我正在尝试减小docker映像的大小,但是Dockerfile很奇怪。
我连接RUN
命令以减小图像的大小。当我构建下面的 Dockerfile 时,它只创建 235MB。
FROM nginx:alpine
RUN apk add --no-cache --virtual .build-deps
gcc
libc-dev
make
openssl
pcre-dev
zlib-dev
linux-headers
curl
gnupg
libxslt-dev
gd-dev
perl-dev
&& apk add --no-cache --virtual .libmodsecurity-deps
pcre-dev
libxml2-dev
git
libtool
automake
autoconf
g++
flex
bison
yajl-dev
git
# Add runtime dependencies that should not be removed
&& apk add --no-cache
doxygen
geoip
geoip-dev
yajl
libstdc++
sed
# Installing ModSec Library version 3
&& echo "Installing ModSec Library"
&& git clone -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /opt/ModSecurity
&& cd /opt/ModSecurity
&& git submodule init
&& git submodule update
&& ./build.sh
&& ./configure && make && make install
&& echo "Finished Installing ModSec Library"
# Installing ModSec - Nginx connector
&& cd /opt
&& echo 'Installing ModSec - Nginx connector'
&& git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
&& wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz
&& tar zxvf nginx-$NGINX_VERSION.tar.gz
# Adding Nginx Connector Module
&& cd /opt/nginx-$NGINX_VERSION
&& ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx
&& make modules
&& cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
&& echo "Finished Installing ModSec - Nginx connector"
# Begin installing ModSec OWASP Rules
&& echo "Begin installing ModSec OWASP Rules"
&& mkdir /etc/nginx/modsec
&& wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended
&& mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
&& sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf
# Fetching owasp-modsecurity-crs
&& cd /opt
&& git clone -b v3.0/master https://github.com/SpiderLabs/owasp-modsecurity-crs
&& mv owasp-modsecurity-crs/ /usr/local/
&& cp /usr/local/owasp-modsecurity-crs/crs-setup.conf.example /usr/local/owasp-modsecurity-crs/crs-setup.conf
# Creating modsec file
&& echo 'Creating modsec file'
&& echo -e '# From https://github.com/SpiderLabs/ModSecurity/blob/master/n
# modsecurity.conf-recommendedn
# Edit to set SecRuleEngine Onn
Include "/etc/nginx/modsec/modsecurity.conf"n
# OWASP CRS v3 rulesn
Include "/usr/local/owasp-modsecurity-crs/crs-setup.conf"n
Include "/usr/local/owasp-modsecurity-crs/rules/*.conf"'
>>/etc/nginx/modsec/main.conf
&& chown nginx:nginx /etc/nginx/modsec/main.conf
# Removing old Nginx conf files
&& rm -fr /etc/nginx/conf.d/
&& rm -fr /etc/nginx/nginx.conf
&& chown -R nginx:nginx /usr/share/nginx
# delete uneeded and clean up
&& apk del .build-deps
&& apk del .libmodsecurity-deps
&& rm -fr ModSecurity
&& rm -fr ModSecurity-nginx
&& rm -fr nginx-$NGINX_VERSION.tar.gz
&& rm -fr nginx-$NGINX_VERSION
COPY conf/nginx.conf /etc/nginx
COPY conf/conf.d /etc/nginx/conf.d
COPY errors /usr/share/nginx/errors
WORKDIR /usr/share/nginx/html
CMD nginx -g 'daemon off;'
EXPOSE 80
我已经看过 docker 历史记录 imagedId 它显示此 RUN 命令的大小增加了大约 855MB。有人明白为什么它表现得很奇怪吗?
任何想法都会很有帮助,很难每次都调试构建映像。
我尝试以两种方式构建,发现没有太大区别。
大部分磁盘空间由/opt/ModSecurity
占用。最初在 git 克隆后它是 74MB。
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldimage latest 924a8d4f941e 11 minutes ago 867MB
newimage latest d1ca029927c2 About an hour ago 867MB
nginx alpine ebe2c7c61055 6 days ago 18MB
但是,在构建完整构建后 - 它已增长到 ~650MB。
$ du -sh *
639.7M ModSecurity
408.0K ModSecurity-nginx
7.5M nginx-1.13.12
996.0K nginx-1.13.12.tar.gz