bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-06 00:03:34 +00:00
Code Issues Releases Wiki Activity

BRE-917 Update to Alpine base (#5976)

Browse Source 
* testing-wolfi

* testing alpine

* fix gosu download

* fix Admin dockerfile

* update dockerfiles

* alpine-compatible-entrypoint-script-for-api-test

* make-entrypoint-scripts-alpine-compatible

* testing nginx with alpine

* cleaning up comments from dockerfile from testing

* restore accidentally deleted icon

* remove unused file

* pin alpine, update apk add no cache

* remove comments from testing

* test shadow implementtaion for entrypoints

* add shadow package, revert entrypoints, change from bash to shell for entry

* add icu to setup container, update helpers to use shell

* update migrator utility

* add missing krb5 libraries
This commit is contained in:
aj-bw
2025-07-28 10:56:20 -04:00
committed by GitHub
parent db4beb47f7
commit d407c164b6
30 changed files with 176 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
bitwarden_license/src/Scim/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ krb5 \
gosu \ icu-libs \
curl \ shadow \
krb5-user \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
bitwarden_license/src/Scim/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

22
bitwarden_license/src/Sso/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ krb5 \
gosu \ icu-libs \
curl \ shadow \
krb5-user \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
bitwarden_license/src/Sso/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

45
src/Admin/Dockerfile
View File

@@ -1,40 +1,41 @@
###############################################
# Node.js build stage #
###############################################
FROM node:20-alpine3.21 AS node-build
WORKDIR /app
COPY src/Admin/package*.json ./
COPY /src/Admin/ .
RUN npm ci
RUN npm run build
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
# Set up Node
ARG NODE_VERSION=20
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - \
&& apt-get update \
&& apt-get install -y nodejs \
&& npm install -g npm@latest && \
rm -rf /var/lib/apt/lists/*
# Copy required project files # Copy required project files
WORKDIR /source WORKDIR /source
COPY . ./ COPY . ./
# Restore project dependencies and tools # Restore project dependencies and tools
WORKDIR /source/src/Admin WORKDIR /source/src/Admin
RUN npm ci
RUN . /tmp/rid.txt && dotnet restore -r $RID RUN . /tmp/rid.txt && dotnet restore -r $RID
# Build project # Build project
RUN npm run build
RUN . /tmp/rid.txt && dotnet publish \ RUN . /tmp/rid.txt && dotnet publish \
-c release \ -c release \
--no-restore \ --no-restore \
@@ -46,25 +47,27 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ icu-libs \
gosu \ tzdata \
curl \ krb5 \
krb5-user \ shadow \
&& rm -rf /var/lib/apt/lists/* && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app
COPY --from=build /source/src/Admin/out /app COPY --from=build /source/src/Admin/out /app
COPY --from=node-build /app/wwwroot /app/wwwroot
COPY ./src/Admin/entrypoint.sh /entrypoint.sh COPY ./src/Admin/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1 HEALTHCHECK CMD curl -f http://localhost:5000/alive || exit 1

2
src/Admin/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

22
src/Api/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ krb5 \
gosu \ icu-libs \
curl \ shadow \
krb5-user \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/Api/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

20
src/Billing/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,20 +37,20 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ icu-libs \
gosu \ shadow \
curl \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/Billing/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

22
src/Events/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ icu-libs \
gosu \ krb5 \
curl \ shadow \
krb5-user \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/Events/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

20
src/EventsProcessor/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,20 +37,20 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ icu-libs \
gosu \ shadow \
curl \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/EventsProcessor/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

21
src/Icons/Dockerfile
View File

@@ -1,18 +1,18 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -36,20 +36,21 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ krb5 \
gosu \ icu-libs \
curl \ shadow \
&& rm -rf /var/lib/apt/lists/* && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/Icons/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

22
src/Identity/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,21 +37,21 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ krb5 \
gosu \ icu-libs \
curl \ shadow \
krb5-user \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/Identity/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

20
src/Notifications/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -37,20 +37,20 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ icu-libs \
gosu \ shadow \
curl \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
src/Notifications/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup

20
util/Attachments/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -38,20 +38,20 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_ENVIRONMENT=Production
ENV ASPNETCORE_URLS=http://+:5000 ENV ASPNETCORE_URLS=http://+:5000
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
EXPOSE 5000 EXPOSE 5000
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ icu-libs \
gosu \ shadow \
curl \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
&& rm -rf /var/lib/apt/lists/*
# Copy app from the build stage # Copy app from the build stage
WORKDIR /bitwarden_server WORKDIR /bitwarden_server

12
util/Attachments/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup
@@ -23,11 +23,11 @@ if [ "$(id -u)" = "0" ]
then then
# Create user and group # Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || addgroup -g "$LGID" -S "$GROUPNAME" 2>/dev/null || true
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 adduser -u "$LUID" -G "$GROUPNAME" -S -D -H "$USERNAME" 2>/dev/null || true
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || mkdir -p /home/$USERNAME
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 chown $USERNAME:$GROUPNAME /home/$USERNAME
mkhomedir_helper $USERNAME
# The rest... # The rest...

