# vim:set ft=dockerfile: FROM openjdk:8-jdk MAINTAINER Nuxeo <packagers@nuxeo.com> # Add needed convert tools RUN apt-get update && apt-get install -y --no-install-recommends \ perl \ locales \ pwgen \ imagemagick \ ffmpeg2theora \ ufraw \ poppler-utils \ libwpd-tools \ exiftool \ ghostscript \ libreoffice \ ffmpeg \ x264 \ && rm -rf /var/lib/apt/lists/* # Remove setuid/setgid binaries from images for security RUN find / -perm 6000 -type f -exec chmod a-s {} \; || true ENV NUXEO_USER nuxeo ENV NUXEO_HOME /opt/nuxeo/server ENV HOME /opt/nuxeo/server ARG NUXEO_VERSION=8.10 ARG NUXEO_DIST_URL=http://community.nuxeo.com/static/releases/nuxeo-8.10/nuxeo-server-8.10-tomcat.zip ARG NUXEO_MD5=29e67a19bba54099093b51d892926be1 # Create Nuxeo user RUN useradd -m -d /home/$NUXEO_USER -u 1000 -s /bin/bash $NUXEO_USER # Add distribution RUN curl -fsSL "${NUXEO_DIST_URL}" -o /tmp/nuxeo-distribution-tomcat.zip \ && echo "$NUXEO_MD5 /tmp/nuxeo-distribution-tomcat.zip" | md5sum -c - \ && mkdir -p /tmp/nuxeo-distribution $(dirname $NUXEO_HOME) \ && unzip -q -d /tmp/nuxeo-distribution /tmp/nuxeo-distribution-tomcat.zip \ && DISTDIR=$(/bin/ls /tmp/nuxeo-distribution | head -n 1) \ && mv /tmp/nuxeo-distribution/$DISTDIR $NUXEO_HOME \ && sed -i -e "s/^org.nuxeo.distribution.package.*/org.nuxeo.distribution.package=docker/" $NUXEO_HOME/templates/common/config/distribution.properties \ && rm -rf /tmp/nuxeo-distribution* \ && chmod +x $NUXEO_HOME/bin/*ctl $NUXEO_HOME/bin/*.sh \ # For arbitrary user in the admin group && chmod g+rwX $NUXEO_HOME/bin/*ctl $NUXEO_HOME/bin/*.sh \ && chown -R 1000:0 $NUXEO_HOME && chmod -R g+rwX $NUXEO_HOME # Protecting writeable directories to support arbitrary User IDs for OpenShift # https://docs.openshift.com/container-platform/3.4/creating_images/guidelines.html RUN mkdir -p /var/lib/nuxeo/data \ && chown -R 1000:0 /var/lib/nuxeo/data && chmod -R g+rwX /var/lib/nuxeo/data \ && mkdir -p /var/log/nuxeo \ && chown -R 1000:0 /var/log/nuxeo && chmod -R g+rwX /var/log/nuxeo \ && mkdir -p /var/run/nuxeo \ && chown -R 1000:0 /var/run/nuxeo && chmod -R g+rwX /var/run/nuxeo \ && mkdir -p /docker-entrypoint-initnuxeo.d \ && chown -R 1000:0 /docker-entrypoint-initnuxeo.d && chmod -R g+rwX /docker-entrypoint-initnuxeo.d \ && chmod g=u /etc/passwd ENV PATH $NUXEO_HOME/bin:$PATH WORKDIR $NUXEO_HOME COPY docker-entrypoint.sh / ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 8080 CMD ["nuxeoctl","console"] USER 1000