I build a docker container based on alpine linux. I try to send messages to an external kafka broker using the symfony messenger.
This is my messenger config:
messenger:
transports:
de_fadi_criminal_charges_public_criminal_charge_created:
dsn: '%env(KAFKA_DSN)%'
serializer: App\Serializer\Avro\CriminalChargeCreatedSerializer
options:
flushTimeout: 10000
flushRetries: 5
topic:
name: 'de.fadi.criminal_charges.public.criminal_charge_created'
kafka_conf:
security.protocol: 'sasl_ssl'
ssl.ca.location: '%kernel.project_dir%/config/kafka/ca.pem'
sasl.username: '%env(KAFKA_SASL_USERNAME)%'
sasl.password: '%env(KAFKA_SASL_PASSWORD)%'
sasl.mechanism: 'PLAIN'
and these are the relevant lines in my Docker file:
ARG LIBRDKAFKA_GIT_SHA1=1f7417d4796e036b8c19f17373f8290ff5c7561f
RUN apk add --update --no-cache alpine-sdk bash python autoconf openssl \
&& git clone -o ${LIBRDKAFKA_GIT_SHA1} https://github.com/edenhill/librdkafka.git /tmp/librdkafka \
&& cd /tmp/librdkafka/ \
&& ./configure \
&& make \
&& make install
When I check after the build if Open SSL is available I get this:
$ openssl version
OpenSSL 1.1.1l 24 Aug 2021
When I try to send messages to the configured server I get this error message:
Unsupported value "sasl_ssl" for configuration property "security.protocol": OpenSSL not available at build time
All answers I found pointed to the fact that you first have to install openssl, then build rdkafka which I did. What am I missing?
as #dave_thompson_085 pointed out it isn't sufficient to include the openssl library, if you are going to use it to build software
Replacing openssl with openssl-dev did the trick:
RUN apk add --update --no-cache alpine-sdk bash python autoconf openssl-dev \
&& git clone -o ${LIBRDKAFKA_GIT_SHA1} https://github.com/edenhill/librdkafka.git /tmp/librdkafka \
&& cd /tmp/librdkafka/ \
&& ./configure \
&& make \
&& make install
Related
I have a docker container that has OpenSSL 1.1.1k. I want to upgrade openssl package to openssl-1.1.1l. I try update it in Dockerfile like this:
FROM php:7.4.21-fpm-alpine3.13
RUN apk add --update --no-cache \
openssl
...
But after rebuild my container, openssl version is still 1.1.1k
How can I upgrade openssl version ?
UPD:
Command apk --update list | grep -E ^openssl-1 in my docker container shows me the following:
openssl-1.1.1k-r0 x86_64 {openssl} (OpenSSL) [installed]
openssl-1.1.1s-r0 x86_64 {openssl} (OpenSSL) [upgradable from: openssl-1.1.1k-r0]
openssl-1.0.2u-r0 x86_64 {openssl} (openssl)
Also, my Dockerfile has:
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.8/main' >> /etc/apk/repositories && \
apk add --no-cache libcrypto1.0 libssl1.0 \
But, there are no openssl 1.1.1 packages for alpine 3.8. See
So, my Dockerfile looks like:
FROM php:7.4.21-fpm-alpine3.13
RUN apk add --no-cache --virtual .ext-deps \
nodejs \
npm \
git \
libzip-dev unzip
RUN apk add --update --no-cache \
jpegoptim optipng pngquant gifsicle openssl
# Add openssl dependencies for wkhtmltopdf
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.8/main' >> /etc/apk/repositories && \
apk add --no-cache libcrypto1.0 libssl1.0
What should i do in this case ?
I added the RUN apk update && apk upgrade openssl command to the Dockerfile and rebuilt my container.
When I try to scan docker image with nexus IQ, it flagged Component-Unknown for libraries in openjdk alpine.
usr/lib/jvm/java-1.8-openjdk/jre/lib/charsets.jar
usr/lib/jvm/java-1.8-openjdk/jre/lib/cldrdata.jar
usr/lib/jvm/java-1.8-openjdk/jre/lib/dnsns.jar
My docker file is as follows
FROM alpine:3.14
RUN apk update \
&& apk upgrade \
&& apk add --no-cache openjdk8 dumb-init \
&& rm -rf \
/usr/share/man/* \
/usr/includes/* \
/var/cache/apk/*
Is there other repo I should be getting from to get the proper libraries?
