Merge pull request #1 from mendhak/master

RaSla · web-flow · commit 35708277c89b · 2020-12-23T23:08:07.000+05:00
Sync to upstream v16
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,31 @@
+
+## Version `16` - 2020-12-22
+
+* Dockerfile optimisation, slightly smaller image size
+* This changelog added to the repo
+
+## Version `15` - 2020-12-15
+
+* The image now runs as a non-root user by default. 
+
+## Version `14` - 2020-11-26
+
+* Optionally allow running as a non root user. 
+
+```
+docker run --user node -e HTTP_PORT=8080 -e HTTPS_PORT=8443 -p 8080:8080 -p 8443:8443 --rm mendhak/http-https-echo:issue-14-non-root
+#or
+docker run --user node --sysctl net.ipv4.ip_unprivileged_port_start=0 -p 8080:80 -p 8443:443 --rm mendhak/http-https-echo:issue-14-non-root
+```
+
+## Version `latest` and others
+
+_Note: The `latest` tag is no longer being built, I've removed it from the automated builds. Please don't use the `latest` tag any longer._
+
+* JWT header
+* Choose your own ports
+* Choose your own certs
+* Ignore a specific path
+* JSON payloads
+* Single line log output
+
diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,26 @@
-FROM node:14-alpine
+FROM node:14-alpine AS build
 
 WORKDIR /app
 COPY . /app
-ENV HTTP_PORT=8080 HTTPS_PORT=8443
-
-RUN npm install --production
-RUN apk --no-cache add openssl && sh generate-cert.sh && rm -rf /var/cache/apk/*
 
-RUN chmod -R 775 /app
-RUN chown -R node:node /app
+RUN set -ex \
+  # Build JS-Application
+  && npm install --production \
+  # Generate SSL-certificate (for HTTPS)
+  && apk --no-cache add openssl \
+  && sh generate-cert.sh \
+  && apk del openssl \
+  && rm -rf /var/cache/apk/* \
+  # Delete unnecessary files
+  && rm package* generate-cert.sh \
+  # Correct User's file access
+  && chown -R node:node /app
 
+FROM node:14-alpine AS final
+WORKDIR /app
+COPY --from=build /app /app
+ENV HTTP_PORT=8080 HTTPS_PORT=8443
+EXPOSE $HTTP_PORT
+EXPOSE $HTTPS_PORT
 USER 1000
-
 CMD ["node", "./index.js"]
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ Please do not use the `:latest` tag as it will break without warning, use a spec
 
 Run with Docker
 
-    docker run -p 8080:8080 -p 8443:8443 --rm -t mendhak/http-https-echo:15
+    docker run -p 8080:8080 -p 8443:8443 --rm -t mendhak/http-https-echo:16
 
 Or run with Docker Compose
 
@@ -35,13 +35,13 @@ You can choose a different internal port instead of 8080 and 8443 with the `HTTP
 
 In this example I'm setting http to listen on 8888, and https to listen on 9999.
 
-     docker run -e HTTP_PORT=8888 -e HTTPS_PORT=9999 -p 8080:8888 -p 8443:9999 --rm -t mendhak/http-https-echo:15
+     docker run -e HTTP_PORT=8888 -e HTTPS_PORT=9999 -p 8080:8888 -p 8443:9999 --rm -t mendhak/http-https-echo:16
 
 
 With docker compose, this would be:
 
     my-http-listener:
-        image: mendhak/http-https-echo:15
+        image: mendhak/http-https-echo:16
         environment:
             - HTTP_PORT=8888
             - HTTPS_PORT=9999
@@ -55,7 +55,7 @@ With docker compose, this would be:
 Use volume mounting to substitute the certificate and private key with your own. This example uses the snakeoil cert.
 
     my-http-listener:
-        image: mendhak/http-https-echo:15
+        image: mendhak/http-https-echo:16
         ports:
             - "8080:8080"
             - "8443:8443"
@@ -69,7 +69,7 @@ Use volume mounting to substitute the certificate and private key with your own.
 
 If you specify the header that contains the JWT, the echo output will contain the decoded JWT.  Use the `JWT_HEADER` environment variable for this.
 
-    docker run -e JWT_HEADER=Authentication -p 8080:8080 -p 8443:8443 --rm -it mendhak/http-https-echo:15
+    docker run -e JWT_HEADER=Authentication -p 8080:8080 -p 8443:8443 --rm -it mendhak/http-https-echo:16
 
 
 Now make your request with `Authentication: eyJ...` header (it should also work with the `Authentication: Bearer eyJ...` schema too):
@@ -83,13 +83,13 @@ And in the output you should see a `jwt` section.
 Set the environment variable `LOG_IGNORE_PATH` to a path you would like to exclude from verbose logging to stdout.
 This can help reduce noise from healthchecks in orchestration/infrastructure like Swarm, Kubernetes, ALBs, etc.
 
-     docker run -e LOG_IGNORE_PATH=/ping -p 8080:8080 -p 8443:8443 --rm -t mendhak/http-https-echo:15
+     docker run -e LOG_IGNORE_PATH=/ping -p 8080:8080 -p 8443:8443 --rm -t mendhak/http-https-echo:16
 
 
 With docker compose, this would be:
 
     my-http-listener:
-        image: mendhak/http-https-echo:15
+        image: mendhak/http-https-echo:16
         environment:
             - LOG_IGNORE_PATH=/ping
         ports:
@@ -134,3 +134,13 @@ Will contain a `json` property in the response/output.
 Run some tests to make sure features are working as expected.
 
     ./tests.sh
+
+To create a new image on Docker Hub, I need to create a tag and push it. 
+
+    git tag -s 16
+    git push --tags
+
+
+## Changelog
+
+See the [changelog](CHANGELOG.md)
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,5 +1,5 @@
 my-http-listener:
-    image: mendhak/http-https-echo:15
+    image: mendhak/http-https-echo:16
     environment: 
         - HTTP_PORT=8888
         - HTTPS_PORT=9999
