forked from crazy-max/docker-unbound
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
96 lines (88 loc) · 2.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
ARG UNBOUND_VERSION=1.15.0
ARG LDNS_VERSION=1.8.1
FROM alpine:3.15
ARG UNBOUND_VERSION
ARG LDNS_VERSION
RUN apk --update --no-cache add \
ca-certificates \
dns-root-hints \
dnssec-root \
expat \
libevent \
libpcap \
openssl \
shadow \
&& apk --update --no-cache add -t build-dependencies \
build-base \
curl \
expat-dev \
libevent-dev \
linux-headers \
libcap \
libpcap-dev \
openssl-dev \
perl \
tar \
# unbound
&& mkdir /tmp/unbound && cd /tmp/unbound \
&& mkdir -p /run/unbound \
&& curl -sSL "https://unbound.net/downloads/unbound-${UNBOUND_VERSION}.tar.gz" | tar xz --strip 1 \
&& ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--localstatedir=/var \
--with-chroot-dir="" \
--with-pidfile=/var/run/unbound/unbound.pid \
--with-run-dir=/var/run/unbound \
--with-username="" \
--disable-flto \
--disable-rpath \
--disable-shared \
--enable-event-api \
--with-libevent \
--with-pthreads \
--with-ssl \
|| cat config.log \
&& make -j$(nproc) \
&& make install \
&& strip $(which unbound) \
&& unbound -V \
&& unbound-anchor -v || true \
# ldns
&& mkdir /tmp/ldns && cd /tmp/ldns \
&& curl -sSL "https://nlnetlabs.nl/downloads/ldns/ldns-${LDNS_VERSION}.tar.gz" | tar xz --strip 1 \
&& ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var \
--disable-gost \
--disable-rpath \
--disable-shared \
--with-drill \
--with-ssl \
--with-trust-anchor=/var/run/unbound/root.key \
--with-ssl \
|| cat config.log \
&& make -j$(nproc) \
&& make install \
&& strip $(which drill) \
&& ldns-config --version \
&& apk del build-dependencies \
&& rm -rf /tmp/* /var/www/*
COPY rootfs /
RUN mkdir -p /config \
&& addgroup -g 1500 unbound \
&& adduser -D -H -u 1500 -G unbound -s /bin/sh unbound \
&& chown -R unbound. /etc/unbound /run/unbound \
&& rm -rf /tmp/*
USER unbound
EXPOSE 5053/tcp
EXPOSE 5053/udp
VOLUME [ "/config" ]
ENTRYPOINT [ "unbound" ]
CMD [ "-d", "-c", "/etc/unbound/unbound.conf" ]
HEALTHCHECK --interval=30s --timeout=10s \
CMD drill -p 5053 unbound.net @127.0.0.1