Using non root user

.dockerignore

@@ -1,11 +1 @@
-/.git
-/.vscode
-/.task
-/.dockerignore
-/.editorconfig
-/.gitignore
-/README.md
-/Taskfile.yml
-
-/build
-!/build/files
+*

Dockerfile

@@ -25,15 +25,19 @@ ARG DIST_COMMIT=97bcdfccf5392c650216ebb0634a5ed4c680ad6a
 WORKDIR /src/dist
 RUN git clone https://github.com/caddyserver/dist .
 RUN git checkout $DIST_COMMIT
+RUN sed -ri 's/^(.*)(localhost.*):8080(.*)/\1\2:8888\3/g' config/Caddyfile
+RUN sed -i 's/^:80$/:8080/g' config/Caddyfile
 
 RUN cp config/Caddyfile /Caddyfile
 RUN cp welcome/index.html /index.html
 
 FROM alpine:3.10.3 AS alpine
 
+RUN addgroup -S caddy \
+    && adduser -SD -h /var/lib/caddy/ -g 'Caddy web server' -s /sbin/nologin -G caddy caddy
+
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs
-COPY --from=builder /etc/passwd /etc/passwd
 
 COPY --from=fetch-assets /Caddyfile /etc/caddy/Caddyfile
 COPY --from=fetch-assets /index.html /usr/share/caddy/index.html
@@ -50,13 +54,23 @@ LABEL org.opencontainers.image.vendor="Light Code Labs"
 LABEL org.opencontainers.image.licenses=Apache-2.0
 LABEL org.opencontainers.image.source="https://github.com/caddyserver/caddy-docker"
 
-CMD [ "caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile" ]
+EXPOSE 8080
+EXPOSE 2019
+
+USER caddy
+
+RUN mkdir -p /var/lib/caddy/.local/share/caddy
+VOLUME /var/lib/caddy/.local/share/caddy
+
+CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
 
 FROM scratch AS scratch
 
-COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs
-COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=alpine /etc/passwd /etc/passwd
+COPY --from=alpine /etc/group /etc/group
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+COPY --from=alpine --chown=caddy:caddy /var/lib/caddy /var/lib/caddy
 
 COPY --from=fetch-assets /Caddyfile /etc/caddy/Caddyfile
 COPY --from=fetch-assets /index.html /usr/share/caddy/index.html
@@ -73,5 +87,12 @@ LABEL org.opencontainers.image.vendor="Light Code Labs"
 LABEL org.opencontainers.image.licenses=Apache-2.0
 LABEL org.opencontainers.image.source="https://github.com/caddyserver/caddy-docker"
 
-ENTRYPOINT [ "caddy" ]
-CMD [ "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile" ]
+EXPOSE 8080
+EXPOSE 2019
+
+USER caddy
+
+VOLUME /var/lib/caddy/.local/share/caddy
+
+ENTRYPOINT ["caddy"]
+CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]

