From e3cc2c90fd1dd4347c51b68bf2428b4d82c8e4ca Mon Sep 17 00:00:00 2001 From: SathyaNarayanan K Date: Wed, 31 Mar 2021 16:14:22 +0800 Subject: [PATCH 01/11] updated dockerfile for tomcat based out of jre8/11 --- Dockerfile-alpine | 47 +++++++++++++++++++++++++++++++++++++++++ Dockerfile-tomcat-jre | 16 +++++++------- Dockerfile-tomcat-jre-8 | 12 +++++------ 3 files changed, 61 insertions(+), 14 deletions(-) create mode 100644 Dockerfile-alpine diff --git a/Dockerfile-alpine b/Dockerfile-alpine new file mode 100644 index 0000000..32ba9f2 --- /dev/null +++ b/Dockerfile-alpine @@ -0,0 +1,47 @@ +#Once after building this image, run a container with sh with below +# i) cat /etc/os-release --> Look for version of Alpine Linux to substitute in Dockerfile-tomcat-jre/jre8 +# ii) from apk updated components -> Look for version of fontconfig, freetype, ca-certificates to substitute in Dockerfile-tomcat-jre/jre8 +# iii) java -version --> Look for version of open jdk to substitute in Dockerfile-tomcat-jre/jre8 + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +#ENV OS_RELEASE="Alpine Linux v3.12" + +# Installed main dependencies: +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.13.1-r3 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community +ENV PATH=${JRE_HOME}/bin:$PATH +#ENV JAVA_VERSION=1.8.0_282-b08 + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType diff --git a/Dockerfile-tomcat-jre b/Dockerfile-tomcat-jre index 557b299..41a7619 100644 --- a/Dockerfile-tomcat-jre +++ b/Dockerfile-tomcat-jre @@ -1,4 +1,4 @@ -# docker build -t prasad1210/tomcat-custom:9.0.43.0-alpine-jre-11.0.10 . -f Dockerfile-tomcat-jre --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.44.0-alpine-jre-11.0.10 . -f Dockerfile-tomcat-jre --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -9,15 +9,15 @@ RUN set -eux;\ ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto FROM alpine:latest -MAINTAINER "Prasad CH " -ENV OS_RELEASE="Alpine Linux v3.13" +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.12" # Installed main dependencies: -# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20191127-r4 x86_64: for certificate management to support SSL # openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u # https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 -# fontconfig-2.13.1-r3 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r1 x86_64: To support freetype fonts +# fontconfig-2.13.1-r2 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r0 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -65,10 +65,10 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) -ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 +ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684407A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60244 F3A04C595DB5B6A5F1ECA44E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.43 +ENV TOMCAT_VERSION 9.0.44 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 diff --git a/Dockerfile-tomcat-jre-8 b/Dockerfile-tomcat-jre-8 index 62958f1..8542e11 100644 --- a/Dockerfile-tomcat-jre-8 +++ b/Dockerfile-tomcat-jre-8 @@ -1,14 +1,14 @@ # docker build -t prasad1210/tomcat-custom:9.0.43.0-alpine-jre-1.8.0-282-b08 . -f Dockerfile-tomcat-jre-8 --no-cache FROM alpine:latest -MAINTAINER "Prasad CH " -ENV OS_RELEASE="Alpine Linux v3.13" +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.12" # Installed main dependencies: -# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20191127-r4 x86_64: for certificate management to support SSL # openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.13.1-r3 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r1 x86_64: To support freetype fonts +# fontconfig-2.13.1-r2 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r0 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -59,7 +59,7 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.43 +ENV TOMCAT_VERSION 9.0.44 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 From d19a4200f897b54b021e3d4a19e0749f756ec40d Mon Sep 17 00:00:00 2001 From: sathya1104 Date: Thu, 16 Sep 2021 01:21:50 +0800 Subject: [PATCH 02/11] Updated Dockerfiles for tomcat 9.0.53 --- Dockerfile-alpine-jre11 | 52 +++++++++++++++++++ Dockerfile-alpine-jre8 | 47 +++++++++++++++++ ...mcat-jre-8 => Dockerfile-tomcat-jre-8-curl | 23 ++++---- ...e-tomcat-jre => Dockerfile-tomcat-jre-curl | 22 ++++---- 4 files changed, 125 insertions(+), 19 deletions(-) create mode 100644 Dockerfile-alpine-jre11 create mode 100644 Dockerfile-alpine-jre8 rename Dockerfile-tomcat-jre-8 => Dockerfile-tomcat-jre-8-curl (83%) rename Dockerfile-tomcat-jre => Dockerfile-tomcat-jre-curl (85%) diff --git a/Dockerfile-alpine-jre11 b/Dockerfile-alpine-jre11 new file mode 100644 index 0000000..1775a32 --- /dev/null +++ b/Dockerfile-alpine-jre11 @@ -0,0 +1,52 @@ +# docker build -t sathya1104/tomcat-custom:9.0.44.0-alpine-jre-11.0.10 . -f Dockerfile-tomcat-jre --no-cache +FROM alpine:latest AS stage-0 +# Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size +RUN set -eux;\ + apk --no-cache --virtual add openjdk11 \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community +WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ +RUN set -eux;\ + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.14" + +# Installed main dependencies: +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u +# https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=11.0.11+9-alpine-r0 + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType \ No newline at end of file diff --git a/Dockerfile-alpine-jre8 b/Dockerfile-alpine-jre8 new file mode 100644 index 0000000..32ba9f2 --- /dev/null +++ b/Dockerfile-alpine-jre8 @@ -0,0 +1,47 @@ +#Once after building this image, run a container with sh with below +# i) cat /etc/os-release --> Look for version of Alpine Linux to substitute in Dockerfile-tomcat-jre/jre8 +# ii) from apk updated components -> Look for version of fontconfig, freetype, ca-certificates to substitute in Dockerfile-tomcat-jre/jre8 +# iii) java -version --> Look for version of open jdk to substitute in Dockerfile-tomcat-jre/jre8 + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +#ENV OS_RELEASE="Alpine Linux v3.12" + +# Installed main dependencies: +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.13.1-r3 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community +ENV PATH=${JRE_HOME}/bin:$PATH +#ENV JAVA_VERSION=1.8.0_282-b08 + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType diff --git a/Dockerfile-tomcat-jre-8 b/Dockerfile-tomcat-jre-8-curl similarity index 83% rename from Dockerfile-tomcat-jre-8 rename to Dockerfile-tomcat-jre-8-curl index 8542e11..5132ace 100644 --- a/Dockerfile-tomcat-jre-8 +++ b/Dockerfile-tomcat-jre-8-curl @@ -1,14 +1,14 @@ -# docker build -t prasad1210/tomcat-custom:9.0.43.0-alpine-jre-1.8.0-282-b08 . -f Dockerfile-tomcat-jre-8 --no-cache +# docker build -t sathya/tomcat-custom:9.0.53.0-alpine-jre-1.8.0-302-08-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.12" +ENV OS_RELEASE="Alpine Linux v3.14" # Installed main dependencies: -# ca-certificates-bundle-20191127-r4 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL # openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.13.1-r2 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r0 x86_64: To support freetype fonts +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -16,8 +16,7 @@ ENV OS_RELEASE="Alpine Linux v3.12" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=1.8.0_282-b08 - +ENV JAVA_VERSION=1.8.0_302-b08 RUN set -eux;\ apk update \ && apk upgrade \ @@ -33,6 +32,10 @@ RUN set -eux;\ && rm -rf /var/cache/apk/* +RUN apk add --update curl && \ + rm -rf /var/cache/apk/* && \ + curl --version + # COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt # COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates RUN set -eux;\ @@ -56,14 +59,14 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) -ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 +ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.44 +ENV TOMCAT_VERSION 9.0.53 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 307ca646bac267e529fb0862278f7133fe80813f0af64a44aed949f4c7a9a98aeb9bd7f08b087645b40c6fefdd3a7fe519e4858a3dbf0a19c38c53704f92b575 +# ENV TOMCAT_SHA512 df71834116f506b77cea9d9f8ac66ed65e74754e202df9f337f6559f81daf6490b0d569dd63f3eb46826b85ca899b79c754c2dd3d21927bed41d773c70253c4f # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre b/Dockerfile-tomcat-jre-curl similarity index 85% rename from Dockerfile-tomcat-jre rename to Dockerfile-tomcat-jre-curl index 41a7619..13b13f6 100644 --- a/Dockerfile-tomcat-jre +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.44.0-alpine-jre-11.0.10 . -f Dockerfile-tomcat-jre --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.53.0-alpine-jre-11.0.12-r0 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -10,14 +10,14 @@ RUN set -eux;\ FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.12" +ENV OS_RELEASE="Alpine Linux v3.14" # Installed main dependencies: -# ca-certificates-bundle-20191127-r4 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL # openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u # https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 -# fontconfig-2.13.1-r2 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r0 x86_64: To support freetype fonts +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -25,7 +25,7 @@ ENV OS_RELEASE="Alpine Linux v3.12" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.10+11-alpine-r0 +ENV JAVA_VERSION=11.0.12+7-alpine-r0 RUN set -eux;\ apk update \ @@ -41,6 +41,10 @@ RUN set -eux;\ \fontconfig freetype\ && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + rm -rf /var/cache/apk/* && \ + curl --version # COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt # COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates @@ -65,14 +69,14 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) -ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684407A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60244 F3A04C595DB5B6A5F1ECA44E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 +ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.44 +ENV TOMCAT_VERSION 9.0.53 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 307ca646bac267e529fb0862278f7133fe80813f0af64a44aed949f4c7a9a98aeb9bd7f08b087645b40c6fefdd3a7fe519e4858a3dbf0a19c38c53704f92b575 +# ENV TOMCAT_SHA512 df71834116f506b77cea9d9f8ac66ed65e74754e202df9f337f6559f81daf6490b0d569dd63f3eb46826b85ca899b79c754c2dd3d21927bed41d773c70253c4f # Install Tomcat RUN set -eux;\ From 7276f006e992921218800db0d1779c24f4c05078 Mon Sep 17 00:00:00 2001 From: sathya1104 Date: Tue, 30 Nov 2021 01:34:20 +0800 Subject: [PATCH 03/11] Updated for tomcat 9.0.55 jre8/11/17 --- Dockerfile-alpine-jre11 | 2 +- Dockerfile-alpine-jre17 | 52 ++++++ Dockerfile-tomcat-jre-17-curl | 144 ++++++++++++++++ Dockerfile-tomcat-jre-8-curl | 6 +- Dockerfile-tomcat-jre-adoptium-temurin-jdk17 | 168 +++++++++++++++++++ Dockerfile-tomcat-jre-curl | 8 +- 6 files changed, 372 insertions(+), 8 deletions(-) create mode 100644 Dockerfile-alpine-jre17 create mode 100644 Dockerfile-tomcat-jre-17-curl create mode 100644 Dockerfile-tomcat-jre-adoptium-temurin-jdk17 diff --git a/Dockerfile-alpine-jre11 b/Dockerfile-alpine-jre11 index 1775a32..faed730 100644 --- a/Dockerfile-alpine-jre11 +++ b/Dockerfile-alpine-jre11 @@ -25,7 +25,7 @@ ENV OS_RELEASE="Alpine Linux v3.14" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.11+9-alpine-r0 +ENV JAVA_VERSION=11.0.12+7-alpine-r0 RUN set -eux;\ apk update \ diff --git a/Dockerfile-alpine-jre17 b/Dockerfile-alpine-jre17 new file mode 100644 index 0000000..cd9c923 --- /dev/null +++ b/Dockerfile-alpine-jre17 @@ -0,0 +1,52 @@ +# docker build -t sathya1104/tomcat-custom:9.0.44.0-alpine-jre-17.0.10 . -f Dockerfile-tomcat-jre-17 --no-cache +FROM alpine:latest AS stage-0 +# Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size +RUN set -eux;\ + apk --no-cache --virtual add openjdk17 \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing +WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ +RUN set -eux;\ + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.14" + +# Installed main dependencies: +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u +# https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +ENV PATH=${JRE_HOME}/bin:$PATH +#ENV JAVA_VERSION=11.0.11+9-alpine-r0 + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType \ No newline at end of file diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl new file mode 100644 index 0000000..1f0aa3f --- /dev/null +++ b/Dockerfile-tomcat-jre-17-curl @@ -0,0 +1,144 @@ +# docker build -t sathya1104/tomcat-custom:9.0.54.0-alpine-jre-17.0.0-r1 . -f Dockerfile-tomcat-jre-17-curl --no-cache +FROM alpine:latest AS stage-0 +# Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size +RUN set -eux;\ + apk --no-cache --virtual add openjdk17 \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing +WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ +RUN set -eux;\ + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.14" + +# Installed main dependencies: +# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u +# https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=17.0.0+35-alpine-r1 +COPY Dockerfile-tomcat-jre-17-curl /tmp + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + rm -rf /var/cache/apk/* && \ + curl --version + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + + +# Inspired from https://github.com/docker-library/tomcat/blob/d570ad0cee10e4526bcbb03391b2c0e322b59313/9.0/jdk11/openjdk-slim/Dockerfile +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" + +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS +# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) +ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.54 +ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz +ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 +# https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 +# ENV TOMCAT_SHA512 83430f24d42186ce2ff51eeef2f7a5517048f37d9050c45cac1e3dba8926d61a1f7f5aba122a34a11ac1dbdd3c1f6d98671841047df139394d43751263de57c3 + +# Install Tomcat +RUN set -eux;\ + wget "$TOMCAT_DOWNLOAD_URL" -qO apache-tomcat-${TOMCAT_VERSION}.tar.gz\ + && wget -qO- "$TOMCAT_SHA512_URL" | sha512sum -c -\ + && mkdir -p /usr/local/tomcat\ + && tar -xf apache-tomcat-${TOMCAT_VERSION}.tar.gz --strip-components=1\ + && rm bin/*.bat\ + && rm apache-tomcat-${TOMCAT_VERSION}.tar.gz*\ + && rm -rf webapps\ + && mkdir webapps\ + && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env sh|' '{}' + \ + && chmod -R +rX . \ + && chmod 777 logs temp work + +#Create config and log folders +RUN mkdir -p ${CATALINA_HOME}/conf/ ${CATALINA_HOME}/logs/ ${CATALINA_HOME}/config/ + +# Copy Custom init scripts if required +# COPY bin/setenv.sh ${CATALINA_HOME}/bin/setenv.sh + +# Remove default Tomcat installation files +RUN rm -rf ${CATALINA_HOME}/webapps/* +# COPY conf/context.xml $CATALINA_HOME/conf/context.xml +# COPY conf/server.xml $CATALINA_HOME/conf/server.xml +# COPY conf/web.xml $CATALINA_HOME/conf/web.xml +# COPY conf/logging.properties $CATALINA_HOME/conf/logging.properties +# Copy any additional organisational default files to override tomcat default config files + +# User Management +# Add custom group tomcat with 61000 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 61000 tomcat + +# Add custom user tomcat with same uid 61000 as gid to avoid conflict with exist user +# User with no home directory, no password, group as tomcat and username as tomcat +RUN adduser -H -D -G tomcat -u 61000 tomcat + +# We put the tomcat user as the owner of the folder of tomcat to limit access to tomcat process on container resources +RUN set -eux;\ + chown -R tomcat:tomcat /usr/local/tomcat\ + # Users cannot modify configuration of tomcat + && chmod -R g+r /usr/local/tomcat/conf\ + # Users can modify the other folders + && chmod -R g+w /usr/local/tomcat/logs\ + && chmod -R g+w /usr/local/tomcat/temp\ + && chmod -R g+w /usr/local/tomcat/webapps\ + && chmod -R g+w /usr/local/tomcat/work\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/tomcat/conf\ + && chmod -R g+s /usr/local/tomcat/logs\ + && chmod -R g+s /usr/local/tomcat/temp\ + && chmod -R g+s /usr/local/tomcat/webapps\ + && chmod -R g+s /usr/local/tomcat/work + +# Set Execute permissions on init script +# RUN chown tomcat:tomcat ${CATALINA_HOME}/bin/setenv.sh +# RUN chmod 750 ${CATALINA_HOME}/bin/setenv.sh + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 61000 + +EXPOSE 8080 + +CMD [ "catalina.sh", "run" ] \ No newline at end of file diff --git a/Dockerfile-tomcat-jre-8-curl b/Dockerfile-tomcat-jre-8-curl index 5132ace..4a35540 100644 --- a/Dockerfile-tomcat-jre-8-curl +++ b/Dockerfile-tomcat-jre-8-curl @@ -1,4 +1,4 @@ -# docker build -t sathya/tomcat-custom:9.0.53.0-alpine-jre-1.8.0-302-08-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache +# docker build -t sathya/tomcat-custom:9.0.55.0-alpine-jre-1.8.0-302-08-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " ENV OS_RELEASE="Alpine Linux v3.14" @@ -62,11 +62,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.53 +ENV TOMCAT_VERSION 9.0.55 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 df71834116f506b77cea9d9f8ac66ed65e74754e202df9f337f6559f81daf6490b0d569dd63f3eb46826b85ca899b79c754c2dd3d21927bed41d773c70253c4f +# ENV TOMCAT_SHA512 a0c480b8bba09069bda3b57f54e658450a59d799474ad587dead0ffbf5074c16ee3f9f9c13312d0ff3227c7034589dabf25941fbd672838e9baeee9661e024dc # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 b/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 new file