-
Notifications
You must be signed in to change notification settings - Fork 5
/
Dockerfile-Dev-V6
130 lines (115 loc) · 3.11 KB
/
Dockerfile-Dev-V6
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
FROM pihole/pihole:development-v6 as openssl
WORKDIR /tmp/src
RUN set -e -x && \
apk add --no-cache --virtual .build-deps \
perl \
build-base \
ca-certificates \
curl \
git \
gnupg \
libidn2-dev \
libssl3 \
linux-headers \
&& \
apk add --no-cache --virtual .run-deps \
libidn2 \
&& \
git clone https://github.com/openssl/openssl.git && \
cd openssl && \
./config \
--prefix=/opt/openssl \
--openssldir=/opt/openssl \
no-weak-ssl-ciphers \
no-ssl3 \
no-shared \
-DOPENSSL_NO_HEARTBEATS \
-fstack-protector-strong \
&& \
make depend && \
make -j$(getconf _NPROCESSORS_ONLN) && \
make install_sw && \
apk del .build-deps && \
rm -rf /tmp/* /var/tmp/* /var/cache/apk/*
FROM pihole/pihole:development-v6 as unbound
WORKDIR /tmp/src
COPY --from=openssl /opt/openssl /opt/openssl
RUN build_deps=" \
flex \
bison \
nghttp2-libs \
nghttp2-dev \
build-base \
ca-certificates \
curl \
git \
libevent-dev \
expat-dev \
protobuf-c-dev \
linux-headers \
" && \
set -x && \
apk add --repository=main --no-cache --virtual .build-deps \
$build_deps \
&& \
apk add --no-cache --virtual .run-deps \
ca-certificates \
ldns \
libevent \
nghttp2-libs \
expat \
protobuf-c \
&& \
git clone https://github.com/NLnetLabs/unbound.git && \
cd unbound && \
addgroup -S _unbound && \
adduser -S -G _unbound -H -s /sbin/nologin -h /etc _unbound && \
./configure \
--disable-dependency-tracking \
--prefix=/opt/unbound \
--with-pthreads \
--with-username=_unbound \
--with-ssl=/opt/openssl \
--with-libevent \
--with-libnghttp2 \
--enable-dnstap \
--enable-tfo-server \
--enable-tfo-client \
--enable-event-api \
--enable-subnet \
&& \
make && \
make install && \
mv /opt/unbound/etc/unbound/unbound.conf /opt/unbound/etc/unbound/unbound.conf.example && \
apk del .build-deps && \
rm -rf /opt/unbound/share/man /tmp/* /var/tmp/* /var/cache/apk/*
FROM pihole/pihole:development-v6
WORKDIR /tmp/src
COPY --from=unbound /opt /opt
RUN set -x && \
apk add --no-cache --virtual .run-deps \
perl \
ca-certificates \
ldns \
libevent \
nghttp2-libs \
expat \
protobuf-c \
&& \
addgroup -S _unbound && \
adduser -S -G _unbound -H -s /sbin/nologin -h /etc _unbound && \
apk del .run-deps && \
rm -rf /opt/unbound/share/man /tmp/* /var/tmp/* /var/cache/apk/*
WORKDIR /opt/unbound/
# Copy extra files
COPY lighttpd-external.conf /etc/lighttpd/external.conf
COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf
COPY data/ /
RUN chmod +x /unbound.sh
# Set version label
LABEL maintainer="OrigamiOfficial"
# Environment settings
ENV FTLCONF_dns_upstreams 127.0.0.1#5335
ENV PATH /opt/unbound/sbin:"$PATH"
# Target run
CMD ["/unbound.sh"]