全面大升级
This commit is contained in:
28
Dockerfile
28
Dockerfile
@@ -2,46 +2,22 @@
|
||||
FROM golang:1.24-alpine AS builder
|
||||
|
||||
WORKDIR /app
|
||||
RUN apk add --no-cache gcc musl-dev # 仅当需要 CGO 时才保留(你的代码可能不需要,但保留无害)
|
||||
|
||||
# 安装编译依赖(仅用于 CGO,但你已禁用 CGO,其实可省略)
|
||||
# 如果确实不需要 CGO(如纯 Go 代码),可删除下一行以加速构建
|
||||
RUN apk add --no-cache gcc musl-dev
|
||||
|
||||
# 复制模块文件并下载依赖
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
|
||||
# 复制源码
|
||||
COPY . .
|
||||
|
||||
# 编译静态二进制(CGO_ENABLED=0 确保无动态链接)
|
||||
RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags="-s -w" -o server ./cmd/server/main.go
|
||||
|
||||
|
||||
# 第二阶段:运行
|
||||
FROM alpine:latest
|
||||
|
||||
# 安全加固:创建非 root 用户
|
||||
RUN addgroup -g 1001 -S app && \
|
||||
adduser -u 1001 -S app -G app
|
||||
|
||||
RUN addgroup -g 1001 -S app && adduser -u 1001 -S app -G app
|
||||
WORKDIR /app
|
||||
|
||||
# 从构建阶段复制二进制和静态资源
|
||||
COPY --from=builder /app/server .
|
||||
COPY --from=builder /app/web ./web
|
||||
|
||||
# 更改文件所有者(安全最佳实践)
|
||||
RUN chown -R app:app /app
|
||||
|
||||
# 切换到非 root 用户
|
||||
USER app
|
||||
|
||||
# 暴露端口
|
||||
EXPOSE 2779
|
||||
|
||||
# 设置默认端口(可通过 docker run -e PORT=... 覆盖)
|
||||
ENV PORT=2779
|
||||
|
||||
# 启动应用
|
||||
CMD ["./server"]
|
||||
Reference in New Issue
Block a user