forked from Adam-Sizzler/cerberus
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
98 lines (82 loc) · 3.05 KB
/
Dockerfile
File metadata and controls
98 lines (82 loc) · 3.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# syntax=docker/dockerfile:1.7
# Multistage build for cerberus panel (frontend + backend)
FROM node:20-alpine AS panel-ui
WORKDIR /ui
ENV NODE_OPTIONS=--max-old-space-size=4096
ARG SINGBOX_WASM_URL=https://adam-sizzler.github.io/s-validator/main.wasm
ARG SINGBOX_SCHEMA_URL=https://adam-sizzler.github.io/s-validator/singbox.schema.json
ARG SINGBOX_SCHEMA_CN_URL=https://adam-sizzler.github.io/s-validator/singbox.schema.json
COPY frontend/package*.json ./
RUN --mount=type=cache,target=/root/.npm npm ci --legacy-peer-deps --no-audit --prefer-offline
COPY frontend/ ./
RUN mkdir -p /ui/public/assets
RUN set -eu; \
fetch_with_retry() { \
url="$1"; out="$2"; name="$3"; \
[ -n "$url" ] || return 0; \
n=1; ok=0; \
while [ "$n" -le 4 ]; do \
if wget -qO "$out" "$url"; then \
ok=1; break; \
fi; \
echo "WARN: download failed for $name (attempt $n/4): $url"; \
rm -f "$out"; \
n=$((n+1)); \
sleep 2; \
done; \
if [ "$ok" -ne 1 ]; then \
echo "WARN: skip $name after retries: $url"; \
fi; \
}; \
fetch_with_retry "$SINGBOX_WASM_URL" /ui/public/assets/main.wasm main.wasm; \
fetch_with_retry "$SINGBOX_SCHEMA_URL" /ui/public/assets/singbox.schema.json singbox.schema.json; \
fetch_with_retry "$SINGBOX_SCHEMA_CN_URL" /ui/public/assets/singbox.schema.cn.json singbox.schema.cn.json
RUN if [ -f /ui/public/assets/main.wasm ]; then \
magic="$(od -An -t x1 -N 4 /ui/public/assets/main.wasm | tr -d ' \n')"; \
[ "$magic" = "0061736d" ] || { echo "Invalid WASM magic for main.wasm: $magic"; exit 1; }; \
echo "WASM artifact attached: /ui/public/assets/main.wasm"; \
else \
echo "WARN: /ui/public/assets/main.wasm is missing. Sing-box validator will be disabled in UI."; \
fi
RUN --mount=type=cache,target=/root/.npm npm run cb
FROM golang:1.25-alpine AS builder
# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata
ARG VERSION=latest
ARG REVISION=unknown
ARG BUILD_TAGS=none
ARG CGO_ENABLED_STATUS=disabled
WORKDIR /build
# Copy go mod files and download dependencies
COPY go.mod go.sum ./
RUN go mod download
# Copy source code
COPY . .
# Build panel backend binary
RUN CGO_ENABLED=0 \
GOOS=linux \
go build \
-tags "none" \
-trimpath \
-buildvcs=true \
-ldflags="-s -w \
-X 'cerberus/constant.Version=${VERSION}' \
-X 'cerberus/constant.Revision=${REVISION}' \
-X 'cerberus/constant.BuildTags=none' \
-X 'cerberus/constant.CgoEnabled=0'" \
-o cerberus \
./backend
# Final stage
FROM alpine:latest
# Install runtime dependencies
RUN apk add --no-cache ca-certificates tzdata
WORKDIR /app
# Copy binary from builder
COPY --from=builder /build/cerberus /app/
# Copy built frontend
COPY --from=panel-ui /ui/dist /app/ui
COPY --from=builder /usr/local/go/lib/wasm/wasm_exec.js /app/ui/assets/wasm_exec.js
# Create directories for data and certificates
RUN mkdir -p /app/data /app/certs
EXPOSE 3000
ENTRYPOINT ["/app/cerberus"]