README.md

@@ -15,6 +15,4 @@ task: Available tasks for this project:
 * d:lint:               Apply a Dockerfile linter (https://github.com/hadolint/hadolint)
 * d:run:alpine:         Build and run the Caddy alpine-based Docker image
 * d:run:scratch:        Build and run the Caddy scratch-based Docker image
-* d:tmpl:compile:       Compile the (Gomplate) templates into Dockerfiles
-* fetch-dist-assets:    Fetch the latest default welcome page and default Caddy config
 ```

Taskfile.yml

@@ -24,65 +24,47 @@ tasks:
     cmds:
       - task: d:build
         vars:
-          TYPE: scratch
+          TARGET: scratch
           TAG_VERSION: '{{.TAG_VERSION | default "latest"}}'
 
   d:build:alpine:
     desc: Build a Caddy Alpine-based Docker image
     cmds:
       - task: d:build
         vars:
-          TYPE: alpine
+          TARGET: alpine
           TAG_VERSION: '{{.TAG_VERSION | default "latest"}}'
 
   d:build:
     silent: true
     deps:
-      - d:tmpl:compile
       - task: d:lint
-        vars:
-          DOCKERFILE: build/Dockerfile.{{.TYPE}}
     preconditions:
-      - sh: test '{{.TYPE}}' != '<no value>'
-        msg: TYPE needs to contain the Docker type [alpine, scratch]
+      - sh: test '{{.TARGET}}' != '<no value>'
+        msg: TARGET needs to contain the Docker TARGET [alpine, scratch]
       - sh: test '{{.TAG_VERSION}}' != '<no value>'
         msg: TAG_VERSION needs to contain the tag that will be assigned to the Docker build
+    env:
+      DOCKER_BUILDKIT: 1
     cmds:
       - docker build
-        --tag {{.TAG_REPOSITORY}}/{{.TAG_NAME}}:{{.TYPE}}-{{.TAG_VERSION}}
-        --file build/Dockerfile.{{.TYPE}}
+        --target {{.TARGET}}
+        --tag {{.TAG_REPOSITORY}}/{{.TAG_NAME}}:{{.TAG_VERSION}}-{{.TARGET}}
         --build-arg CADDY_SOURCE_VERSION={{.CADDY_SOURCE_VERSION}}
-        --build-arg GO_TAG_VERSION={{.GO_TAG_VERSION}}
-        --build-arg ALPINE_TAG_VERSION="{{.ALPINE_TAG_VERSION}}"
         .
 
-  d:tmpl:compile:
-    desc: Compile the (Gomplate) templates into Dockerfiles
-    silent: true
-    cmds:
-      - docker run
-        --interactive
-        --tty
-        --rm
-        --volume $(pwd)/build:/build
-        --workdir /build
-        hairyhenderson/gomplate:latest
-        --template partials='templates/partials/'
-        --input-dir templates/
-        --output-map '{{`{{ .in | strings.TrimSuffix ".tmpl" }}`}}'
-
   d:lint:
     desc: Apply a Dockerfile linter (https://github.com/hadolint/hadolint)
     silent: true
-    preconditions:
-      - sh: test '{{.DOCKERFILE}}' != '<no value>'
-        msg: DOCKERFILE needs to contain a path to a Dockerfile
     cmds:
       - docker run
         --interactive
         --rm
         hadolint/hadolint:{{.HADOLINT_TAG_VERSION}}
-        < {{.DOCKERFILE}}
+        hadolint
+        --ignore DL3018
+        -
+        < Dockerfile
 
   ######################################################################################################################
   #
@@ -95,53 +77,40 @@ tasks:
     cmds:
       - task: d:run
         vars:
-          TYPE: alpine
+          TARGET: scratch
           TAG_VERSION: '{{.TAG_VERSION | default "latest"}}'
 
   d:run:alpine:
     desc: Build and run the Caddy alpine-based Docker image
     cmds:
       - task: d:run
         vars:
-          TYPE: alpine
+          TARGET: alpine
           TAG_VERSION: '{{.TAG_VERSION | default "latest"}}'
 
   d:run:
     silent: true
     preconditions:
-      - sh: test '{{.TYPE}}' != '<no value>'
-        msg: TYPE needs to contain a value ie 'scratch' or 'alpine'
+      - sh: test '{{.TARGET}}' != '<no value>'
+        msg: TARGET needs to contain one of 'scratch' or 'alpine'
       - sh: test '{{.TAG_VERSION}}' != '<no value>'
         msg: TAG_VERSION needs to contain the image tag that will be run
     cmds:
-      - task: d:build:{{.TYPE}}
+      - task: d:build:{{.TARGET}}
         vars:
           TAG_VERSION: "{{.TAG_VERSION}}"
       - docker run
         --interactive
         --tty
         --rm
-        --publish 8080:80
-        {{.TAG_REPOSITORY}}/{{.TAG_NAME}}:{{.TYPE}}-{{.TAG_VERSION}}
+        --name caddy-{{.TARGET}}
+        --publish 8080:8080
+        --cap-drop ALL
+        --volume caddy-data:/var/lib/caddy/.local
+        {{.TAG_REPOSITORY}}/{{.TAG_NAME}}:{{.TAG_VERSION}}-{{.TARGET}}
 
   ######################################################################################################################
   #
   #  3. MISC
   #
   ######################################################################################################################
-
-  fetch-dist-assets:
-    desc: Fetch the latest default welcome page and default Caddy config
-    silent: true
-    env:
-      CADDYFILE_PATH: /etc/caddy/Caddyfile
-      WELCOMEFILE_PATH: /usr/share/caddy/index.html
-    cmds:
-      - mkdir -p build/files/`dirname $CADDYFILE_PATH`
-      - mkdir -p build/files/`dirname $WELCOMEFILE_PATH`
-      - |
-        CADDYTEMPDIR=`mktemp -d ${TMP:-/tmp/}caddyassets.XXXXXX`
-        git clone https://github.com/caddyserver/dist --depth=1 $CADDYTEMPDIR
-        mv $CADDYTEMPDIR/config/Caddyfile build/files$CADDYFILE_PATH
-        mv $CADDYTEMPDIR/welcome/index.html build/files$WELCOMEFILE_PATH
-        rm -rf $CADDYTEMPDIR

Taskvars.yml

@@ -1,7 +1,5 @@
-CADDY_SOURCE_VERSION: v2.0.0-beta6
-GO_TAG_VERSION: 1.13.3-alpine3.10
-ALPINE_TAG_VERSION: 3.10.3
+CADDY_SOURCE_VERSION: v2.0.0-beta9
 HADOLINT_TAG_VERSION: v1.17.2
 
-TAG_REPOSITORY: ilyes512
-TAG_NAME: caddy-docker
+TAG_REPOSITORY: caddy
+TAG_NAME: caddy