mode 100644 index 0000000..c726859 --- /dev/null +++ b/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 @@ -0,0 +1,168 @@ +# docker build -t sathya1104/tomcat-custom:9.0.55.0-alpine-jre-17.0.0-r1 . -f Dockerfile-tomcat-jre-adoptium-temurin-jdk17 --no-cache + +FROM alpine:latest AS stage-0 + +# Download jdk binary from temurin github (in future add sha checksum verification) +# Use jlink and we can use it remove more default modules and reduce image size + +# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS +# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) +# ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 + + +ENV JDK_MAJOR 17 +ENV JDK_VERSION 17_35 +ENV JDK_DOWNLOAD_URL https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17%2B35/OpenJDK17-jdk_x64_alpine-linux_hotspot_17_35.tar.gz +ENV JDK_SHA512_URL https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17%2B35/OpenJDK17-jdk_x64_alpine-linux_hotspot_17_35.tar.gz.sha256.txt +# https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17%2B35/OpenJDK17-jdk_x64_alpine-linux_hotspot_17_35.tar.gz.sha256.txt +# ENV TOMCAT_SHA512 307ca646bac267e529fb0862278f7133fe80813f0af64a44aed949f4c7a9a98aeb9bd7f08b087645b40c6fefdd3a7fe519e4858a3dbf0a19c38c53704f92b575 + +WORKDIR /root + +# Download JDK +RUN set -eux;\ + mkdir -p target/alpine-linux/x64/hotspot/ \ + && wget "$JDK_DOWNLOAD_URL" -qO target/alpine-linux/x64/hotspot/OpenJDK17-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz\ +# && wget -qO- "$JDK_SHA512_URL" | sha512sum -c -\ + && tar -xf target/alpine-linux/x64/hotspot/OpenJDK17-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz --strip-components=1 + +RUN set -eux \ + && ./bin/jlink --output /usr/lib/jvm/default-jvm/jre/bin/jre --compress=2 --no-header-files --no-man-pages --strip-java-debug-attributes --module-path ../jmods --add-modules jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.14.2" + +# Installed main dependencies: +# ca-certificates-20191127-r5 x86_64: for certificate management to support SSL +# openjdk11: OpenJDK 64-Bit Server VM Temurin-17+35 (build 17+35, mixed mode) +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.10.4-r1 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +COPY Dockerfile-tomcat-jre-adoptium-temurin-jdk17 /tmp +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=17+35 + +RUN set -eux;\ + + # CIS-4.7 Ensure update instructions are not use alone in the Dockerfile + # apk update \ + # && apk upgrade \ + # && apk add --no-cache ca-certificates\ + + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + rm -rf /var/cache/apk/* && \ + curl --version + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + + +# Inspired from https://github.com/docker-library/tomcat/blob/d570ad0cee10e4526bcbb03391b2c0e322b59313/9.0/jdk11/openjdk-slim/Dockerfile +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" + +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS +# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) +ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.55 +ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz +ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 +# https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 +# ENV TOMCAT_SHA512 a0c480b8bba09069bda3b57f54e658450a59d799474ad587dead0ffbf5074c16ee3f9f9c13312d0ff3227c7034589dabf25941fbd672838e9baeee9661e024dc + +# Install Tomcat +RUN set -eux;\ + wget "$TOMCAT_DOWNLOAD_URL" -qO apache-tomcat-${TOMCAT_VERSION}.tar.gz\ + && wget -qO- "$TOMCAT_SHA512_URL" | sha512sum -c -\ + && mkdir -p /usr/local/tomcat\ + && tar -xf apache-tomcat-${TOMCAT_VERSION}.tar.gz --strip-components=1\ + && rm bin/*.bat\ + && rm apache-tomcat-${TOMCAT_VERSION}.tar.gz*\ + && rm -rf webapps\ + && mkdir webapps\ + && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env sh|' '{}' + \ + && chmod -R +rX . \ + && chmod 777 logs temp work + +#Create config and log folders +RUN mkdir -p ${CATALINA_HOME}/conf/ ${CATALINA_HOME}/logs/ ${CATALINA_HOME}/config/ + +# Copy Custom init scripts if required +# COPY bin/setenv.sh ${CATALINA_HOME}/bin/setenv.sh + +# Remove default Tomcat installation files +RUN rm -rf ${CATALINA_HOME}/webapps/* +# COPY conf/context.xml $CATALINA_HOME/conf/context.xml +# COPY conf/server.xml $CATALINA_HOME/conf/server.xml +# COPY conf/web.xml $CATALINA_HOME/conf/web.xml +# COPY conf/logging.properties $CATALINA_HOME/conf/logging.properties +# Copy any additional organisational default files to override tomcat default config files + +# User Management +# Add custom group tomcat with 61000 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 61000 tomcat + +# Add custom user tomcat with same uid 61000 as gid to avoid conflict with exist user +# User with no home directory, no password, group as tomcat and username as tomcat +RUN adduser -H -D -G tomcat -u 61000 tomcat + +# We put the tomcat user as the owner of the folder of tomcat to limit access to tomcat process on container resources +RUN set -eux;\ + chown -R tomcat:tomcat /usr/local/tomcat\ + # Users cannot modify configuration of tomcat + && chmod -R g+r /usr/local/tomcat/conf\ + # Users can modify the other folders + && chmod -R g+w /usr/local/tomcat/logs\ + && chmod -R g+w /usr/local/tomcat/temp\ + && chmod -R g+w /usr/local/tomcat/webapps\ + && chmod -R g+w /usr/local/tomcat/work\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/tomcat/conf\ + && chmod -R g+s /usr/local/tomcat/logs\ + && chmod -R g+s /usr/local/tomcat/temp\ + && chmod -R g+s /usr/local/tomcat/webapps\ + && chmod -R g+s /usr/local/tomcat/work + +# Set Execute permissions on init script +# RUN chown tomcat:tomcat ${CATALINA_HOME}/bin/setenv.sh +# RUN chmod 750 ${CATALINA_HOME}/bin/setenv.sh + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 61000 + +EXPOSE 8080 + +CMD [ "catalina.sh", "run" ] \ No newline at end of file diff --git a/Dockerfile-tomcat-jre-curl b/Dockerfile-tomcat-jre-curl index 13b13f6..318cbf2 100644 --- a/Dockerfile-tomcat-jre-curl +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.53.0-alpine-jre-11.0.12-r0 . -f Dockerfile-tomcat-jre-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.55.0-alpine-jre-11.0.13-r0 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -25,7 +25,7 @@ ENV OS_RELEASE="Alpine Linux v3.14" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.12+7-alpine-r0 +ENV JAVA_VERSION=11.0.13+8-alpine-r0 RUN set -eux;\ apk update \ @@ -72,11 +72,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.53 +ENV TOMCAT_VERSION 9.0.55 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 df71834116f506b77cea9d9f8ac66ed65e74754e202df9f337f6559f81daf6490b0d569dd63f3eb46826b85ca899b79c754c2dd3d21927bed41d773c70253c4f +# ENV TOMCAT_SHA512 a0c480b8bba09069bda3b57f54e658450a59d799474ad587dead0ffbf5074c16ee3f9f9c13312d0ff3227c7034589dabf25941fbd672838e9baeee9661e024dc # Install Tomcat RUN set -eux;\ From f6d3571f17c7ef6e0c9a712db94bc0bd551e105a Mon Sep 17 00:00:00 2001 From: sathya1104 Date: Thu, 11 Aug 2022 20:02:08 +0800 Subject: [PATCH 04/11] Updated for tomcat - 9.0.65 with SSL Handshake TLS ciphers jlink modules --- Dockerfile-tomcat-jre-17-curl | 27 +++++++++++++++++---------- Dockerfile-tomcat-jre-8-curl | 24 +++++++++++++++--------- Dockerfile-tomcat-jre-curl | 34 +++++++++++++++++++++------------- 3 files changed, 53 insertions(+), 32 deletions(-) diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl index 1f0aa3f..17865a2 100644 --- a/Dockerfile-tomcat-jre-17-curl +++ b/Dockerfile-tomcat-jre-17-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.54.0-alpine-jre-17.0.0-r1 . -f Dockerfile-tomcat-jre-17-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.65.0-alpine-jre-17.0.0-r1 . -f Dockerfile-tomcat-jre-17-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -6,18 +6,18 @@ RUN set -eux;\ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ RUN set -eux;\ - ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.crypto.ec,java.desktop,jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.14" +ENV OS_RELEASE="Alpine Linux v3.15" # Installed main dependencies: -# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL -# openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u -# https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 +# ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a # fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r1 x86_64: To support freetype fonts +# freetype-2.11.0-r0 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -44,8 +44,15 @@ RUN set -eux;\ && rm -rf /var/cache/apk/* RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ rm -rf /var/cache/apk/* && \ - curl --version + curl --version && \ + ping -c4 localhost && \ + nc -h # COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt # COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates @@ -70,10 +77,10 