simplify and harden docker implementation
Mergedfattalion merged 2 commits from
master3 months ago
Reference in New Issue
There is no content yet.
Delete Branch ':master'
Deleting a branch is permanent. It CANNOT be undone. Continue?
This PR fixes the currently broken Dockerfile. As referenced via #4, I have pinned the version at Python 3.10 currently due to an out-of-date LXML in the main SimplyTranslateWeb repository.
Dockerfile: instead of using a Debian-based image, we switch to Alpine. We don't need to update and upgrade a docker container usually so we can just pull what we need. In my tests, the current Dockerfile will result in a 1.46 GB image. With these patches, the new Dockerfile will result in a 262.59 MB image; a significant reduction in image size and a faster overall build time.
user: this is set to
nobody, the least privileged account.
read_only: this is set to true, this container doesn't write anything to the filesystem.
security_opt: there's a lot of settings, but the important on is that the container doesn't get any privileges when asking for them.
cap_drop: this drops all capabilities like CHOWN, SETUID, etc.
networks: this puts
simplytranslatein its own separate bridge network where it cannot talk to other containers.
I have a PR pending for SimpleWeb/SimplyTranslate-Engines#19. If that gets merged, we can build with the
python:alpineimage instead of pinning 3.10.
The PR from SimpleWeb/SimplyTranslate-Engines#19 has been merged. Making a patch to 3.11
#4 is fixed and can be closed now with this patch as well as #3.
I don't use Docker and know next to nothing about it, so I can't test this. Can you please test this @mohammad.rafigh and @schklom?
This is working well on both my amd64 and arm64 machine 💯
6799c9d7e0into master 3 months ago
Sorry for delay. I also confirm this is fixed.