13
util/MsSqlMigratorUtility/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.21 AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -38,15 +38,18 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.21 AS app
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app
COPY --from=build /source/util/MsSqlMigratorUtility/out /app COPY --from=build /source/util/MsSqlMigratorUtility/out /app
RUN apk add --no-cache icu-libs
ENTRYPOINT ["sh", "-c", "/app/MsSqlMigratorUtility \"${MSSQL_CONN_STRING}\" ${@}", "--" ] ENTRYPOINT ["sh", "-c", "/app/MsSqlMigratorUtility \"${MSSQL_CONN_STRING}\" ${@}", "--" ]

10
util/Nginx/Dockerfile
View File

@@ -1,15 +1,13 @@
FROM --platform=$BUILDPLATFORM nginx:stable FROM --platform=$BUILDPLATFORM nginx:stable-alpine3.21
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" LABEL com.bitwarden.product="bitwarden"
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \ shadow \
gosu \ && apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
curl \
&& rm -rf /var/lib/apt/lists/*
COPY util/Nginx/nginx.conf /etc/nginx COPY util/Nginx/nginx.conf /etc/nginx
COPY util/Nginx/proxy.conf /etc/nginx COPY util/Nginx/proxy.conf /etc/nginx

40
util/Nginx/Dockerfile-k8s
View File

@@ -1,40 +0,0 @@
FROM nginx:stable
LABEL com.bitwarden.product="bitwarden"
ENV USERNAME="bitwarden"
ENV GROUPNAME="bitwarden"
RUN apt-get update && \
apt-get install -y --no-install-recommends \
gosu \
curl && \
rm -rf /var/lib/apt/lists/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY proxy.conf /etc/nginx/proxy.conf
COPY mime.types /etc/nginx/mime.types
COPY security-headers.conf /etc/nginx/security-headers.conf
COPY security-headers-ssl.conf /etc/nginx/security-headers.conf
COPY setup-bwuser.sh /
EXPOSE 8000
EXPOSE 8080
EXPOSE 8443
RUN chmod +x /setup-bwuser.sh
RUN ./setup-bwuser.sh $USERNAME $GROUPNAME
RUN mkdir -p /var/run/nginx && \
touch /var/run/nginx/nginx.pid
RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \
chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \
chown -R $USERNAME:$GROUPNAME /var/log/nginx
HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1
USER bitwarden

2
util/Nginx/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
# Setup # Setup

11
util/Nginx/setup-bwuser.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
# Setup # Setup
@@ -32,8 +32,7 @@ fi
# Create user and group # Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || addgroup -g "$LGID" -S "$GROUPNAME" 2>/dev/null || true
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 adduser -u "$LUID" -G "$GROUPNAME" -S -D -H "$USERNAME" 2>/dev/null || true
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || mkdir -p /home/$USERNAME
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 chown $USERNAME:$GROUPNAME /home/$USERNAME
mkhomedir_helper $USERNAME

20
util/Setup/Dockerfile
View File

@@ -1,7 +1,7 @@
############################################### ###############################################
# Build stage # # Build stage #
############################################### ###############################################
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
# Docker buildx supplies the value for this arg # Docker buildx supplies the value for this arg
ARG TARGETPLATFORM ARG TARGETPLATFORM
@@ -9,11 +9,11 @@ ARG TARGETPLATFORM
# Determine proper runtime value for .NET # Determine proper runtime value for .NET
# We put the value in a file to be read by later layers. # We put the value in a file to be read by later layers.
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \
RID=linux-x64 ; \ RID=linux-musl-x64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
RID=linux-arm64 ; \ RID=linux-musl-arm64 ; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then \
RID=linux-arm ; \ RID=linux-musl-arm ; \
fi \ fi \
&& echo "RID=$RID" > /tmp/rid.txt && echo "RID=$RID" > /tmp/rid.txt
@@ -38,18 +38,18 @@ RUN . /tmp/rid.txt && dotnet publish \
############################################### ###############################################
# App stage # # App stage #
############################################### ###############################################
FROM mcr.microsoft.com/dotnet/aspnet:8.0 FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine
ARG TARGETPLATFORM ARG TARGETPLATFORM
LABEL com.bitwarden.product="bitwarden" com.bitwarden.project="setup" LABEL com.bitwarden.product="bitwarden" com.bitwarden.project="setup"
ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
RUN apt-get update \ RUN apk add --no-cache curl \
&& apt-get install -y --no-install-recommends \
openssl \ openssl \
gosu \ icu-libs \
&& rm -rf /var/lib/apt/lists/* shadow \
&& apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community gosu
# Copy app from the build stage # Copy app from the build stage
WORKDIR /app WORKDIR /app

2
util/Setup/Helpers.cs
View File

@@ -128,7 +128,7 @@ public static class Helpers
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{ {
var escapedArgs = cmd.Replace("\"", "\\\""); var escapedArgs = cmd.Replace("\"", "\\\"");
process.StartInfo.FileName = "/bin/bash"; process.StartInfo.FileName = "/bin/sh";
process.StartInfo.Arguments = $"-c \"{escapedArgs}\""; process.StartInfo.Arguments = $"-c \"{escapedArgs}\"";
} }
else else

2
util/Setup/entrypoint.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash #!/bin/sh
# Setup # Setup