-
Notifications
You must be signed in to change notification settings - Fork 70
/
Dockerfile
47 lines (41 loc) · 1.37 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
###
# Dockerfile for Unidata Tomcat.
###
FROM tomcat:9.0-jdk11
MAINTAINER Unidata
# Install necessary packages
RUN apt-get update && \
apt-get install -y --no-install-recommends \
gosu \
zip \
unzip \
&& \
# Cleanup
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
# Eliminate default web applications
rm -rf ${CATALINA_HOME}/webapps/* && \
rm -rf ${CATALINA_HOME}/webapps.dist && \
# Obscuring server info
cd ${CATALINA_HOME}/lib && \
mkdir -p org/apache/catalina/util/ && \
unzip -j catalina.jar org/apache/catalina/util/ServerInfo.properties \
-d org/apache/catalina/util/ && \
sed -i 's/server.info=.*/server.info=Apache Tomcat/g' \
org/apache/catalina/util/ServerInfo.properties && \
zip -ur catalina.jar \
org/apache/catalina/util/ServerInfo.properties && \
rm -rf org && cd ${CATALINA_HOME} && \
# Setting restrictive umask container-wide
echo "session optional pam_umask.so" >> /etc/pam.d/common-session && \
sed -i 's/UMASK.*022/UMASK 007/g' /etc/login.defs
# Security enhanced web.xml
COPY web.xml ${CATALINA_HOME}/conf/
# Security enhanced server.xml
COPY server.xml ${CATALINA_HOME}/conf/
# Tomcat start script
COPY start-tomcat.sh ${CATALINA_HOME}/bin
COPY entrypoint.sh /
# Start container
ENTRYPOINT ["/entrypoint.sh"]
CMD ["start-tomcat.sh"]