-
Notifications
You must be signed in to change notification settings - Fork 5
/
Dockerfile
129 lines (110 loc) · 3.42 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Define an ARG for the base image tag
ARG BASE_IMG_TAG=none
FROM pihole/pihole:${BASE_IMG_TAG} as openssl
WORKDIR /tmp/src
RUN set -e -x && \
build_deps="build-essential ca-certificates curl dirmngr gnupg libidn2-0-dev libssl-dev" && \
DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends \
$build_deps && \
git clone https://github.com/openssl/openssl.git && \
cd openssl && \
./config \
--prefix=/opt/openssl \
--openssldir=/opt/openssl \
no-weak-ssl-ciphers \
no-ssl3 \
no-shared \
-DOPENSSL_NO_HEARTBEATS \
-fstack-protector-strong && \
make depend && \
nproc | xargs -I % make -j% && \
make install_sw && \
apt-get purge -y --auto-remove \
$build_deps && \
rm -rf \
/tmp/* \
/var/tmp/* \
/var/cache/apt/* \
/var/lib/apt/lists/*
FROM pihole/pihole:${BASE_IMG_TAG} as unbound
ENV NAME=unbound \
UNBOUND_VERSION=latest \
UNBOUND_DOWNLOAD_URL=https://nlnetlabs.nl/downloads/unbound/unbound-latest.tar.gz
WORKDIR /tmp/src
COPY --from=openssl /opt/openssl /opt/openssl
RUN build_deps="curl gcc libc-dev libevent-dev libexpat1-dev libnghttp2-dev make flex bison" && \
set -x && \
DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends \
$build_deps \
bsdmainutils \
ca-certificates \
ldnsutils \
libevent-2.1-7 \
libexpat1 \
libprotobuf-c-dev \
protobuf-c-compiler && \
curl -sSL $UNBOUND_DOWNLOAD_URL -o unbound.tar.gz && \
tar xzf unbound.tar.gz && \
rm -f unbound.tar.gz && \
mv unbound-* unbound && \
cd unbound && \
groupadd _unbound && \
useradd -g _unbound -s /dev/null -d /etc _unbound && \
./configure \
--disable-dependency-tracking \
--prefix=/opt/unbound \
--with-pthreads \
--with-username=_unbound \
--with-ssl=/opt/openssl \
--with-libevent \
--with-libnghttp2 \
--enable-dnstap \
--enable-tfo-server \
--enable-tfo-client \
--enable-event-api \
--enable-subnet && \
make install && \
mv /opt/unbound/etc/unbound/unbound.conf /opt/unbound/etc/unbound/unbound.conf.example && \
apt-get purge -y --auto-remove \
$build_deps && \
rm -rf \
/opt/unbound/share/man \
/tmp/* \
/var/tmp/* \
/var/cache/apt/* \
/var/lib/apt/lists/*
FROM pihole/pihole:${BASE_IMG_TAG}
WORKDIR /tmp/src
COPY --from=unbound /opt /opt
RUN set -x && \
DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends \
bsdmainutils \
ca-certificates \
ldnsutils \
libevent-2.1-7 \
libnghttp2-14 \
libexpat1 \
libprotobuf-c1 && \
groupadd _unbound && \
useradd -g _unbound -s /dev/null -d /etc _unbound && \
apt-get purge -y --auto-remove \
$build_deps && \
rm -rf \
/opt/unbound/share/man \
/tmp/* \
/var/tmp/* \
/var/cache/apt/* \
/var/lib/apt/lists/*
WORKDIR /opt/unbound/
# copy extra files
COPY lighttpd-external.conf /etc/lighttpd/external.conf
COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf
COPY data/ /
RUN chmod +x /unbound.sh
# set version label
LABEL maintainer="OrigamiOfficial"
# environment settings
ENV PIHOLE_DNS_ 127.0.0.1#5335
ENV PATH /opt/unbound/sbin:"$PATH"
# target run
CMD ["/unbound.sh"]