From 17aa46c4d214051f0efa904b531c8eab2cfcbea7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ce=CC=81drik=20LIME?= <REMOVE_ME+github@cedrik.fr>
Date: Wed, 8 May 2019 21:17:14 +0200
Subject: [PATCH] Optimize Docker image layers; comment out runtime user; add
 sample docker-compose.yml

---
 Dockerfile         | 11 ++++++-----
 Dockerfile.travis  | 12 ++++++------
 docker-compose.yml | 31 +++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 11 deletions(-)
 create mode 100644 docker-compose.yml

diff --git a/Dockerfile b/Dockerfile
index 1d6ee6a9..8b89e11b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,12 +12,13 @@ LABEL maintainer="AdGuard Team <devteam@adguard.com>"
 
 # Update CA certs
 RUN apk --no-cache --update add ca-certificates libcap && \
-    rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome
 
-COPY --from=build /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome
+COPY --from=build --chown=nobody: /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome
 
-RUN chown -R nobody: /opt/adguardhome \
-    && setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
 
 EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp
 
@@ -25,7 +26,7 @@ VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]
 
 WORKDIR /opt/adguardhome/work
 
-USER nobody
+#USER nobody
 
 ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
 CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]
diff --git a/Dockerfile.travis b/Dockerfile.travis
index 3a4ba640..bdfbb00a 100644
--- a/Dockerfile.travis
+++ b/Dockerfile.travis
@@ -3,13 +3,13 @@ LABEL maintainer="AdGuard Team <devteam@adguard.com>"
 
 # Update CA certs
 RUN apk --no-cache --update add ca-certificates libcap && \
-    rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome/conf /opt/adguardhome/work
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome
 
+COPY --chown=nobody: ./AdGuardHome /opt/adguardhome/AdGuardHome
 
-COPY ./AdGuardHome /opt/adguardhome/AdGuardHome
-
-RUN chown -R nobody: /opt/adguardhome \
-    && setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
 
 EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp
 
@@ -17,7 +17,7 @@ VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]
 
 WORKDIR /opt/adguardhome/work
 
-USER nobody
+#USER nobody
 
 ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
 CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..1c3d6646
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,31 @@
+%YAML 1.2
+---
+# https://docs.docker.com/compose/compose-file/
+
+version: '2.4'
+
+services:
+
+  adguard-home:
+    image: adguard/adguardhome:armhf-latest
+    init: true
+    ports:
+    - "53:53/tcp"
+    - "53:53/udp"
+    - "67:67/tcp"
+    - "67:67/udp"
+    - "68:68/tcp"
+    - "68:68/udp"
+    - "80:80/tcp"
+    - "443:443/tcp"
+    - "853:853/tcp"
+    - "853:853/udp"
+    - "3000:3000/tcp"
+    volumes:
+    - /opt/adguard-home:/opt/adguardhome/conf
+    - /srv/adguard-home:/opt/adguardhome/work
+    #user: nobody
+    read_only: true
+    restart: always
+
+...