authelia/Dockerfile.arm64v8
Clément Michaud b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00

67 lines
2.0 KiB
Docker

# =======================================
# ===== Build image for the backend =====
# =======================================
FROM golang:1.14.2-alpine AS builder-backend
ARG BUILD_TAG
ARG BUILD_COMMIT
ARG CC_VERSION="v15"
# gcc cross-compiler is required for building go-sqlite3
RUN apk --no-cache add curl && \
curl -Lfs -o /tmp/gcc-9.2.0-aarch64-linux-musl.tar.xz "https://github.com/just-containers/musl-cross-make/releases/download/${CC_VERSION}/gcc-9.2.0-aarch64-linux-musl.tar.xz" && \
tar xf /tmp/gcc-9.2.0-aarch64-linux-musl.tar.xz -C /
WORKDIR /go/src/app
COPY go.mod go.sum ./
RUN go mod download
COPY cmd cmd
COPY internal internal
# Set the build version and time
RUN echo "Write tag ${BUILD_TAG} and commit ${BUILD_COMMIT} in binary." && \
sed -i "s/__BUILD_TAG__/${BUILD_TAG}/" cmd/authelia/constants.go && \
sed -i "s/__BUILD_COMMIT__/${BUILD_COMMIT}/" cmd/authelia/constants.go
# CGO_ENABLED=1 is mandatory for building go-sqlite3
RUN cd cmd/authelia && \
GOOS=linux GOARCH=arm64 CGO_ENABLED=1 CC=aarch64-linux-musl-gcc go build -tags netgo -ldflags '-w -linkmode external -extldflags -static' -trimpath -o authelia
# ========================================
# ===== Build image for the frontend =====
# ========================================
FROM node:12-alpine AS builder-frontend
WORKDIR /node/src/app
COPY web .
# Install the dependencies and build
RUN yarn install --frozen-lockfile && INLINE_RUNTIME_CHUNK=false yarn build
# ===================================
# ===== Authelia official image =====
# ===================================
FROM arm64v8/alpine:3.11.3
COPY ./qemu-aarch64-static /usr/bin/qemu-aarch64-static
RUN apk --no-cache add ca-certificates tzdata && \
rm /usr/bin/qemu-aarch64-static
WORKDIR /usr/app
COPY --from=builder-backend /go/src/app/cmd/authelia/authelia ./
COPY --from=builder-frontend /node/src/app/build public_html
EXPOSE 9091
VOLUME /etc/authelia
VOLUME /var/lib/authelia
ENV PATH="/usr/app:${PATH}"
CMD ["./authelia", "--config", "/etc/authelia/configuration.yml"]