forked from onetimesecret/onetimesecret
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile-lite
93 lines (77 loc) · 3.1 KB
/
Dockerfile-lite
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Dockerfile-lite: Onetime Secret All-in-One Container
#
# This Dockerfile creates a single container image with both Onetime Secret and Redis.
#
# Benefits:
# 1. Simplicity: Start entire app with one command
# 2. Ephemeral: Aligns with temporary nature of one-time secrets
# 3. Self-contained: All components included and configured
# 4. Data privacy: Container removal deletes all secrets
#
# Usage:
#
# $ docker build -t localhost/onetimesecret-lite:latest -f Dockerfile-lite .
#
# $ docker run --rm -p 7143:3000 --name onetimesecret-lite localhost/onetimesecret-lite:latest
#
# Note: Ideal for quick deployment and testing. For production with specific
# security or scalability needs, use separate containers for app and database.
#
FROM ghcr.io/onetimesecret/onetimesecret
ARG VERSION=0.0.0
LABEL Name=onetimesecret-lite Version=$VERSION
LABEL maintainer="Onetime Secret <[email protected]>"
LABEL org.opencontainers.image.description="Onetime Secret (Lite) is a web application for sharing sensitive information via one-time use links. This image contains both the Onetime Secret application and Redis, making it a self-contained solution for quick deployment and testing. Warning: Not recommended for production use."
# Install Redis and other dependencies
RUN apt-get update && apt-get install -y \
redis-server \
redis-tools \
&& rm -rf /var/lib/apt/lists/*
# Write Redis configuration
RUN <<-EOF cat > /etc/redis/redis.conf
bind 0.0.0.0
port 6379
daemonize no
EOF
# Write the startup script
# Note: We use quoted EOF ('EOF') to prevent variable expansion in the heredoc.
# This preserves potential variables (like $PATH) as literal text, to be evaluated when the script runs.
RUN <<-'EOF' cat > /onetime.sh
#!/bin/bash
set -e
# Print welcome message
echo "
🔒 Welcome to Onetime Secret Lite - The All-in-One, Onetime-use Secret Sharing Container for Humans! 🔒
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🕵️ Your secrets are about to get a whole lot stealthier!
🖥️ ACCESS THE APP HERE: http://localhost:$PORT
💭 Pro tip: Secrets are like memes - hilarious, but only when shared with the right people!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎭 Happy secret sharing, you magnificent nerdlinger! 🎭
"
# Start Redis server
echo "Starting Redis..."
redis-server /etc/redis/redis.conf &
# Wait for Redis to be ready
until redis-cli ping; do
echo "⚙️ Waiting for Redis to be ready..."
sleep 1
done
echo "Redis is ready!"
# Start Onetime Secret
echo "Starting Onetime Secret..."
exec /app/bin/entrypoint.sh
EOF
# Ensure the script has the correct line endings and is executable
RUN chmod +x /onetime.sh
# Set environment variables
ENV HOST=127.0.0.1:3000
ENV PORT=3000
ENV STDOUT_SYNC=true
ENV SSL=false
ENV REDIS_URL=redis://localhost:6379/0
ENV RACK_ENV=production
ENV AUTH_ENABLED=false
EXPOSE 3000
CMD ["/onetime.sh"]