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) -ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 +ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.54 +ENV TOMCAT_VERSION 9.0.58 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 diff --git a/Dockerfile-tomcat-jre-8-curl b/Dockerfile-tomcat-jre-8-curl index 4a35540..3c2d76a 100644 --- a/Dockerfile-tomcat-jre-8-curl +++ b/Dockerfile-tomcat-jre-8-curl @@ -1,14 +1,14 @@ -# docker build -t sathya/tomcat-custom:9.0.55.0-alpine-jre-1.8.0-302-08-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache +# docker build -t bnppwmis/tomcat-custom:9.0.65.0-alpine-jre-1.8.0-322-06-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.14" +ENV OS_RELEASE="Alpine Linux v3.16" # Installed main dependencies: -# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL +# ca-certificates-20211220-r0 x86_64: for certificate management to support SSL # openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r1 x86_64: To support freetype fonts +# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -16,7 +16,7 @@ ENV OS_RELEASE="Alpine Linux v3.14" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=1.8.0_302-b08 +ENV JAVA_VERSION=1.8.0_322-b06 RUN set -eux;\ apk update \ && apk upgrade \ @@ -33,8 +33,14 @@ RUN set -eux;\ && rm -rf /var/cache/apk/* RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ rm -rf /var/cache/apk/* && \ - curl --version + curl --version && \ + ping -c4 localhost && \ + nc -h # COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt # COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates @@ -62,11 +68,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.55 +ENV TOMCAT_VERSION 9.0.65 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 a0c480b8bba09069bda3b57f54e658450a59d799474ad587dead0ffbf5074c16ee3f9f9c13312d0ff3227c7034589dabf25941fbd672838e9baeee9661e024dc +# ENV TOMCAT_SHA512 b6a707efcf23ac4d8506925146e0344c9f9b4e95c3a8fe56f3adfa9d7d912f0a0e458f6696d465607d2d531d7c0ef1afd5da206bb21bea47a13ae452d4f37f8e # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre-curl b/Dockerfile-tomcat-jre-curl index 318cbf2..9d6ceff 100644 --- a/Dockerfile-tomcat-jre-curl +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.55.0-alpine-jre-11.0.13-r0 . -f Dockerfile-tomcat-jre-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.65.0-alpine-jre-11.0.16-r1 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -6,26 +6,27 @@ RUN set -eux;\ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ RUN set -eux;\ - ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.crypto.ec,java.desktop,jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.14" +ENV OS_RELEASE="Alpine Linux v3.16" # Installed main dependencies: -# ca-certificates-bundle-20191127-r5 x86_64: for certificate management to support SSL -# openjdk11: OpenJDK built by Simon Frankenberger from https://hg.openjdk.java.net/jdk-updates/jdk11u -# https://git.alpinelinux.org/aports/commit/?id=b85efc501595136485aea134946fa459bff115b0 -# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.10.4-r1 x86_64: To support freetype fonts +# ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL +# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre # Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/lib/server/libjvm.so /usr/lib/jvm/default-jvm/jre/lib ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.13+8-alpine-r0 +ENV JAVA_VERSION=11.0.16+8-alpine-r0 RUN set -eux;\ apk update \ @@ -43,9 +44,16 @@ RUN set -eux;\ && rm -rf /var/cache/apk/* RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ rm -rf /var/cache/apk/* && \ - curl --version - + curl --version && \ + ping -c4 localhost && \ + nc -h + # COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt # COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates RUN set -eux;\ @@ -72,11 +80,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.55 +ENV TOMCAT_VERSION 9.0.65 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 a0c480b8bba09069bda3b57f54e658450a59d799474ad587dead0ffbf5074c16ee3f9f9c13312d0ff3227c7034589dabf25941fbd672838e9baeee9661e024dc +# ENV TOMCAT_SHA512 2ae846848b8436856be11cfa18d9c62caa06ca7d3134012b2e10cbf6078753c4af20cc5d37f7dc75f1779f5c59d7c033850b8626534c3ce7e389641a67963cf6 # Install Tomcat RUN set -eux;\ From 8c486655333dc2a898ec7f3883d6052e83404864 Mon Sep 17 00:00:00 2001 From: sathya1104 Date: Thu, 11 Aug 2022 20:02:08 +0800 Subject: [PATCH 05/11] Updated for tomcat - 9.0.65 with SSL Handshake TLS ciphers jlink modules --- Dockerfile-tomcat-jre-17-curl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl index 17865a2..805fe91 100644 --- a/Dockerfile-tomcat-jre-17-curl +++ b/Dockerfile-tomcat-jre-17-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.65.0-alpine-jre-17.0.0-r1 . -f Dockerfile-tomcat-jre-17-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.65.0-alpine-jre-17.0.4-r0 . -f Dockerfile-tomcat-jre-17-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -6,18 +6,18 @@ RUN set -eux;\ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ RUN set -eux;\ - ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.crypto.ec,java.desktop,jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.crypto.ec,java.desktop,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.15" +ENV OS_RELEASE="Alpine Linux v3.16" # Installed main dependencies: # ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL -# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.11.0-r0 x86_64: To support freetype fonts +# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts # Tomcat: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre @@ -25,7 +25,7 @@ ENV OS_RELEASE="Alpine Linux v3.15" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=17.0.0+35-alpine-r1 +ENV JAVA_VERSION=17.0.4.1+1-alpine-r0 COPY Dockerfile-tomcat-jre-17-curl /tmp RUN set -eux;\ @@ -80,11 +80,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.58 +ENV TOMCAT_VERSION 9.0.65 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 83430f24d42186ce2ff51eeef2f7a5517048f37d9050c45cac1e3dba8926d61a1f7f5aba122a34a11ac1dbdd3c1f6d98671841047df139394d43751263de57c3 +# ENV TOMCAT_SHA512 2ae846848b8436856be11cfa18d9c62caa06ca7d3134012b2e10cbf6078753c4af20cc5d37f7dc75f1779f5c59d7c033850b8626534c3ce7e389641a67963cf6 # Install Tomcat RUN set -eux;\ From d6f2c030b63622520847903cf2d84536f93afb47 Mon Sep 17 00:00:00 2001 From: sathya1104 Date: Fri, 30 Sep 2022 23:20:32 +0800 Subject: [PATCH 06/11] Tomcat v9.0.67 changes --- Dockerfile-tomcat-jre-17-curl | 10 +++++----- Dockerfile-tomcat-jre-8-curl | 14 +++++++------- Dockerfile-tomcat-jre-curl | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl index 805fe91..74fa27f 100644 --- a/Dockerfile-tomcat-jre-17-curl +++ b/Dockerfile-tomcat-jre-17-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.65.0-alpine-jre-17.0.4-r0 . -f Dockerfile-tomcat-jre-17-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.67.0-alpine-jre-17.0.4.1-r0 . -f Dockerfile-tomcat-jre-17-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -10,10 +10,10 @@ RUN set -eux;\ FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16" +ENV OS_RELEASE="Alpine Linux v3.16.2" # Installed main dependencies: -# ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL # openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a # fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes @@ -80,11 +80,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.65 +ENV TOMCAT_VERSION 9.0.67 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 2ae846848b8436856be11cfa18d9c62caa06ca7d3134012b2e10cbf6078753c4af20cc5d37f7dc75f1779f5c59d7c033850b8626534c3ce7e389641a67963cf6 +# ENV TOMCAT_SHA512 f3c4841754640a21842de9d8ec4674b1a072d42f3ba9d1accea143a61ac4f77b06c789fbcc395c23ed2154ec7e7cd76e6d39743e544f7c6f2022967e8a2334d5 # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre-8-curl b/Dockerfile-tomcat-jre-8-curl index 3c2d76a..d817ca9 100644 --- a/Dockerfile-tomcat-jre-8-curl +++ b/Dockerfile-tomcat-jre-8-curl @@ -1,11 +1,11 @@ -# docker build -t bnppwmis/tomcat-custom:9.0.65.0-alpine-jre-1.8.0-322-06-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.67.0-alpine-jre-1.8.0-345-01-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16" +ENV OS_RELEASE="Alpine Linux v3.16.2" # Installed main dependencies: -# ca-certificates-20211220-r0 x86_64: for certificate management to support SSL -# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL +# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a # fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes # freetype-2.12.1-r0 x86_64: To support freetype fonts @@ -16,7 +16,7 @@ ENV OS_RELEASE="Alpine Linux v3.16" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=1.8.0_322-b06 +ENV JAVA_VERSION=1.8.0_345-b01 RUN set -eux;\ apk update \ && apk upgrade \ @@ -68,11 +68,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.65 +ENV TOMCAT_VERSION 9.0.67 