Finding the right package based on a file you know is missing on Alpine is pretty straightforward.
You just need to go to the page https://pkgs.alpinelinux.org/contents and fill in the file name.
Here, filling in the file name charsets.jar is pointing at the fact that you should install the package openjdk8-jre-lib.
Furthermore, mind that the --no-cache flag you are using is already doing update, upgrade and the rm on /var/cache/apk/*.
So, a trimmed working Dockerfile would be
FROM alpine:3.14
RUN apk add --no-cache \
dumb-init \
openjdk8 \
openjdk8-jre-lib \
&& rm -rf \
/usr/includes/* \
/usr/share/man/*
Also mind about the good practice "sort multi-line arguments", applied here.
I faced with range case, when I was try to install some bundle in locally I faced with erro, but when I try install the same bundle in test server everything installed without error. I use docker-compose and install bundle inside in image. docker-copose and other docker file with all dependecies absolutelty the same, all in git.
composer require league/flysystem-bundle
and in locally I faced with that
Using version dev-master for league/flysystem-bundle
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Restricting packages listed in "symfony/symfony" to "5.0.*"
Installation failed, reverting ./composer.json to its original content.
[RuntimeException]
Could not load package ezsystems/ezplatform in http://repo.packagist.org: [
UnexpectedValueException] Could not parse version constraint dev-load-varni
sh-only-when-used as ^2.0#dev: Invalid version string "^2.0#dev"
[UnexpectedValueException]
Could not parse version constraint dev-load-varnish-only-when-used as ^2.0#
dev: Invalid version string "^2.0#dev"
locally composer version Composer version 1.10.11 2020-09-08 16:53:44
and test server
/var/www/symfony # composer require league/flysystem-bundle
Using version dev-master for league/flysystem-bundle
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Restricting packages listed in "symfony/symfony" to "5.0.*"
Prefetching 3 packages 🎶 💨
- Downloading (100%)
Package operations: 3 installs, 0 updates, 0 removals
- Installing league/mime-type-detection (1.4.0): Loading from cache
- Installing league/flysystem (1.x-dev 53f16fd): Loading from cache
- Installing league/flysystem-bundle (dev-master 525845a): Loading from cache
Package easycorp/easy-log-handler is abandoned, you should avoid using it. No replacement was suggested.
Package zendframework/zend-code is abandoned, you should avoid using it. Use laminas/laminas-code instead.
Package zendframework/zend-eventmanager is abandoned, you should avoid using it. Use laminas/laminas-eventmanager instead.
Writing lock file
Generating autoload files
20 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Symfony operations: 1 recipe (c67222ac592a52b7dec1c2cd56763685)
- WARNING league/flysystem-bundle (>=1.0): From github.com/symfony/recipes-contrib:master
The recipe for this package comes from the "contrib" repository, which is open to community contributions.
Review the recipe at https://github.com/symfony/recipes-contrib/tree/master/league/flysystem-bundle/1.0
Do you want to execute this recipe?
[y] Yes
[n] No
[a] Yes for all packages, only for the current installation session
[p] Yes permanently, never ask again for this project
(defaults to n):
ocramius/package-versions: Generating version class...
ocramius/package-versions: ...done generating version class
Executing script cache:clear [OK]
Executing script assets:install public [OK]
test server composer version Composer version 1.10.10 2020-08-03 11:35:19
my dockerfile
FROM alpine:edge
LABEL maintainer="Vincent Composieux <vincent.composieux#gmail.com>"
RUN apk add --update --no-cache \
coreutils \
yarn \
php7-fpm \
php7-apcu \
php7-ctype \
php7-curl \
php7-dom \
php7-gd \
php7-iconv \
php7-imagick \
php7-json \
php7-intl \
php7-mcrypt \
php7-fileinfo\
php7-mbstring \
php7-opcache \
php7-openssl \
php7-pdo \
php7-pdo_mysql \
php7-mysqli \
php7-pdo_pgsql \
php7-pgsql \
php7-xml \
php7-zlib \
php7-phar \
php7-tokenizer \
php7-session \
php7-simplexml \
php7-xdebug \
php7-zip \
php7-xmlwriter \
make \
curl \
zlib-dev \
libxml2-dev \
rabbitmq-c-dev \
oniguruma-dev \
php7-pecl-amqp \
php7-amqp \
php7-redis
RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ php7-pecl-mongodb
RUN echo "$(curl -sS https://composer.github.io/installer.sig) -" > composer-setup.php.sig \
&& curl -sS https://getcomposer.org/installer | tee composer-setup.php | sha384sum -c composer-setup.php.sig \
&& php composer-setup.php && rm composer-setup.php* \
&& chmod +x composer.phar && mv composer.phar /usr/bin/composer
COPY symfony.ini /etc/php7/conf.d/
COPY symfony.ini /etc/php7/cli/conf.d/
COPY xdebug.ini /etc/php7/conf.d/
COPY symfony.pool.conf /etc/php7/php-fpm.d/
CMD ["php-fpm7", "-F"]
WORKDIR /var/www/symfony
EXPOSE 9001
Why in the same time I faced with differnt version composer. Composer installed by the same way, by the same Dockerfile. How to fix this problem ?
