From 4aeb67a569b30a233dcff2eaf9c564d62ccd6497 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Mon, 16 Apr 2018 18:44:57 +0200
Subject: [PATCH] Improve dockerfile

---
 .dockerignore                                 |  4 +++-
 support/docker/production/Dockerfile.stretch  | 24 ++++++++++++-------
 support/docker/production/docker-compose.yml  |  3 +++
 .../docker/production/docker-entrypoint.sh    |  8 +++----
 4 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 1d1cf894a..9a32da269 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,9 +2,11 @@
 *.md
 .git
 .github
-config
 support/doc
 support/nginx
 support/systemd
 support/docker/*/Dockerfile.*
 support/docker/*/*.yml
+storage
+node_modules
+client/node_modules
diff --git a/support/docker/production/Dockerfile.stretch b/support/docker/production/Dockerfile.stretch
index bf2bae510..5bb67f816 100644
--- a/support/docker/production/Dockerfile.stretch
+++ b/support/docker/production/Dockerfile.stretch
@@ -33,7 +33,13 @@ RUN set -ex; \
     wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
     wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
-    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+    for server in $(shuf -e ha.pool.sks-keyservers.net \
+                            hkp://p80.pool.sks-keyservers.net:80 \
+                            keyserver.ubuntu.com \
+                            hkp://keyserver.ubuntu.com:80 \
+                            pgp.mit.edu) ; do \
+        gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+    done; \
     gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
     rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
     chmod +x /usr/local/bin/gosu; \
@@ -41,13 +47,13 @@ RUN set -ex; \
     \
     apt-get purge -y --auto-remove wget
 
-# Download the latest version
-RUN git clone https://github.com/Chocobozzz/PeerTube /app \
-    && chown -R peertube:peertube /app
-
 # Install PeerTube
-USER peertube
 WORKDIR /app
+RUN chown peertube:peertube /app
+
+COPY --chown=peertube:peertube . ./
+
+USER peertube
 
 RUN yarn install --pure-lockfile \
     && npm run build
@@ -58,11 +64,11 @@ ENV NODE_ENV production
 ENV NODE_CONFIG_DIR /app/support/docker/production/config
 
 USER root
-RUN mkdir /data && chown peertube:peertube /data
+RUN mkdir /data
 VOLUME /data
 
-COPY docker-entrypoint.sh /usr/local/bin/
-ENTRYPOINT ["docker-entrypoint.sh"]
+COPY ./support/docker/production/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 
 # Run the application
 CMD ["npm", "start"]
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index f273915b9..ac0a3543b 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -28,6 +28,9 @@ services:
       traefik.enable: "true"
       traefik.frontend.rule: "Host:${PEERTUBE_HOSTNAME}"
       traefik.port: "9000"
+    # If you don't want to use a reverse proxy (not suitable for production!)
+    # ports:
+      # - "80:9000"
     volumes:
       - ./data:/data
     depends_on:
diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh
index 79f0e60f6..4099a1984 100755
--- a/support/docker/production/docker-entrypoint.sh
+++ b/support/docker/production/docker-entrypoint.sh
@@ -4,13 +4,13 @@ set -e
 # first arg is `-f` or `--some-option`
 # or first arg is `something.conf`
 if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
-        set -- npm "$@"
+    set -- npm "$@"
 fi
 
 # allow the container to be started with `--user`
-if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then
-        chown -R peertube: /data
-        exec gosu peertube "$0" "$@"
+if [ "$1" = 'npm' -a "$(id -u)" != '0' ]; then
+    chown -R peertube:peertube /data
+    exec gosu peertube "$0" "$@"
 fi
 
 exec "$@"