Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerfile optimization #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

IvanBayan
Copy link

Dockerfile modifications, allow to reduce build time and size.

➜  Part-DB git:(master) ✗ time docker build -t partdb/original . > /tmp/partdb_original 
docker build -t partdb/original . > /tmp/partdb_original  0.47s user 0.29s system 0% cpu 5:20.56 total
➜  Part-DB git:(master) ✗ git checkout docker
M	docker-compose.yml
Switched to branch 'docker'
➜  Part-DB git:(docker) ✗ time docker build -t partdb/optimized . > /tmp/partdb_optimized
docker build -t partdb/optimized . > /tmp/partdb_optimized  0.42s user 0.28s system 0% cpu 2:53.87 total
➜  Part-DB git:(docker) ✗ docker image ls|grep partdb/
partdb/optimized                                       latest              90dc38b9ea00        2 minutes ago       733MB
partdb/original                                        latest              d5d61bf91a22        32 minutes ago      1.15GB

Files/directories permissions is a topic to discuss.

Dockerfile modifications, allow to reduce build time and size.
Files/directories permissions is a topic to discuss.
@jbtronics
Copy link
Member

Has you tested what happens when you keep the section that sets permissions (the find and chmod stuff)?
I dont think that this should have a big impact on build time.

On the other hand you dont have any other users in the container, so i does not make much sense trying to protect the files against other users...

@IvanBayan
Copy link
Author

Yes, I had. It's doubled the size of image and build time. You can read more about it there.
Docker was developed with container isolation in mind, so even if you run apache as root it will not so easy to harm docker host, anyway I like idea to grant minimal required permissions.
If you want to protect code from modification in case of break in, then better idea to change owner of files to root:root. If you want to protect code against other users (in case of shared hosting for example), chowning to www-data|: will not work.
Do you need data dir writable only for saving config file or you use it as upload dir too?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants