
+
+RUN set -eux \
+    && ./bin/jlink --output /usr/lib/jvm/default-jvm/jre/bin/jre --compress=2 --no-header-files --no-man-pages --strip-java-debug-attributes --module-path ../jmods --add-modules jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto
+
+FROM alpine:latest
+MAINTAINER "Prasad CH <prasad.learner@gmail.com>"
+ENV OS_RELEASE="Alpine Linux v3.14.2"
+
+# Installed main dependencies:
+#  ca-certificates-20191127-r5 x86_64: for certificate management to support SSL
+#  openjdk11: OpenJDK 64-Bit Server VM Temurin-17+35 (build 17+35, mixed mode)
+#  fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes
+#  freetype-2.10.4-r1 x86_64: To support freetype fonts
+#  Tomcat: Java Runtime Container
+
+# https://adoptopenjdk.net/installation.html#x64_linux-jre
+# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode
+ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre
+COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME}
+ENV PATH=${JRE_HOME}/bin:$PATH
+ENV JAVA_VERSION=17+35
+
+RUN set -eux;\
+
+    # CIS-4.7 Ensure update instructions are not use alone in the Dockerfile
+    # apk update \
+    # && apk upgrade \
+    # && apk add --no-cache ca-certificates\
+
+    # Now Add Support for cacerts
+    # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f
+    apk add --no-cache ca-certificates\
+
+    # Now Add Support for UI/Font configurations
+    # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory
+    # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager
+    # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077
+     \fontconfig freetype\
+
+    && rm -rf /var/cache/apk/*
+
+# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt
+# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates
+RUN set -eux;\
+    chmod 755 /usr/local/share/ca-certificates\
+    && update-ca-certificates\
+    # Load Organisational fonts
+    && mkdir -p /usr/share/fonts/default/TrueType
+# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType
+
+
+# Inspired from https://github.com/docker-library/tomcat/blob/d570ad0cee10e4526bcbb03391b2c0e322b59313/9.0/jdk11/openjdk-slim/Dockerfile
+ENV CATALINA_HOME /usr/local/tomcat
+ENV PATH $CATALINA_HOME/bin:$PATH
+RUN mkdir -p "$CATALINA_HOME"
+
+WORKDIR $CATALINA_HOME
+
+# let "Tomcat Native" live somewhere isolated
+ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
+ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
+
+# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
+# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
+ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
+
+ENV TOMCAT_MAJOR 9
+ENV TOMCAT_VERSION 9.0.54
+ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz
+ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512
+# https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512
+# ENV TOMCAT_SHA512 307ca646bac267e529fb0862278f7133fe80813f0af64a44aed949f4c7a9a98aeb9bd7f08b087645b40c6fefdd3a7fe519e4858a3dbf0a19c38c53704f92b575
+
+# Install Tomcat
+RUN set -eux;\
+    wget "$TOMCAT_DOWNLOAD_URL" -qO apache-tomcat-${TOMCAT_VERSION}.tar.gz\
+    && wget -qO- "$TOMCAT_SHA512_URL" | sha512sum -c -\
+    && mkdir -p /usr/local/tomcat\
+    && tar -xf apache-tomcat-${TOMCAT_VERSION}.tar.gz --strip-components=1\
+    && rm bin/*.bat\
+    && rm apache-tomcat-${TOMCAT_VERSION}.tar.gz*\
+    && rm -rf webapps\
+    && mkdir webapps\
+    && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env sh|' '{}' + \
+    && chmod -R +rX . \
+    && chmod 777 logs temp work
+
+#Create config and log folders
+RUN mkdir -p ${CATALINA_HOME}/conf/ ${CATALINA_HOME}/logs/ ${CATALINA_HOME}/config/
+
+# Copy Custom init scripts if required
+# COPY bin/setenv.sh ${CATALINA_HOME}/bin/setenv.sh
+
+# Remove default Tomcat installation files
+RUN rm -rf ${CATALINA_HOME}/webapps/*
+# COPY conf/context.xml           $CATALINA_HOME/conf/context.xml
+# COPY conf/server.xml            $CATALINA_HOME/conf/server.xml
+# COPY conf/web.xml               $CATALINA_HOME/conf/web.xml
+# COPY conf/logging.properties    $CATALINA_HOME/conf/logging.properties
+# Copy any additional organisational default files to override tomcat default config files
+
+# User Management
+# Add custom group tomcat with 61000 as a groupid to avoid conflicts with any existing groups
+RUN addgroup -g 61000 tomcat
+
+# Add custom user tomcat with same uid 61000 as gid to avoid conflict with exist user
+# User with no home directory, no password, group as tomcat and username as tomcat
+RUN adduser -H -D -G tomcat -u 61000 tomcat
+
+# We put the tomcat user as the owner of the folder of tomcat to limit access to tomcat process on container resources
+RUN set -eux;\
+    chown -R tomcat:tomcat /usr/local/tomcat\
+    # Users cannot modify configuration of tomcat
+    && chmod -R g+r /usr/local/tomcat/conf\
+    # Users can modify the other folders
+    && chmod -R g+w /usr/local/tomcat/logs\
+    && chmod -R g+w /usr/local/tomcat/temp\
+    && chmod -R g+w /usr/local/tomcat/webapps\
+    && chmod -R g+w /usr/local/tomcat/work\
+    # Activate the sticky-bit for new files keep permissions defined:
+    && chmod -R g+s /usr/local/tomcat/conf\
+    && chmod -R g+s /usr/local/tomcat/logs\
+    && chmod -R g+s /usr/local/tomcat/temp\
+    && chmod -R g+s /usr/local/tomcat/webapps\
+    && chmod -R g+s /usr/local/tomcat/work
+
+# Set Execute permissions on init script
+# RUN chown tomcat:tomcat ${CATALINA_HOME}/bin/setenv.sh
+# RUN chmod 750 ${CATALINA_HOME}/bin/setenv.sh
+
+# Set user as tocmat by uid to be compatible with kubernetes psp
+USER 61000
+
+EXPOSE 8080
+
+CMD [ "catalina.sh", "run" ]