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 b6a707efcf23ac4d8506925146e0344c9f9b4e95c3a8fe56f3adfa9d7d912f0a0e458f6696d465607d2d531d7c0ef1afd5da206bb21bea47a13ae452d4f37f8e +# ENV TOMCAT_SHA512 f3c4841754640a21842de9d8ec4674b1a072d42f3ba9d1accea143a61ac4f77b06c789fbcc395c23ed2154ec7e7cd76e6d39743e544f7c6f2022967e8a2334d5 # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre-curl b/Dockerfile-tomcat-jre-curl index 9d6ceff..1931a9d 100644 --- a/Dockerfile-tomcat-jre-curl +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.65.0-alpine-jre-11.0.16-r1 . -f Dockerfile-tomcat-jre-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.67.0-alpine-jre-11.0.16.1-r1 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -10,10 +10,10 @@ RUN set -eux;\ FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16" +ENV OS_RELEASE="Alpine Linux v3.16.2" # Installed main dependencies: -# ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL # openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a # fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes @@ -26,7 +26,7 @@ ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/lib/server/libjvm.so /usr/lib/jvm/default-jvm/jre/lib ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.16+8-alpine-r0 +ENV JAVA_VERSION=11.0.16.1+1-alpine-r0 RUN set -eux;\ apk update \ @@ -80,11 +80,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.65 +ENV TOMCAT_VERSION 9.0.67 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 2ae846848b8436856be11cfa18d9c62caa06ca7d3134012b2e10cbf6078753c4af20cc5d37f7dc75f1779f5c59d7c033850b8626534c3ce7e389641a67963cf6 +# ENV TOMCAT_SHA512 f3c4841754640a21842de9d8ec4674b1a072d42f3ba9d1accea143a61ac4f77b06c789fbcc395c23ed2154ec7e7cd76e6d39743e544f7c6f2022967e8a2334d5 # Install Tomcat RUN set -eux;\ From 9d951a3bb00504d2f66d15969fff0c47e28202cf Mon Sep 17 00:00:00 2001 From: sathya1104 Date: Sat, 12 Nov 2022 14:02:58 +0800 Subject: [PATCH 07/11] Added openjdk dockerfiles --- Dockerfile-openjdk11-curl | 98 +++++++++++++++++++++++++++++++++++++++ Dockerfile-openjdk17-curl | 92 ++++++++++++++++++++++++++++++++++++ Dockerfile-openjdk8-curl | 81 ++++++++++++++++++++++++++++++++ 3 files changed, 271 insertions(+) create mode 100644 Dockerfile-openjdk11-curl create mode 100644 Dockerfile-openjdk17-curl create mode 100644 Dockerfile-openjdk8-curl diff --git a/Dockerfile-openjdk11-curl b/Dockerfile-openjdk11-curl new file mode 100644 index 0000000..737182d --- /dev/null +++ b/Dockerfile-openjdk11-curl @@ -0,0 +1,98 @@ +# docker build -t bnppwmis/openjdk:11-alpine . -f Dockerfile-openjdk11-curl --no-cache +FROM alpine:latest AS stage-0 +# Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size +RUN set -eux;\ + apk --no-cache --virtual add openjdk11 \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community +WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ +RUN set -eux;\ + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules java.desktop,jdk.aot,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto +COPY Dockerfile-openjdk11-curl /tmp + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.16.2" + +# Installed main dependencies: +# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL +# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts +# openjdk: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run openjdk in debug mode +ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY --from=stage-0 /usr/lib/jvm/java-11-openjdk /usr/lib/jvm/java-11-openjdk +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/lib/server/libjvm.so /usr/lib/jvm/default-jvm/jre/lib +COPY --from=stage-0 /tmp/Dockerfile-openjdk11-curl /tmp + +ENV PATH=${JRE_HOME}/bin:$PATH +ENV PATH=${JAVA_HOME}/bin:$PATH +ENV JAVA_VERSION=11.0.17+8-alpine-r3 + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ + rm -rf /var/cache/apk/* && \ + curl --version && \ + ping -c4 localhost && \ + nc -h + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + + +# User Management +# Add custom group openjre with 1001 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 1001 openjre + +# Add custom user openjre with same uid 1001 as gid to avoid conflict with exist user +# User with no home directory, no password, group as openjre and username as openjre +RUN adduser -H -D -G openjre -u 1001 openjre + +# We put the openjre user as the owner of the folder of openjre to limit access to openjre process on container resources +RUN set -eux;\ + mkdir -p /usr/local/opt\ + && mkdir -p /usr/local/log\ + && chown -R openjre:openjre /usr/local/opt\ + # Users cannot modify configuration of openjre + && chmod -R g+w /usr/local/log\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/opt\ + && chmod -R g+s /usr/local/log + + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 1001 + +EXPOSE 8080 + +CMD ["jshell"] \ No newline at end of file diff --git a/Dockerfile-openjdk17-curl b/Dockerfile-openjdk17-curl new file mode 100644 index 0000000..ad1a2c1 --- /dev/null +++ b/Dockerfile-openjdk17-curl @@ -0,0 +1,92 @@ +# docker build -t bnppwmis/openjdk:17-alpine . -f Dockerfile-openjdk17-curl --no-cache +FROM alpine:latest AS stage-0 +# Prefer openjdk17 over openjdk17-jre for jlink and we can use it remove more default modules and reduce image size +RUN set -eux;\ + apk --no-cache --virtual add openjdk17 \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing +WORKDIR /usr/lib/jvm/default-jvm/jre/bin/ +RUN set -eux;\ + ./jlink --output jre --compress=2 --no-header-files --no-man-pages --module-path ../jmods --add-modules jdk.crypto.ec,java.desktop,jdk.xml.dom,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto +COPY Dockerfile-openjdk17-curl /tmp + +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.16.2" + +# Installed main dependencies: +# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL +# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts +# Tomcat: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} +COPY --from=stage-0 /tmp/Dockerfile-openjdk17-curl /tmp +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=17.0.5+8-alpine-r0 + +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ + rm -rf /var/cache/apk/* && \ + curl --version && \ + ping -c4 localhost && \ + nc -h + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + +# User Management +# Add custom group openjre with 1001 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 1001 openjre + +# Add custom user openjre with same uid 1001 as gid to avoid conflict with exist user +# User with no home directory, no password, group as openjre and username as openjre +RUN adduser -H -D -G openjre -u 1001 openjre + +# We put the openjre user as the owner of the folder of openjre to limit access to openjre process on container resources +RUN set -eux;\ + mkdir -p /usr/local/opt\ + && mkdir -p /usr/local/log\ + && chown -R openjre:openjre /usr/local/opt\ + # Users cannot modify configuration of openjre + && chmod -R g+w /usr/local/log\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/opt\ + && chmod -R g+s /usr/local/log + + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 1001 + +EXPOSE 8080 + +CMD ["jshell"] \ No newline at end of file diff --git a/Dockerfile-openjdk8-curl b/Dockerfile-openjdk8-curl new file mode 100644 index 0000000..5511f3e --- /dev/null +++ b/Dockerfile-openjdk8-curl @@ -0,0 +1,81 @@ +# docker build -t bnppwmis/openjdk:8-alpine . -f Dockerfile-openjdk8-curl --no-cache +FROM alpine:latest +MAINTAINER "Sathya KUMARASWAMY " +ENV OS_RELEASE="Alpine Linux v3.16.2" +COPY Dockerfile-openjdk8-curl /tmp + +# Installed main dependencies: +# ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.11.0-r0 x86_64: To support freetype fonts +# openjre: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run openjre in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=1.8.0_345-b01 +RUN set -eux;\ + apk update \ + && apk upgrade \ + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + && apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ + rm -rf /var/cache/apk/* && \ + curl --version && \ + ping -c4 localhost && \ + nc -h + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + +# User Management +# Add custom group openjre with 1001 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 1001 openjre + +# Add custom user openjre with same uid 1001 as gid to avoid conflict with exist user +# User with no home directory, no password, group as openjre and username as openjre +RUN adduser -H -D -G openjre -u 1001 openjre + +# We put the openjre user as the owner of the folder of openjre to limit access to openjre process on container resources +RUN set -eux;\ + mkdir -p /usr/local/opt\ + && mkdir -p /usr/local/log\ + && chown -R openjre:openjre /usr/local/opt\ + # Users cannot modify configuration of openjre + && chmod -R g+w /usr/local/log\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/opt\ + && chmod -R g+s /usr/local/log + + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 1001 + +EXPOSE 8080 + +CMD ["jshell"] \ No newline at end of file From 188f52a1f101623752278d608ec4001fac0c4330 Mon Sep 17 00:00:00 2001 From: Sathya Narayanan K Date: Sat, 12 Nov 2022 12:08:42 +0530 Subject: [PATCH 08/11] 9.0.68 tomcat --- Dockerfile-tomcat-jre-17-curl | 6 +++--- Dockerfile-tomcat-jre-8-curl | 4 ++-- Dockerfile-tomcat-jre-curl | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl index 74fa27f..22169e9 100644 --- a/Dockerfile-tomcat-jre-17-curl +++ b/Dockerfile-tomcat-jre-17-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.67.0-alpine-jre-17.0.4.1-r0 . -f Dockerfile-tomcat-jre-17-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.68.0-alpine-jre-17.0.5.1-r0 . -f Dockerfile-tomcat-jre-17-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -25,7 +25,7 @@ ENV OS_RELEASE="Alpine Linux v3.16.2" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=17.0.4.1+1-alpine-r0 +ENV JAVA_VERSION=17.0.5.1+8-alpine-r0 COPY Dockerfile-tomcat-jre-17-curl /tmp RUN set -eux;\ @@ -80,7 +80,7 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.67 +ENV TOMCAT_VERSION 9.0.68 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 diff --git a/Dockerfile-tomcat-jre-8-curl b/Dockerfile-tomcat-jre-8-curl index d817ca9..0034685 100644 --- a/Dockerfile-tomcat-jre-8-curl +++ b/Dockerfile-tomcat-jre-8-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.67.0-alpine-jre-1.8.0-345-01-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.68.0-alpine-jre-1.8.0-345-01-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " ENV OS_RELEASE="Alpine Linux v3.16.2" @@ -68,7 +68,7 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.67 +ENV TOMCAT_VERSION 9.0.68 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 diff --git a/Dockerfile-tomcat-jre-curl b/Dockerfile-tomcat-jre-curl index 1931a9d..a699319 100644 --- a/Dockerfile-tomcat-jre-curl +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.67.0-alpine-jre-11.0.16.1-r1 . -f Dockerfile-tomcat-jre-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.68.0-alpine-jre-11.0.17.1-r1 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -26,7 +26,7 @@ ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/lib/server/libjvm.so /usr/lib/jvm/default-jvm/jre/lib ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.16.1+1-alpine-r0 +ENV JAVA_VERSION=11.0.17.1+8-alpine-r0 RUN set -eux;\ apk update \ @@ -80,7 +80,7 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.67 +ENV TOMCAT_VERSION 9.0.68 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 From 14e5d48443a1e671b324de4c49efb2b34a653618 Mon Sep 17 00:00:00 2001 From: Sathya Narayanan K Date: Sat, 14 Jan 2023 12:52:23 +0530 Subject: [PATCH 09/11] Tomcat 9.0.70 with OpenJDK8,11,17 --- Dockerfile-alpine-jre11 | 2 +- Dockerfile-alpine-jre17 | 2 +- Dockerfile-openjdk11-curl | 13 ++++++------- Dockerfile-openjdk17-curl | 15 ++++++++------- Dockerfile-openjdk8-curl | 10 +++++----- Dockerfile-tomcat-jre-17-curl | 19 ++++++++++--------- Dockerfile-tomcat-jre-8-curl | 16 ++++++++-------- Dockerfile-tomcat-jre-curl | 18 +++++++++--------- 8 files changed, 48 insertions(+), 47 deletions(-) diff --git a/Dockerfile-alpine-jre11 b/Dockerfile-alpine-jre11 index faed730..7802f4e 100644 --- a/Dockerfile-alpine-jre11 +++ b/Dockerfile-alpine-jre11 @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.44.0-alpine-jre-11.0.10 . -f Dockerfile-tomcat-jre --no-cache +# docker build -t alpine-jre11 . -f Dockerfile-alpine-jre11 --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ diff --git a/Dockerfile-alpine-jre17 b/Dockerfile-alpine-jre17 index cd9c923..bcde8b2 100644 --- a/Dockerfile-alpine-jre17 +++ b/Dockerfile-alpine-jre17 @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.44.0-alpine-jre-17.0.10 . -f Dockerfile-tomcat-jre-17 --no-cache +# docker build -t alpine-jre17 . -f Dockerfile-alpine-jre17 --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ diff --git a/Dockerfile-openjdk11-curl b/Dockerfile-openjdk11-curl index 737182d..ee87c60 100644 --- a/Dockerfile-openjdk11-curl +++ b/Dockerfile-openjdk11-curl @@ -1,4 +1,4 @@ -# docker build -t bnppwmis/openjdk:11-alpine . -f Dockerfile-openjdk11-curl --no-cache +# docker build -t sathya1104/openjdk:11-alpine . -f Dockerfile-openjdk11-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -11,16 +11,15 @@ COPY Dockerfile-openjdk11-curl /tmp FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16.2" +ENV OS_RELEASE="Alpine Linux v3.17.1" # Installed main dependencies: -# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL -# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes # freetype-2.12.1-r0 x86_64: To support freetype fonts -# openjdk: Java Runtime Container - +# openjre: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre # Set JRE_HOME not JAVA_HOME as we don't intend to run openjdk in debug mode ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk diff --git a/Dockerfile-openjdk17-curl b/Dockerfile-openjdk17-curl index ad1a2c1..cb7e07e 100644 --- a/Dockerfile-openjdk17-curl +++ b/Dockerfile-openjdk17-curl @@ -1,4 +1,4 @@ -# docker build -t bnppwmis/openjdk:17-alpine . -f Dockerfile-openjdk17-curl --no-cache +# docker build -t sathya1104/openjdk:17-alpine . -f Dockerfile-openjdk17-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk17 over openjdk17-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -11,15 +11,16 @@ COPY Dockerfile-openjdk17-curl /tmp FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16.2" +ENV OS_RELEASE="Alpine Linux v3.17.1" # Installed main dependencies: -# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL -# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes # freetype-2.12.1-r0 x86_64: To support freetype fonts -# Tomcat: Java Runtime Container +# openjre: Java Runtime Container + # https://adoptopenjdk.net/installation.html#x64_linux-jre # Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode @@ -27,7 +28,7 @@ ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} COPY --from=stage-0 /tmp/Dockerfile-openjdk17-curl /tmp ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=17.0.5+8-alpine-r0 +ENV JAVA_VERSION=17.0.5+8-alpine-r2 RUN set -eux;\ apk update \ diff --git a/Dockerfile-openjdk8-curl b/Dockerfile-openjdk8-curl index 5511f3e..84d9449 100644 --- a/Dockerfile-openjdk8-curl +++ b/Dockerfile-openjdk8-curl @@ -1,15 +1,15 @@ -# docker build -t bnppwmis/openjdk:8-alpine . -f Dockerfile-openjdk8-curl --no-cache +# docker build -t sathya1104/openjdk:8-alpine . -f Dockerfile-openjdk8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16.2" +ENV OS_RELEASE="Alpine Linux v3.17.1" COPY Dockerfile-openjdk8-curl /tmp # Installed main dependencies: -# ca-certificates-bundle-20211220-r0 x86_64: for certificate management to support SSL +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL # openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.13.1-r4 x86_64 : For supporting UI/ Fonts for reporting purposes -# freetype-2.11.0-r0 x86_64: To support freetype fonts +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts # openjre: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl index 22169e9..bb0d6ed 100644 --- a/Dockerfile-tomcat-jre-17-curl +++ b/Dockerfile-tomcat-jre-17-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.68.0-alpine-jre-17.0.5.1-r0 . -f Dockerfile-tomcat-jre-17-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.71.0-alpine-jre-17.0.5.1-r2 . -f Dockerfile-tomcat-jre-17-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -10,22 +10,23 @@ RUN set -eux;\ FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16.2" +ENV OS_RELEASE="Alpine Linux v3.17.1" # Installed main dependencies: -# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL -# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes # freetype-2.12.1-r0 x86_64: To support freetype fonts -# Tomcat: Java Runtime Container +# openjre: Java Runtime Container + # https://adoptopenjdk.net/installation.html#x64_linux-jre # Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=17.0.5.1+8-alpine-r0 +ENV JAVA_VERSION=17.0.5.1+8-alpine-r2 COPY Dockerfile-tomcat-jre-17-curl /tmp RUN set -eux;\ @@ -80,11 +81,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.68 +ENV TOMCAT_VERSION 9.0.71 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 f3c4841754640a21842de9d8ec4674b1a072d42f3ba9d1accea143a61ac4f77b06c789fbcc395c23ed2154ec7e7cd76e6d39743e544f7c6f2022967e8a2334d5 +# ENV TOMCAT_SHA512 6a747e68eff4b68a8defba111103ef6b1606030c180143de0419d015052a5567fca1a86e3d3e058a10246c02b98e89431e9344f80475189573fa0d5c70bfb4cb # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre-8-curl b/Dockerfile-tomcat-jre-8-curl index 0034685..a338c79 100644 --- a/Dockerfile-tomcat-jre-8-curl +++ b/Dockerfile-tomcat-jre-8-curl @@ -1,15 +1,15 @@ -# docker build -t