You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2020/06/25 19:16:28 UTC
[GitHub] [guacamole-server] necouchman commented on a change in pull request #292: GUACAMOLE-1110: Size and security improvements for Docker images
necouchman commented on a change in pull request #292:
URL: https://github.com/apache/guacamole-server/pull/292#discussion_r445781293
##########
File path: Dockerfile
##########
@@ -100,15 +101,21 @@ ARG RUNTIME_DEPENDENCIES=" \
COPY --from=builder ${PREFIX_DIR} ${PREFIX_DIR}
# Bring runtime environment up to date and install runtime dependencies
-RUN apt-get update && \
- apt-get install -y $RUNTIME_DEPENDENCIES && \
- apt-get install -y $(cat "${PREFIX_DIR}"/DEPENDENCIES) && \
+RUN apt-get update && \
+ apt-get install -y --no-install-recommends $RUNTIME_DEPENDENCIES && \
+ apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) && \
rm -rf /var/lib/apt/lists/*
# Link FreeRDP plugins into proper path
RUN ${PREFIX_DIR}/bin/link-freerdp-plugins.sh \
${PREFIX_DIR}/lib/freerdp2/libguac*.so
+# Checks the operating status every 5 minutes with a timeout of 5 seconds
+HEALTHCHECK --interval=5m --timeout=5s CMD nc -z 127.0.0.1 4822 || exit 1
Review comment:
My Docker knowledge is fairly limited, so forgive me if this is an ignorant question, but is this a generally acceptable method for doing healthchecks? Is there some advantage to this kind of healthcheck over something like:
```
ss -tnlp|grep -q 4822 || exit 1
```
?
##########
File path: Dockerfile
##########
@@ -100,15 +101,21 @@ ARG RUNTIME_DEPENDENCIES=" \
COPY --from=builder ${PREFIX_DIR} ${PREFIX_DIR}
# Bring runtime environment up to date and install runtime dependencies
-RUN apt-get update && \
- apt-get install -y $RUNTIME_DEPENDENCIES && \
- apt-get install -y $(cat "${PREFIX_DIR}"/DEPENDENCIES) && \
+RUN apt-get update && \
+ apt-get install -y --no-install-recommends $RUNTIME_DEPENDENCIES && \
+ apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) && \
rm -rf /var/lib/apt/lists/*
# Link FreeRDP plugins into proper path
RUN ${PREFIX_DIR}/bin/link-freerdp-plugins.sh \
${PREFIX_DIR}/lib/freerdp2/libguac*.so
+# Checks the operating status every 5 minutes with a timeout of 5 seconds
+HEALTHCHECK --interval=5m --timeout=5s CMD nc -z 127.0.0.1 4822 || exit 1
+
+# Run with user nobody
+USER nobody
Review comment:
I'm curious if this will work with FreeRDP 2.x in this particular Docker environment, particularly given the issues we've seen with FreeRDP requiring a writable home directory for the user (including the user running guacd)?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org