Update docker

.dockerignore

@@ -1,3 +1,2 @@
-*
+**/bin
-!build/*
+**/obj
-!entrypoint.sh

Dockerfile

@@ -1,20 +0,0 @@
-FROM bitwarden/server
-
-LABEL com.bitwarden.product="bitwarden"
-
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        gosu \
-        curl \
-&& rm -rf /var/lib/apt/lists/*
-
-ENV ASPNETCORE_URLS http://+:5000
-WORKDIR /app
-EXPOSE 5000
-COPY ./build .
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
-
-ENTRYPOINT ["/entrypoint.sh"]

docker/Dockerfile

@@ -0,0 +1,46 @@
+###############################################
+#                 Build stage                 #
+###############################################
+FROM node:16-slim AS build
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        git \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /source
+COPY . .
+
+RUN npm ci
+RUN npm run dist:oss:selfhost
+
+###############################################
+#                  App stage                  #
+###############################################
+FROM bitwarden/server:latest
+
+LABEL com.bitwarden.product="bitwarden"
+ENV ASPNETCORE_URLS http://+:5000
+EXPOSE 5000
+
+RUN mkdir -p /etc/bitwarden/web
+RUN chown -R bitwarden:bitwarden /etc/bitwarden
+
+COPY docker/confd/app-id.toml /etc/confd/conf.d/
+COPY docker/confd/app-id.conf.tmpl /etc/confd/templates/
+
+RUN wget -O /usr/local/bin/confd https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64
+RUN chmod +x /usr/local/bin/confd
+
+# Copy app from build stage
+WORKDIR /app
+COPY --from=build /source/build ./
+RUN chown -R bitwarden:bitwarden /app
+
+# Copy entrypoint script and make it executable
+COPY docker/entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+
+USER bitwarden:bitwarden
+HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
+ENTRYPOINT ["/entrypoint.sh"]

docker/confd/app-id.conf.tmpl

@@ -0,0 +1,15 @@
+{
+  "trustedFacets": [
+    {
+      "version": {
+        "major": 1,
+        "minor": 0
+      },
+      "ids": [
+        "{{ getenv "globalSettings__baseServiceUri__vault" "https://localhost" }}",
+        "ios:bundle-id:com.8bit.bitwarden",
+        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"
+      ]
+    }
+  ]
+}

docker/confd/app-id.toml

@@ -0,0 +1,6 @@
+[template]
+src = "app-id.conf.tmpl"
+dest = "/etc/bitwarden/web/app-id.json"
+keys = [
+  "globalSettings__baseServiceUri__vault"
+]

docker/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/local/bin/confd -onetime -backend env
+
+cp /etc/bitwarden/web/app-id.json /app/app-id.json
+
+exec dotnet /bitwarden_server/Server.dll /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true

entrypoint.sh

@@ -1,38 +0,0 @@
-#!/bin/bash
-
-# Setup
-
-GROUPNAME="bitwarden"
-USERNAME="bitwarden"
-
-LUID=${LOCAL_UID:-0}
-LGID=${LOCAL_GID:-0}
-
-# Step down from host root to well-known nobody/nogroup user
-
-if [ $LUID -eq 0 ]
-then
-    LUID=65534
-fi
-if [ $LGID -eq 0 ]
-then
-    LGID=65534
-fi
-
-# Create user and group
-
-groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
-groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
-useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
-usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
-mkhomedir_helper $USERNAME
-
-# The rest...
-
-chown -R $USERNAME:$GROUPNAME /etc/bitwarden
-cp /etc/bitwarden/web/app-id.json /app/app-id.json
-chown -R $USERNAME:$GROUPNAME /app
-chown -R $USERNAME:$GROUPNAME /bitwarden_server
-
-exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
-    /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true