Updated according security and style recommendations

This commit is contained in:
Alexey Pustovalov 2024-02-16 18:55:36 +09:00
parent f5d2f4a656
commit c10c90b325
9 changed files with 26 additions and 25 deletions

View File

@ -58,7 +58,7 @@ RUN set -eux && \
shadow-utils \
pcre2 \
libcurl" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y install \

View File

@ -65,7 +65,7 @@ RUN set -eux && \
smartmontools \
sudo \
libcurl" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y install \

View File

@ -113,7 +113,7 @@ This variable is port Zabbix server listening on. By default, value is `10051`.
This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'
### `DB_SERVER_PORT`
This variable is port of MySQL server. By default, value is '3306'.
### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE`

View File

@ -73,7 +73,7 @@ RUN set -eux && \
pcre2 \
gzip \
unixODBC" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y module enable mysql && \

View File

@ -70,7 +70,7 @@ RUN set -eux && \
pcre2 \
sqlite-libs \
unixODBC" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y install \

View File

@ -75,7 +75,7 @@ RUN set -eux && \
pcre2 \
gzip \
unixODBC" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y module enable mysql && \

View File

@ -104,7 +104,7 @@ RUN set -eux && \
rm -rf /var/lib/apt/lists/*
EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -66,7 +66,7 @@ RUN set -eux && \
php-mbstring \
php-mysqlnd \
php-xml" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y module enable mysql && \

View File

@ -1,12 +1,12 @@
# syntax=docker/dockerfile:1
ARG MAJOR_VERSION=6.0
ARG RELEASE=26
ARG ZBX_VERSION=${MAJOR_VERSION}.26
ARG MAJOR_VERSION=7.0
ARG RELEASE=0
ARG ZBX_VERSION=${MAJOR_VERSION}
ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION}
FROM ${BUILD_BASE_IMAGE} as builder
FROM ${BUILD_BASE_IMAGE} AS builder
FROM registry.access.redhat.com/ubi8/ubi-minimal
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3
ARG MAJOR_VERSION
ARG RELEASE
@ -19,9 +19,9 @@ ENV TERM=xterm \
LABEL description="Zabbix web service for performing various tasks using headless web browser" \
maintainer="alexey.pustovalov@zabbix.com" \
name="zabbix/zabbix-web-service-60" \
name="zabbix/zabbix-web-service-trunk" \
release="${RELEASE}" \
run="docker run --name zabbix-web-service --link zabbix-server:zabbix-server -p 10053:10053 -d registry.connect.redhat.com/zabbix/zabbix-web-service-60:${ZBX_VERSION}" \
run="docker run --name zabbix-web-service --link zabbix-server:zabbix-server -p 10053:10053 -d registry.connect.redhat.com/zabbix/zabbix-web-service-trunk:${ZBX_VERSION}" \
summary="Zabbix web service" \
url="https://www.zabbix.com/" \
vendor="Zabbix LLC" \
@ -32,7 +32,7 @@ LABEL description="Zabbix web service for performing various tasks using headles
io.openshift.tags="zabbix,zabbix-web-service" \
org.label-schema.build-date="${BUILD_DATE}" \
org.label-schema.description="Zabbix web service for performing various tasks using headless web browser" \
org.label-schema.docker.cmd="docker run --name zabbix-web-service --link zabbix-server:zabbix-server -p 10053:10053 -d registry.connect.redhat.com/zabbix/zabbix-web-service-60:${ZBX_VERSION}" \
org.label-schema.docker.cmd="docker run --name zabbix-web-service --link zabbix-server:zabbix-server -p 10053:10053 -d registry.connect.redhat.com/zabbix/zabbix-web-service-trunk:${ZBX_VERSION}" \
org.label-schema.license="GPL v2.0" \
org.label-schema.name="zabbix-web-service-rhel" \
org.label-schema.schema-version="1.0" \
@ -53,15 +53,16 @@ RUN set -eux && \
INSTALL_PKGS="bash \
shadow-utils \
chromium-headless" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
ARCH_SUFFIX="$(arch)"; \
microdnf -y install \
--disablerepo "*" \
--enablerepo "ubi-8-baseos-rpms" \
--enablerepo "ubi-8-appstream-rpms" \
--enablerepo "rhel-8-for-x86_64-baseos-rpms" \
--enablerepo "rhel-8-for-x86_64-appstream-rpms" \
--enablerepo "ubi-9-baseos-rpms" \
--enablerepo "ubi-9-appstream-rpms" \
--enablerepo "rhel-9-for-$ARCH_SUFFIX-baseos-rpms" \
--enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \
--enablerepo "epel" \
--setopt=install_weak_deps=0 \
--best \
@ -69,8 +70,8 @@ RUN set -eux && \
${INSTALL_PKGS} && \
microdnf -y install \
--disablerepo "*" \
--enablerepo "ubi-8-baseos-rpms" \
--enablerepo "ubi-8-appstream-rpms" \
--enablerepo "ubi-9-baseos-rpms" \
--enablerepo "ubi-9-appstream-rpms" \
--setopt=install_weak_deps=0 \
--best \
--setopt=tsflags=nodocs \