diff --git a/Dockerfile.fips.standalone-infisical b/Dockerfile.fips.standalone-infisical index dfcb87deb3..34cd3eed8f 100644 --- a/Dockerfile.fips.standalone-infisical +++ b/Dockerfile.fips.standalone-infisical @@ -69,13 +69,21 @@ RUN groupadd -r -g 1001 nodejs && useradd -r -u 1001 -g nodejs non-root-user WORKDIR /app -# Required for pkcs11js +# Required for pkcs11js and ODBC RUN apt-get update && apt-get install -y \ python3 \ make \ g++ \ + unixodbc \ + unixodbc-dev \ + freetds-dev \ + freetds-bin \ + tdsodbc \ && rm -rf /var/lib/apt/lists/* +# Configure ODBC +RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini + COPY backend/package*.json ./ RUN npm ci --only-production @@ -91,13 +99,21 @@ ENV ChrystokiConfigurationPath=/usr/safenet/lunaclient/ WORKDIR /app -# Required for pkcs11js +# Required for pkcs11js and ODBC RUN apt-get update && apt-get install -y \ python3 \ make \ g++ \ + unixodbc \ + unixodbc-dev \ + freetds-dev \ + freetds-bin \ + tdsodbc \ && rm -rf /var/lib/apt/lists/* +# Configure ODBC +RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini + COPY backend/package*.json ./ RUN npm ci --only-production @@ -108,13 +124,24 @@ RUN mkdir frontend-build # Production stage FROM base AS production -# Install necessary packages +# Install necessary packages including ODBC RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ git \ + python3 \ + make \ + g++ \ + unixodbc \ + unixodbc-dev \ + freetds-dev \ + freetds-bin \ + tdsodbc \ && rm -rf /var/lib/apt/lists/* +# Configure ODBC in production +RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini + # Install Infisical CLI RUN curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \ && apt-get update && apt-get install -y infisical=0.31.1 \ diff --git a/Dockerfile.standalone-infisical b/Dockerfile.standalone-infisical index 41c898b793..cd54770833 100644 --- a/Dockerfile.standalone-infisical +++ b/Dockerfile.standalone-infisical @@ -72,8 +72,16 @@ RUN addgroup --system --gid 1001 nodejs \ WORKDIR /app -# Required for pkcs11js -RUN apk add --no-cache python3 make g++ +# Install all required dependencies for build +RUN apk --update add \ + python3 \ + make \ + g++ \ + unixodbc \ + freetds \ + unixodbc-dev \ + libc-dev \ + freetds-dev COPY backend/package*.json ./ RUN npm ci --only-production @@ -88,8 +96,19 @@ FROM base AS backend-runner WORKDIR /app -# Required for pkcs11js -RUN apk add --no-cache python3 make g++ +# Install all required dependencies for runtime +RUN apk --update add \ + python3 \ + make \ + g++ \ + unixodbc \ + freetds \ + unixodbc-dev \ + libc-dev \ + freetds-dev + +# Configure ODBC +RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini COPY backend/package*.json ./ RUN npm ci --only-production @@ -100,11 +119,32 @@ RUN mkdir frontend-build # Production stage FROM base AS production + RUN apk add --upgrade --no-cache ca-certificates RUN apk add --no-cache bash curl && curl -1sLf \ 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \ && apk add infisical=0.31.1 && apk add --no-cache git +WORKDIR / + +# Install all required runtime dependencies +RUN apk --update add \ + python3 \ + make \ + g++ \ + unixodbc \ + freetds \ + unixodbc-dev \ + libc-dev \ + freetds-dev \ + bash \ + curl \ + git + +# Configure ODBC in production +RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini + +# Setup user permissions RUN addgroup --system --gid 1001 nodejs \ && adduser --system --uid 1001 non-root-user @@ -127,7 +167,6 @@ ARG CAPTCHA_SITE_KEY ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY \ BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY -WORKDIR / COPY --from=backend-runner /app /backend @@ -149,4 +188,4 @@ EXPOSE 443 USER non-root-user -CMD ["./standalone-entrypoint.sh"] +CMD ["./standalone-entrypoint.sh"] \ No newline at end of file diff --git a/backend/Dockerfile b/backend/Dockerfile index 5822649461..0bb358ee00 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -9,6 +9,15 @@ RUN apk --update add \ make \ g++ +# install dependencies for TDS driver (required for SAP ASE dynamic secrets) +RUN apk add --no-cache \ + unixodbc \ + freetds \ + unixodbc-dev \ + libc-dev \ + freetds-dev + + COPY package*.json ./ RUN npm ci --only-production @@ -28,6 +37,17 @@ RUN apk --update add \ make \ g++ +# install dependencies for TDS driver (required for SAP ASE dynamic secrets) +RUN apk add --no-cache \ + unixodbc \ + freetds \ + unixodbc-dev \ + libc-dev \ + freetds-dev + + +RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini + RUN npm ci --only-production && npm cache clean --force COPY --from=build /app .