diff options
| author | Your Name <you@example.com> | 2026-02-18 15:12:32 +0800 |
|---|---|---|
| committer | Your Name <you@example.com> | 2026-02-18 15:12:32 +0800 |
| commit | c3a377a265d2ca92b8823be281fa0e487d30692b (patch) | |
| tree | 1d5b4213c65635ffdd82921b633eaaf5bebd2e60 /Dockerfile | |
| parent | b0572c958427ae6ad75109752e9741aab31ad65a (diff) | |
switch to rocky linux 10, add --init for zombie reaping, fix NAT setup
- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL)
- drop spawn-fcgi, use fcgiwrap -s directly
- add --init to reap zombie sshd-auth processes (PID exhaustion fix)
- replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules
- add FORWARD accept rule that was missing for inbound DNAT traffic
Diffstat (limited to 'Dockerfile')
| -rw-r--r-- | Dockerfile | 10 |
1 files changed, 6 insertions, 4 deletions
| @@ -1,14 +1,16 @@ | |||
| 1 | FROM alpine:latest | 1 | FROM rockylinux:10 |
| 2 | 2 | ||
| 3 | RUN apk add --no-cache \ | 3 | RUN dnf install -y epel-release && \ |
| 4 | dnf copr enable -y @caddy/caddy && \ | ||
| 5 | dnf install -y \ | ||
| 4 | caddy \ | 6 | caddy \ |
| 5 | cgit \ | 7 | cgit \ |
| 6 | git \ | 8 | git \ |
| 7 | fcgiwrap \ | 9 | fcgiwrap \ |
| 8 | spawn-fcgi \ | ||
| 9 | gettext \ | 10 | gettext \ |
| 10 | openssl \ | 11 | openssl \ |
| 11 | openssh-server | 12 | openssh-server \ |
| 13 | && dnf clean all | ||
| 12 | 14 | ||
| 13 | COPY cgitrc.template /etc/cgitrc.template | 15 | COPY cgitrc.template /etc/cgitrc.template |
| 14 | COPY Caddyfile /etc/caddy/Caddyfile | 16 | COPY Caddyfile /etc/caddy/Caddyfile |