83 lines
2.6 KiB
Docker
83 lines
2.6 KiB
Docker
# As a workaround we have to build on nodejs 18
|
|
# nodejs 20 hangs on build with armv6/armv7
|
|
FROM docker.io/library/node:20-alpine AS build_node_modules
|
|
|
|
# Update npm to latest
|
|
RUN npm install -g npm@latest
|
|
|
|
# Copy Web UI
|
|
COPY src /app
|
|
WORKDIR /app
|
|
RUN npm ci --omit=dev &&\
|
|
mv node_modules /node_modules
|
|
|
|
# Copy build result to a new image.
|
|
# This saves a lot of disk space.
|
|
FROM amneziavpn/amneziawg-go:latest
|
|
HEALTHCHECK CMD /usr/bin/timeout 5s /bin/sh -c "/usr/bin/wg show | /bin/grep -q interface || exit 1" --interval=1m --timeout=5s --retries=3
|
|
COPY --from=build_node_modules /app /app
|
|
|
|
# Move node_modules one directory up, so during development
|
|
# we don't have to mount it in a volume.
|
|
# This results in much faster reloading!
|
|
#
|
|
# Also, some node_modules might be native, and
|
|
# the architecture & OS of your development machine might differ
|
|
# than what runs inside of docker.
|
|
COPY --from=build_node_modules /node_modules /node_modules
|
|
|
|
# Copy the needed wg-password scripts
|
|
COPY --from=build_node_modules /app/wgpw.sh /bin/wgpw
|
|
RUN chmod +x /bin/wgpw
|
|
|
|
# Install Linux packages
|
|
RUN apk add --no-cache \
|
|
dpkg \
|
|
dumb-init \
|
|
iptables \
|
|
nodejs \
|
|
npm
|
|
|
|
#Use iptables-legacy
|
|
# RUN update-alternatives --install /sbin/iptables iptables /sbin/iptables-legacy 10 --slave /sbin/iptables-restore iptables-restore /sbin/iptables-legacy-restore --slave /sbin/iptables-save iptables-save /sbin/iptables-legacy-save
|
|
|
|
# Tune network
|
|
RUN echo -e " \n\
|
|
fs.file-max = 51200 \n\
|
|
\n\
|
|
net.core.rmem_max = 67108864 \n\
|
|
net.core.wmem_max = 67108864 \n\
|
|
net.core.netdev_max_backlog = 250000 \n\
|
|
net.core.somaxconn = 4096 \n\
|
|
\n\
|
|
net.ipv4.tcp_syncookies = 1 \n\
|
|
net.ipv4.tcp_tw_reuse = 1 \n\
|
|
net.ipv4.tcp_tw_recycle = 0 \n\
|
|
net.ipv4.tcp_fin_timeout = 30 \n\
|
|
net.ipv4.tcp_keepalive_time = 1200 \n\
|
|
net.ipv4.ip_local_port_range = 10000 65000 \n\
|
|
net.ipv4.tcp_max_syn_backlog = 8192 \n\
|
|
net.ipv4.tcp_max_tw_buckets = 5000 \n\
|
|
net.ipv4.tcp_fastopen = 3 \n\
|
|
net.ipv4.tcp_mem = 25600 51200 102400 \n\
|
|
net.ipv4.tcp_rmem = 4096 87380 67108864 \n\
|
|
net.ipv4.tcp_wmem = 4096 65536 67108864 \n\
|
|
net.ipv4.tcp_mtu_probing = 1 \n\
|
|
net.ipv4.tcp_congestion_control = hybla \n\
|
|
# for low-latency network, use cubic instead \n\
|
|
# net.ipv4.tcp_congestion_control = cubic \n\
|
|
" | sed -e 's/^\s\+//g' | tee -a /etc/sysctl.conf && \
|
|
mkdir -p /etc/security && \
|
|
echo -e " \n\
|
|
* soft nofile 51200 \n\
|
|
* hard nofile 51200 \n\
|
|
" | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf
|
|
|
|
|
|
# Set Environment
|
|
ENV DEBUG=Server,WireGuard
|
|
|
|
# Run Web UI
|
|
WORKDIR /app
|
|
CMD ["/usr/bin/dumb-init", "node", "server.js"]
|