This is fantastic Julian! The only thing I can contribute that hasn't already been said by you or David is to suggest taking a look at MiniDeb as a base image ( https://github.com/bitnami/minideb ). I would also suggest using quay.io to build and host your Docker images, as it has built in security scanning. I prefer minimal install images not for size reduction ( though it is nice ), but for the smaller attack surface they provide. Fewer things installed means fewer exploits available!
Kyle --- http://www.kylehall.info ByWater Solutions ( http://bywatersolutions.com ) Meadville Public Library ( http://www.meadvillelibrary.org ) Crawford County Federated Library System ( http://www.ccfls.org ) On Mon, Feb 17, 2020 at 12:59 PM Julian Maurice <julian.maur...@biblibre.com> wrote: > Hi all, > > I've been playing with docker lately, and I tried to build a minimal > docker image for Koha. Here are the results. > > My goals were: > * Install only required "things" to get Koha up and running, and nothing > else (no testing or dev tools), > * No external dependencies except CPAN > * Follow Docker best practices as much as possible > > The resulting images are here: > https://hub.docker.com/repository/docker/julianmaurice/koha > > and the Dockerfiles are here: > https://github.com/jajm/koha-docker > > A few things worth mentioning: > > * I tried to build the smallest image possible by using alpine or perl > slim images at first but it was not that great, because the perl version > shipped with those images is missing some libs, which cause > MARC::Charset to build a database of several hundreds MBs (which is only > 5MBs with a standard perl version). So I chose a more standard image > (debian:buster) as base. > > * Koha doesn't work well when running with a perl version different than > the system perl installed in /usr/bin/perl. For example, the > updatedatabase doesn't work when called from the web installer. This is > because Perl scripts are called directly as executable files, and > shebangs contain '/usr/bin/perl'. Same problem from > misc/translator/translate which calls tmpl_process3.pl. > > * I tried to make the Koha installation as self-contained as possible. > Almost everything is installed as a non-root user in /home/koha, > including Perl dependencies. > > * It doesn't need a reverse proxy such as apache or nginx. The necessary > URL rewriting is handled in PSGI file. The container expose two ports, > one for intranet, the other one for OPAC. > > * Each Perl dependency is installed in its latest version, so expect > things to break. I can only confirm that the webinstaller, basic > cataloguing and search/indexation work. I did not test anything else. > > * There are docker-compose.yml files in the github repository to get > Koha running quickly with mariadb, memcached and elasticsearch. > > * Zebra is not installed > > * Images weigh ~1.15GB uncompressed (koha sources included) > > If you made it this far, thanks for reading :) > And if you want to use these docker images, you should start by reading > https://github.com/jajm/koha-docker/blob/master/README.md > > -- > Julian Maurice > BibLibre > _______________________________________________ > Koha-devel mailing list > Koha-devel@lists.koha-community.org > https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel > website : http://www.koha-community.org/ > git : http://git.koha-community.org/ > bugs : http://bugs.koha-community.org/ >
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
