|
|
|
|
FROM ubuntu:24.04
|
|
|
|
|
ARG VERSION="dev"
|
|
|
|
|
ENV NO_PROXY_CACHE="-o Acquire::BrokenProxy=true -o Acquire::http::No-Cache=true -o Acquire::http::Pipeline-Depth=0"
|
|
|
|
|
|
|
|
|
|
# Update and install dependencies without using any cache
|
|
|
|
|
RUN apt-get update $NO_PROXY_CACHE && \
|
|
|
|
|
# $NO_PROXY_CACHE must not be used here or otherwise will trigger a hadolint error
|
|
|
|
|
apt-get -o Acquire::BrokenProxy=true -o Acquire::http::No-Cache=true -o Acquire::http::Pipeline-Depth=0 \
|
|
|
|
|
--no-install-recommends -q --assume-yes install openjdk-21-jre-headless=21* libjemalloc-dev=5.* adduser=3* && \
|
|
|
|
|
# Clean apt cache
|
|
|
|
|
apt-get clean && \
|
|
|
|
|
rm -rf /var/cache/apt/archives/* /var/cache/apt/archives/partial/* && \
|
|
|
|
|
rm -rf /var/lib/apt/lists/* && \
|
|
|
|
|
# Starting from version 23.10, Ubuntu comes with an "ubuntu" user with uid 1000. We need 1000 for besu.
|
|
|
|
|
userdel ubuntu 2>/dev/null || true && rm -rf /home/ubuntu && \
|
|
|
|
|
# Ensure we use a stable UID for besu, as file permissions are tied to UIDs.
|
|
|
|
|
adduser --uid 1000 --disabled-password --gecos "" --home /opt/besu besu && \
|
|
|
|
|
chown besu:besu /opt/besu && \
|
|
|
|
|
chmod 0755 /opt/besu
|
|
|
|
|
|
|
|
|
|
ARG BESU_USER=besu
|
|
|
|
|
USER ${BESU_USER}
|
|
|
|
|
WORKDIR /opt/besu
|
|
|
|
|
|
|
|
|
|
COPY --chown=besu:besu besu /opt/besu/
|
|
|
|
|
|
|
|
|
|
# Expose services ports
|
|
|
|
|
# 8545 HTTP JSON-RPC
|
|
|
|
|
# 8546 WS JSON-RPC
|
|
|
|
|
# 8547 HTTP GraphQL
|
|
|
|
|
# 8550 HTTP ENGINE JSON-RPC
|
|
|
|
|
# 8551 WS ENGINE JSON-RPC
|
|
|
|
|
# 30303 P2P
|
|
|
|
|
EXPOSE 8545 8546 8547 8550 8551 30303
|
|
|
|
|
|
|
|
|
|
# defaults for host interfaces
|
|
|
|
|
ENV BESU_RPC_HTTP_HOST 0.0.0.0
|
|
|
|
|
ENV BESU_RPC_WS_HOST 0.0.0.0
|
|
|
|
|
ENV BESU_GRAPHQL_HTTP_HOST 0.0.0.0
|
|
|
|
|
ENV BESU_PID_PATH "/tmp/pid"
|
|
|
|
|
|
|
|
|
|
ENV OTEL_RESOURCE_ATTRIBUTES="service.name=besu,service.version=$VERSION"
|
|
|
|
|
|
|
|
|
|
ENV OLDPATH="${PATH}"
|
|
|
|
|
ENV PATH="/opt/besu/bin:${OLDPATH}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The entry script just sets permissions as needed based on besu config
|
|
|
|
|
# and is replaced by the besu process running as besu user.
|
|
|
|
|
# Suppressing this warning as there's no risk here because the root user
|
|
|
|
|
# only sets permissions and does not continue running the main process.
|
|
|
|
|
# hadolint ignore=DL3002
|
|
|
|
|
USER root
|
|
|
|
|
RUN chmod +x /opt/besu/bin/besu-entry.sh
|
|
|
|
|
|
|
|
|
|
ENV BESU_USER_NAME=${BESU_USER}
|
|
|
|
|
|
|
|
|
|
ENTRYPOINT ["besu-entry.sh"]
|
|
|
|
|
HEALTHCHECK --start-period=5s --interval=5s --timeout=1s --retries=10 CMD bash -c "[ -f /tmp/pid ]"
|
|
|
|
|
|
|
|
|
|
# Build-time metadata as defined at http://label-schema.org
|
|
|
|
|
ARG BUILD_DATE
|
|
|
|
|
ARG VCS_REF
|
|
|
|
|
LABEL org.label-schema.build-date=$BUILD_DATE \
|
|
|
|
|
org.label-schema.name="Besu" \
|
|
|
|
|
org.label-schema.description="Enterprise Ethereum client" \
|
|
|
|
|
org.label-schema.url="https://besu.hyperledger.org/" \
|
|
|
|
|
org.label-schema.vcs-ref=$VCS_REF \
|
|
|
|
|
org.label-schema.vcs-url="https://github.com/hyperledger/besu.git" \
|
|
|
|
|
org.label-schema.vendor="Hyperledger" \
|
|
|
|
|
org.label-schema.version=$VERSION \
|
|
|
|
|
org.label-schema.schema-version="1.0"
|
