diff --git a/redis/arm/Dockerfile b/redis/arm/Dockerfile index 4d6b5cc..09fd0eb 100644 --- a/redis/arm/Dockerfile +++ b/redis/arm/Dockerfile @@ -1,20 +1,55 @@ -# -# Dockerfile for redis-arm -# +FROM easypi/alpine-arm:3.7 -FROM easypi/alpine-arm -MAINTAINER EasyPi Software Foundation +# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +RUN addgroup -S redis && adduser -S -G redis redis -RUN apk add --no-cache redis +# grab su-exec for easy step-down from root +RUN apk add --no-cache libgcc 'su-exec>=0.2' -WORKDIR /data +ENV REDIS_VERSION 4.0.6 +ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-4.0.6.tar.gz +ENV REDIS_DOWNLOAD_SHA 769b5d69ec237c3e0481a262ff5306ce30db9b5c8ceb14d1023491ca7be5f6fa + +# for redis-sentinel see: http://redis.io/topics/sentinel +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + coreutils \ + gcc \ + linux-headers \ + make \ + musl-dev \ + ; \ + \ + wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \ + echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \ + mkdir -p /usr/src/redis; \ + tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1; \ + rm redis.tar.gz; \ + \ +# disable Redis protected mode [1] as it is unnecessary in context of Docker +# (ports are not automatically exposed when running inside Docker, but rather explicitly by specifying -p / -P) +# [1]: https://github.com/antirez/redis/commit/edd4d555df57dc84265fdfb4ef59a4678832f6da + grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 1$' /usr/src/redis/src/server.h; \ + sed -ri 's!^(#define CONFIG_DEFAULT_PROTECTED_MODE) 1$!\1 0!' /usr/src/redis/src/server.h; \ + grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 0$' /usr/src/redis/src/server.h; \ +# for future reference, we modify this directly in the source instead of just supplying a default configuration flag because apparently "if you specify any argument to redis-server, [it assumes] you are going to specify everything" +# see also https://github.com/docker-library/redis/issues/4#issuecomment-50780840 +# (more exactly, this makes sure the default behavior of "save on SIGTERM" stays functional by default) + \ + make -C /usr/src/redis -j "$(nproc)"; \ + make -C /usr/src/redis install; \ + \ + rm -r /usr/src/redis; \ + \ + apk del .build-deps + +RUN mkdir /data && chown redis:redis /data VOLUME /data +WORKDIR /data + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] EXPOSE 6379 - -ENTRYPOINT ["redis-server", "--protected-mode", "no"] -CMD [ \ - "--save", "900", "1", \ - "--save", "300", "10", \ - "--save", "60", "10000" \ -] +CMD ["redis-server"] diff --git a/redis/arm/docker-compose.yml b/redis/arm/docker-compose.yml index 20b18bd..075ea06 100644 --- a/redis/arm/docker-compose.yml +++ b/redis/arm/docker-compose.yml @@ -1,7 +1,8 @@ redis: image: easypi/redis-arm + command: --appendonly yes ports: - "6379:6379" volumes: - - ./data:/var/lib/redis + - ./data:/data restart: always diff --git a/redis/arm/docker-entrypoint.sh b/redis/arm/docker-entrypoint.sh new file mode 100755 index 0000000..527b232 --- /dev/null +++ b/redis/arm/docker-entrypoint.sh @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +# first arg is `-f` or `--some-option` +# or first arg is `something.conf` +if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then + set -- redis-server "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then + chown -R redis . + exec su-exec redis "$0" "$@" +fi + +exec "$@"