sathya1104/tomcat-custom:9.0.68.0-alpine-jre-1.8.0-345-01-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.70.0-alpine-jre-1.8.0-345-01-r0 . -f Dockerfile-tomcat-jre-8-curl --no-cache FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16.2" +ENV OS_RELEASE="Alpine Linux v3.17.1" # Installed main dependencies: -# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL -# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes # freetype-2.12.1-r0 x86_64: To support freetype fonts -# Tomcat: Java Runtime Container +# openjre: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre # Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode @@ -68,11 +68,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.68 +ENV TOMCAT_VERSION 9.0.70 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 f3c4841754640a21842de9d8ec4674b1a072d42f3ba9d1accea143a61ac4f77b06c789fbcc395c23ed2154ec7e7cd76e6d39743e544f7c6f2022967e8a2334d5 +# ENV TOMCAT_SHA512 9b57b332f4cfb2c4b9250b95924314507ebafec44f732e755be96d35e1a50d98ca3ea11a8c62e0c6fde2541d31a981f5ca792ea9931b2551b81b495932474726 # Install Tomcat RUN set -eux;\ diff --git a/Dockerfile-tomcat-jre-curl b/Dockerfile-tomcat-jre-curl index a699319..a48c83d 100644 --- a/Dockerfile-tomcat-jre-curl +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.68.0-alpine-jre-11.0.17.1-r1 . -f Dockerfile-tomcat-jre-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.70.0-alpine-jre-11.0.17.1-r3 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -10,15 +10,15 @@ RUN set -eux;\ FROM alpine:latest MAINTAINER "Sathya KUMARASWAMY " -ENV OS_RELEASE="Alpine Linux v3.16.2" +ENV OS_RELEASE="Alpine Linux v3.17.1" # Installed main dependencies: -# ca-certificates-bundle-20220614-r0 x86_64: for certificate management to support SSL -# openjdk11-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ # https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a -# fontconfig-2.14.0-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes # freetype-2.12.1-r0 x86_64: To support freetype fonts -# Tomcat: Java Runtime Container +# openjre: Java Runtime Container # https://adoptopenjdk.net/installation.html#x64_linux-jre # Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode @@ -26,7 +26,7 @@ ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/lib/server/libjvm.so /usr/lib/jvm/default-jvm/jre/lib ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.17.1+8-alpine-r0 +ENV JAVA_VERSION=11.0.17.1+8-alpine-r3 RUN set -eux;\ apk update \ @@ -80,11 +80,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.68 +ENV TOMCAT_VERSION 9.0.70 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 f3c4841754640a21842de9d8ec4674b1a072d42f3ba9d1accea143a61ac4f77b06c789fbcc395c23ed2154ec7e7cd76e6d39743e544f7c6f2022967e8a2334d5 +# ENV TOMCAT_SHA512 9b57b332f4cfb2c4b9250b95924314507ebafec44f732e755be96d35e1a50d98ca3ea11a8c62e0c6fde2541d31a981f5ca792ea9931b2551b81b495932474726 # Install Tomcat RUN set -eux;\ From a93cae69028e82d45cbe26097fa0386fb359686f Mon Sep 17 00:00:00 2001 From: Sathya Narayanan K Date: Fri, 27 Jan 2023 22:54:34 +0530 Subject: [PATCH 10/11] tomcat release 9.0.71 setup --- Dockerfile-adoptium-temurin-jdk8 | 110 ++++++++++++ Dockerfile-tomcat-jre-adoptium-temurin-jdk17 | 10 +- Dockerfile-tomcat-jre-adoptium-temurin-jdk8 | 171 +++++++++++++++++++ Dockerfile-tomcat-jre-curl | 8 +- 4 files changed, 293 insertions(+), 6 deletions(-) create mode 100644 Dockerfile-adoptium-temurin-jdk8 create mode 100644 Dockerfile-tomcat-jre-adoptium-temurin-jdk8 diff --git a/Dockerfile-adoptium-temurin-jdk8 b/Dockerfile-adoptium-temurin-jdk8 new file mode 100644 index 0000000..53934f5 --- /dev/null +++ b/Dockerfile-adoptium-temurin-jdk8 @@ -0,0 +1,110 @@ +# docker build -t sathya1104/openjdk:8-alpine-temurin . -f Dockerfile-adoptium-temurin-jdk8 --no-cache + +FROM alpine:latest + +# Download jdk binary from temurin github (in future add sha checksum verification) +# Use jlink and we can use it remove more default modules and reduce image size + +# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS +# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) + + +ENV JDK_MAJOR 8 +ENV JDK_VERSION 8u362b09 +ENV JDK_PATCH_VERSION jdk8u362 +ENV JDK_BUILD_VERSION b09 + +ENV JDK_DOWNLOAD_URL https://github.com/adoptium/temurin8-binaries/releases/download/${JDK_PATCH_VERSION}-${JDK_BUILD_VERSION}/OpenJDK8U-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz + +WORKDIR /root + +# Download JDK +RUN set -eux;\ + mkdir -p /usr/lib/jvm/default-jvm/ \ + && wget "$JDK_DOWNLOAD_URL" -qO /usr/lib/jvm/default-jvm/OpenJDK8-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz\ + && tar -xf /usr/lib/jvm/default-jvm/OpenJDK8-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz -C /usr/lib/jvm/default-jvm/ --strip-components=1\ + && rm -rf /usr/lib/jvm/default-jvm/OpenJDK8-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz + + +ENV OS_RELEASE="Alpine Linux v3.17" + +# Installed main dependencies: +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts +# openjre: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY Dockerfile-tomcat-jre-adoptium-temurin-jdk8 /tmp +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=1.8.0_362 + +RUN set -eux;\ + + # CIS-4.7 Ensure update instructions are not use alone in the Dockerfile + # apk update \ + # && apk upgrade \ + # && apk add --no-cache ca-certificates\ + + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ + rm -rf /var/cache/apk/* && \ + curl --version && \ + ping -c4 localhost && \ + nc -h + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + +# User Management +# Add custom group openjre with 1001 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 1001 openjre + +# Add custom user openjre with same uid 1001 as gid to avoid conflict with exist user +# User with no home directory, no password, group as openjre and username as openjre +RUN adduser -H -D -G openjre -u 1001 openjre + +# We put the openjre user as the owner of the folder of openjre to limit access to openjre process on container resources +RUN set -eux;\ + mkdir -p /usr/local/opt\ + && mkdir -p /usr/local/log\ + && chown -R openjre:openjre /usr/local/opt\ + # Users cannot modify configuration of openjre + && chmod -R g+w /usr/local/log\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/opt\ + && chmod -R g+s /usr/local/log + + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 1001 + +EXPOSE 8080 + +CMD ["jshell"] \ No newline at end of file diff --git a/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 b/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 index c726859..5c28627 100644 --- a/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 +++ b/Dockerfile-tomcat-jre-adoptium-temurin-jdk17 @@ -23,7 +23,6 @@ WORKDIR /root RUN set -eux;\ mkdir -p target/alpine-linux/x64/hotspot/ \ && wget "$JDK_DOWNLOAD_URL" -qO target/alpine-linux/x64/hotspot/OpenJDK17-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz\ -# && wget -qO- "$JDK_SHA512_URL" | sha512sum -c -\ && tar -xf target/alpine-linux/x64/hotspot/OpenJDK17-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz --strip-components=1 RUN set -eux \ @@ -68,8 +67,15 @@ RUN set -eux;\ && rm -rf /var/cache/apk/* RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ rm -rf /var/cache/apk/* && \ - curl --version + curl --version && \ + ping -c4 localhost && \ + nc -h # COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt # COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates diff --git a/Dockerfile-tomcat-jre-adoptium-temurin-jdk8 b/Dockerfile-tomcat-jre-adoptium-temurin-jdk8 new file mode 100644 index 0000000..ee11203 --- /dev/null +++ b/Dockerfile-tomcat-jre-adoptium-temurin-jdk8 @@ -0,0 +1,171 @@ +# docker build -t sathya1104/tomcat-custom:9.0.71.0-alpine-temurin-jre-8.0.362-r1 . -f Dockerfile-tomcat-jre-adoptium-temurin-jdk8 --no-cache + +FROM alpine:latest + +# Download jdk binary from temurin github (in future add sha checksum verification) +# Use jlink and we can use it remove more default modules and reduce image size + +# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS +# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) + + +ENV JDK_MAJOR 8 +ENV JDK_VERSION 8u362b09 +ENV JDK_PATCH_VERSION jdk8u362 +ENV JDK_BUILD_VERSION b09 + +ENV JDK_DOWNLOAD_URL https://github.com/adoptium/temurin8-binaries/releases/download/${JDK_PATCH_VERSION}-${JDK_BUILD_VERSION}/OpenJDK8U-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz + +WORKDIR /root + +# Download JDK +RUN set -eux;\ + mkdir -p /usr/lib/jvm/default-jvm/ \ + && wget "$JDK_DOWNLOAD_URL" -qO /usr/lib/jvm/default-jvm/OpenJDK8-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz\ + && tar -xf /usr/lib/jvm/default-jvm/OpenJDK8-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz -C /usr/lib/jvm/default-jvm/ --strip-components=1\ + && rm -rf /usr/lib/jvm/default-jvm/OpenJDK8-jdk_x64_alpine-linux_hotspot_${JDK_VERSION}.tar.gz + + + +ENV OS_RELEASE="Alpine Linux v3.17" + +# Installed main dependencies: +# ca-certificates-bundle-20220614-r4 x86_64: for certificate management to support SSL +# openjdk8-jre: OpenJDK built by Timo Teräs from https://icedtea.classpath.org/ +# https://git.alpinelinux.org/aports/commit/?id=f10a27abc4a038853c5b0f74655a1ca75356c93a +# fontconfig-2.14.1-r0 x86_64 : For supporting UI/ Fonts for reporting purposes +# freetype-2.12.1-r0 x86_64: To support freetype fonts +# openjre: Java Runtime Container + +# https://adoptopenjdk.net/installation.html#x64_linux-jre +# Set JRE_HOME not JAVA_HOME as we don't intend to run tomcat in debug mode +ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre +COPY Dockerfile-tomcat-jre-adoptium-temurin-jdk8 /tmp +ENV PATH=${JRE_HOME}/bin:$PATH +ENV JAVA_VERSION=1.8.0_362 + +RUN set -eux;\ + + # CIS-4.7 Ensure update instructions are not use alone in the Dockerfile + # apk update \ + # && apk upgrade \ + # && apk add --no-cache ca-certificates\ + + # Now Add Support for cacerts + # https://hackernoon.com/alpine-docker-image-with-secured-communication-ssl-tls-go-restful-api-128eb6b54f1f + apk add --no-cache ca-certificates\ + + # Now Add Support for UI/Font configurations + # java.lang.UnsatisfiedLinkError: /usr/local/openjdk-11/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory + # java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11FontManager + # https://github.com/docker-library/openjdk/pull/235#issuecomment-424466077 + \fontconfig freetype\ + + && rm -rf /var/cache/apk/* + +RUN apk add --update curl && \ + apk add --update iputils && \ + apk add --update netcat-openbsd && \ + apk add --update tzdata && \ + apk add --update openssl && \ + apk add --update lcms2 && \ + rm -rf /var/cache/apk/* && \ + curl --version && \ + ping -c4 localhost && \ + nc -h + +# COPY ./org-cacert-bundle.crt /usr/local/share/ca-certificates/mycert.crt +# COPY --from stage-0 /usr/local/share/ca-certificates /usr/local/share/ca-certificates +RUN set -eux;\ + chmod 755 /usr/local/share/ca-certificates\ + && update-ca-certificates\ + # Load Organisational fonts + && mkdir -p /usr/share/fonts/default/TrueType +# COPY --from stage-0 /tmp/custom-fonts/ /usr/share/fonts/default/TrueType + + +# Inspired from https://github.com/docker-library/tomcat/blob/d570ad0cee10e4526bcbb03391b2c0e322b59313/9.0/jdk11/openjdk-slim/Dockerfile +ENV CATALINA_HOME /usr/local/tomcat +ENV PATH $CATALINA_HOME/bin:$PATH +RUN mkdir -p "$CATALINA_HOME" + +WORKDIR $CATALINA_HOME + +# let "Tomcat Native" live somewhere isolated +ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib +ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR + +# see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS +# see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) +ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 + +ENV TOMCAT_MAJOR 9 +ENV TOMCAT_VERSION 9.0.71 +ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz +ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 +# https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 +# ENV TOMCAT_SHA512 6a747e68eff4b68a8defba111103ef6b1606030c180143de0419d015052a5567fca1a86e3d3e058a10246c02b98e89431e9344f80475189573fa0d5c70bfb4cb + +# Install Tomcat +RUN set -eux;\ + wget "$TOMCAT_DOWNLOAD_URL" -qO apache-tomcat-${TOMCAT_VERSION}.tar.gz\ + && wget -qO- "$TOMCAT_SHA512_URL" | sha512sum -c -\ + && mkdir -p /usr/local/tomcat\ + && tar -xf apache-tomcat-${TOMCAT_VERSION}.tar.gz --strip-components=1\ + && rm bin/*.bat\ + && rm apache-tomcat-${TOMCAT_VERSION}.tar.gz*\ + && rm -rf webapps\ + && mkdir webapps\ + && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env sh|' '{}' + \ + && chmod -R +rX . \ + && chmod 777 logs temp work + +#Create config and log folders +RUN mkdir -p ${CATALINA_HOME}/conf/ ${CATALINA_HOME}/logs/ ${CATALINA_HOME}/config/ + +# Copy Custom init scripts if required +# COPY bin/setenv.sh ${CATALINA_HOME}/bin/setenv.sh + +# Remove default Tomcat installation files +RUN rm -rf ${CATALINA_HOME}/webapps/* +# COPY conf/context.xml $CATALINA_HOME/conf/context.xml +# COPY conf/server.xml $CATALINA_HOME/conf/server.xml +# COPY conf/web.xml $CATALINA_HOME/conf/web.xml +# COPY conf/logging.properties $CATALINA_HOME/conf/logging.properties +# Copy any additional organisational default files to override tomcat default config files + +# User Management +# Add custom group tomcat with 61000 as a groupid to avoid conflicts with any existing groups +RUN addgroup -g 61000 tomcat + +# Add custom user tomcat with same uid 61000 as gid to avoid conflict with exist user +# User with no home directory, no password, group as tomcat and username as tomcat +RUN adduser -H -D -G tomcat -u 61000 tomcat + +# We put the tomcat user as the owner of the folder of tomcat to limit access to tomcat process on container resources +RUN set -eux;\ + chown -R tomcat:tomcat /usr/local/tomcat\ + # Users cannot modify configuration of tomcat + && chmod -R g+r /usr/local/tomcat/conf\ + # Users can modify the other folders + && chmod -R g+w /usr/local/tomcat/logs\ + && chmod -R g+w /usr/local/tomcat/temp\ + && chmod -R g+w /usr/local/tomcat/webapps\ + && chmod -R g+w /usr/local/tomcat/work\ + # Activate the sticky-bit for new files keep permissions defined: + && chmod -R g+s /usr/local/tomcat/conf\ + && chmod -R g+s /usr/local/tomcat/logs\ + && chmod -R g+s /usr/local/tomcat/temp\ + && chmod -R g+s /usr/local/tomcat/webapps\ + && chmod -R g+s /usr/local/tomcat/work + +# Set Execute permissions on init script +# RUN chown tomcat:tomcat ${CATALINA_HOME}/bin/setenv.sh +# RUN chmod 750 ${CATALINA_HOME}/bin/setenv.sh + +# Set user as tocmat by uid to be compatible with kubernetes psp +USER 61000 + +EXPOSE 8080 + +CMD [ "catalina.sh", "run" ] \ No newline at end of file diff --git a/Dockerfile-tomcat-jre-curl b/Dockerfile-tomcat-jre-curl index a48c83d..4ae4301 100644 --- a/Dockerfile-tomcat-jre-curl +++ b/Dockerfile-tomcat-jre-curl @@ -1,4 +1,4 @@ -# docker build -t sathya1104/tomcat-custom:9.0.70.0-alpine-jre-11.0.17.1-r3 . -f Dockerfile-tomcat-jre-curl --no-cache +# docker build -t sathya1104/tomcat-custom:9.0.71.0-alpine-jre-11.0.18.10-r0 . -f Dockerfile-tomcat-jre-curl --no-cache FROM alpine:latest AS stage-0 # Prefer openjdk11 over openjdk11-jre for jlink and we can use it remove more default modules and reduce image size RUN set -eux;\ @@ -26,7 +26,7 @@ ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/bin/jre ${JRE_HOME} COPY --from=stage-0 /usr/lib/jvm/default-jvm/jre/lib/server/libjvm.so /usr/lib/jvm/default-jvm/jre/lib ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=11.0.17.1+8-alpine-r3 +ENV JAVA_VERSION=11.0.18+10-alpine-r0 RUN set -eux;\ apk update \ @@ -80,11 +80,11 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.70 +ENV TOMCAT_VERSION 9.0.71 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 -# ENV TOMCAT_SHA512 9b57b332f4cfb2c4b9250b95924314507ebafec44f732e755be96d35e1a50d98ca3ea11a8c62e0c6fde2541d31a981f5ca792ea9931b2551b81b495932474726 +# ENV TOMCAT_SHA512 6a747e68eff4b68a8defba111103ef6b1606030c180143de0419d015052a5567fca1a86e3d3e058a10246c02b98e89431e9344f80475189573fa0d5c70bfb4cb # Install Tomcat RUN set -eux;\ From 72bb98248658782ec44f4a1ca82b4385eafde21b Mon Sep 17 00:00:00 2001 From: santhos <30488444+santhosm@users.noreply.github.com> Date: Thu, 16 Mar 2023 09:46:26 +0530 Subject: [PATCH 11/11] update docker version --- Dockerfile-tomcat-jre-17-curl | 2 +- Dockerfile-tomcat-jre-8-curl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile-tomcat-jre-17-curl b/Dockerfile-tomcat-jre-17-curl index bb0d6ed..d532515 100644 --- a/Dockerfile-tomcat-jre-17-curl +++ b/Dockerfile-tomcat-jre-17-curl @@ -81,7 +81,7 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.71 +ENV TOMCAT_VERSION 9.0.73 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 diff --git a/Dockerfile-tomcat-jre-8-curl b/Dockerfile-tomcat-jre-8-curl index a338c79..e34ddd3 100644 --- a/Dockerfile-tomcat-jre-8-curl +++ b/Dockerfile-tomcat-jre-8-curl @@ -16,7 +16,7 @@ ENV OS_RELEASE="Alpine Linux v3.17.1" ENV JRE_HOME=/usr/lib/jvm/default-jvm/jre RUN apk --no-cache --virtual add openjdk8-jre --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community ENV PATH=${JRE_HOME}/bin:$PATH -ENV JAVA_VERSION=1.8.0_345-b01 +ENV JAVA_VERSION=1.8.0_362-b01 RUN set -eux;\ apk update \ && apk upgrade \ @@ -68,7 +68,7 @@ ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR ENV GPG_KEYS 48F8E69F6390C9F25CFEDCD268248959359E722B A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 ENV TOMCAT_MAJOR 9 -ENV TOMCAT_VERSION 9.0.70 +ENV TOMCAT_VERSION 9.0.73 ENV TOMCAT_DOWNLOAD_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz ENV TOMCAT_SHA512_URL https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 # https://downloads.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512