This Dockerfile is tailored for CIO projects, utilizing a custom Ubuntu base image from the CIO's Docker repository. The Dockerfile includes configurations for installing Python and other dependencies, setting up environment variables, and preparing the GaiaAPI application.
Currently GAIA API uses a CIO's Ubuntu image as its base, if we want to build the Docker image we will need access to CIO Docker repository, for that follow the steps in Login Into CIO Azure Container Registry
Code Block | ||
---|---|---|
| ||
# syntax=docker/dockerfile:1 # Base image (Ubuntu 22.04 from CIO) FROM acncio.azurecr.io/ubuntu22.04cio-base:latest AS GaiaAPI # Arguments for dependency installation and PYQPL library location # Options for INSTALL_DEPENDENCIES: [ldap], [genai], [all], or leave empty ARG INSTALL_DEPENDENCIES="" ARG PYQPL_LOCATION=lib/pyqpl-1.1.0-py3-none-any.whl # Set GAIA_ENV as an environment variable, default value is 'default' ARG GAIA_ENV=system_default ENV GAIA_ENV=$GAIA_ENV # Set CONFIG_URL as an environment variable, for custom configuration JSON file path ARG CONFIG_URL='' ENV CONFIG_URL=$CONFIG_URL # Set number of Uvicorn workers, typically 1 is recommended in Docker ARG UVICORN_WORKERS=1 ENV UVICORN_WORKERS=$UVICORN_WORKERS # Set protocol (default 'http') as an environment variable ARG PROTOCOL=http ENV PROTOCOL=$PROTOCOL # Set host for GAIA API, necessary unless default entrypoint is removed ARG HOST=0.0.0.0 ENV HOST=$HOST # Set port for GAIA API, necessary unless default entrypoint is removed ARG PORT=8085 ENV PORT=$PORT # Set domain name for GAIA API, necessary unless default entrypoint is removed ARG DOMAIN_NAME=host.docker.internal ENV DOMAIN_NAME=$DOMAIN_NAME # Set cookie domain name for GAIA API, necessary unless default entrypoint is removed ARG COOKIE_DOMAIN_NAME='' ENV COOKIE_DOMAIN_NAME=$COOKIE_DOMAIN_NAME # Set engine URL for GAIA API, necessary unless default entrypoint is removed ARG ENGINE_URL=http://host.docker.internal:9200 ENV ENGINE_URL=$ENGINE_URL # Set path to certificates, necessary only if mailer is enabled using custom SMTP ARG CERTIFICATES_PATH='' ENV CERTIFICATES_PATH=$CERTIFICATES_PATH # Set AWS Elasticsearch credentials, only if using AWS service ARG AWS_SERVICE=es ENV AWS_SERVICE=$AWS_SERVICE ARG AWS_REGION=us-east-1 ENV AWS_REGION=$AWS_REGION # Set AWS Access Key and Session Token, required only if using access key and token ARG AWS_ACCESS_KEY_ID=default-key ENV AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID ARG AWS_SECRET_ACCESS_KEY=default-secret ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY ARG AWS_SESSION_TOKEN=default-token ENV AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN # Change user to ROOT USER root:root # Install python 3.11 and other dependencies on OS RUN apt-get update && apt-get install -y\ pkg-config\ libxml2-dev\ libxmlsec1\ libxmlsec1-dev\ libxmlsec1-openssl\ xmlsec1\ build-essential\ curl\ iputils-ping\ libnss3-dev\ libgdbm-dev\ libncurses5-dev\ libssl-dev\ libffi-dev\ libreadline-dev\ libsqlite3-dev\ libbz2-dev\ software-properties-common\ vim\ wget\ zlib1g-dev\ # Installiing Python 3.11.7 && wget https://www.python.org/ftp/python/3.11.7/Python-3.11.7.tgz\ && tar xvf Python-3.11.7.tgz\ && cd Python-*/\ && ./configure --enable-optimizations\ && make altinstall\ && ln -s -f /usr/local/bin/python3.11 /usr/local/bin/python\ && ln -s -f /usr/local/bin/pip3.11 /usr/local/bin/pip\ && cd ..\ && rm Python-3.11.7.tgz\ && rm -rf Python-3.11.7 # Create our work directory WORKDIR /gaia_api # Change work directory ownership to root-less user RUN chown appuser:appgroup /gaia_api # Copy GaiaAPI source and change ownership to root-less user COPY --chown=appuser:appgroup . . # Installiing all SAPI dependencies RUN /bin/sh -c pip install --upgrade pip\ && pip install --no-cache-dir lxml>=4.9.0\ && pip install --no-cache-dir xmlsec\ && pip install --no-cache-dir -e ".$INSTALL_DEPENDENCIES"\ # PYQPL from the local lib folder, check the VERSION before installing! && pip install --no-cache-dir $PYQPL_LOCATION # Export GaiaAPI PORT EXPOSE $PORT # Change back to the root-less user USER appuser:appgroup # Start the GaiaAPI at container start CMD python -m uvicorn app.webapp:app --host $HOST --port $PORT --workers $UVICORN_WORKERS --no-server-header # If running behind a proxy like Nginx or Traefik add --proxy-headers # CMD python -m uvicorn app.webapp:app --proxy-headers --host $HOST --port $PORT --workers $UVICORN_WORKERS --no-server-header # Comando para ejecutar Uvicorn con SSL # CMD python -m uvicorn app.webapp:app --host $HOST --port $PORT --ssl-keyfile /path/in/container/private.key", "--ssl-certfile", "/path/in/container/certificate.crt"] |
Base Image:
FROM acncio.azurecr.io/ubuntu22.04cio-base:latest AS GaiaAPI
.Arguments and Environment Variables:
ARG
) and environment variables (ENV
) for configuring the GaiaAPI application.Python and Dependency Installation:
Setting Up the Working Directory:
/gaia_api
and changes its ownership to a non-root user (appuser:appgroup
).Application Setup:
PYQPL
library.Exposing Ports and Running the Application:
appuser:appgroup
) for running the application, enhancing security.