############# # Certbot Builder ############# FROM debian:buster-slim as certbotbuilder SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN apt-get update RUN apt-get install -y \ build-essential \ curl \ libaugeas0 \ python3 \ python3-dev \ libffi-dev \ libssl-dev \ python3-venv \ ca-certificates ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt # Yes, python compilation requires rust. RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y ENV PATH="/root/.cargo/bin:$PATH" # It's all about pip now. RUN python3 -m venv /opt/certbot/ ENV PATH="/opt/certbot/bin:$PATH" RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 # Handle an extremely specific issue when building the cryptography package for # 32-bit architectures within QEMU running on a 64-bit host # Special thanks to https://github.com/JonasAlfredsson/docker-nginx-certbot RUN if [ "$(getconf LONG_BIT)" = "32" ]; then \ pip3 install --no-cache-dir -U cryptography==3.3.2; \ fi RUN pip install cryptography==2.8 \ pip install --no-cache-dir cffi certbot \ && pip install tldextract ############# # Final Image ############# FROM jc21/nginx-full:${BASE_TAG:-latest} LABEL maintainer="Jamie Curnow " ARG TARGETPLATFORM RUN echo "Certbot: jc21/nginx-full:${BASE_TAG:-latest}, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch COPY scripts/install-cert-prune /tmp/install-cert-prune RUN /tmp/install-cert-prune "${TARGETPLATFORM:-linux/amd64}" && rm -f /tmp/install-cert-prune # OpenResty uses LuaJIT which has a dependency on GCC RUN apt-get update \ && apt-get install -y --no-install-recommends \ python3 \ python3-distutils \ python3-venv \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* COPY ./files/.bashrc.certbot /root/.bashrc # Copy certbot COPY --from=certbotbuilder /opt/certbot /opt/certbot RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 \ && python3 -m venv /opt/certbot/ \ && sed -i 's/include-system-site-packages = false/include-system-site-packages = true/g' -i /opt/certbot/pyvenv.cfg \ && ln -s /opt/certbot/bin/certbot /usr/bin/certbot LABEL org.label-schema.cmd="docker run --rm -ti jc21/nginx-full:certbot"