I don't belive, how it's possible, this problem don't should be appear when using docker structure.. ?
Looks like composer 1.10.11 is broken. You can switch to 1.10.10 like this:
composer-setup.php --version=1.10.10
Confirmed that error from composer 1.10.11. You should down to composer v1.10.10.
composer self-update 1.10.10
You can use self-update to downgrade composer version
Now you can update your composer version to 1.10.12
In this version you don't have this error.
When I use curl --head to test my website, it returns the server information.
I followed this tutorial to hide the nginx server header.
But when I run the command yum install nginx-module-security-headers
, it returns yum: not found.
I also tried apk add nginx-module-security-headers, and it shows that the package is missing.
I have used nginx:1.17.6-alpine as my base docker image. Does anyone know how to hide the server from header under this Alpine?
I think I have an easier solution here: https://gist.github.com/hermanbanken/96f0ff298c162a522ddbba44cad31081. Big thanks to hermanbanken on Github for sharing this gist.
The idea is to create a multi stage build with the nginx alpine image to be a base for compiling the module. This turns into the following Dockerfile:
ARG VERSION=alpine
FROM nginx:${VERSION} as builder
ENV MORE_HEADERS_VERSION=0.33
ENV MORE_HEADERS_GITREPO=openresty/headers-more-nginx-module
# Download sources
RUN wget "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O nginx.tar.gz && \
wget "https://github.com/${MORE_HEADERS_GITREPO}/archive/v${MORE_HEADERS_VERSION}.tar.gz" -O extra_module.tar.gz
# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
RUN apk add --no-cache --virtual .build-deps \
gcc \
libc-dev \
make \
openssl-dev \
pcre-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
mercurial \
bash \
alpine-sdk \
findutils
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN rm -rf /usr/src/nginx /usr/src/extra_module && mkdir -p /usr/src/nginx /usr/src/extra_module && \
tar -zxC /usr/src/nginx -f nginx.tar.gz && \
tar -xzC /usr/src/extra_module -f extra_module.tar.gz
WORKDIR /usr/src/nginx/nginx-${NGINX_VERSION}
# Reuse same cli arguments as the nginx:alpine image used to build
RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') && \
sh -c "./configure --with-compat $CONFARGS --add-dynamic-module=/usr/src/extra_module/*" && make modules
# Production container starts here
FROM nginx:${VERSION}
COPY --from=builder /usr/src/nginx/nginx-${NGINX_VERSION}/objs/*_module.so /etc/nginx/modules/
.... skipped inserting config files and stuff ...
# Validate the config
RUN nginx -t
Alpine repo probably doesn't have the ngx_security_headers module but, the mentioned tutorial also provides an option of using Headers More module. You should be able to install this module in your alpine distro using the command:
apk add nginx-mod-http-headers-more
Hope it helps.
Source
I found the alternate solution. The reason that it shows binary not compatible is because I have one nginx pre-installed under the target route, and it is not compatible with the header-more module I am using. That means I cannot simply install the third party library from Alpine package.
So I prepare a clean Alpine OS, and follow the GitHub repository to build Nginx from the source with additional feature. The path of build result is the prefix path you specified.
I am building a custom openvpn client within a Docker container that is based on a standard node-alpine image.
The (trimmed) docker image looks like:
FROM node:8.4-alpine
MAINTAINER: Dave <redacted#redacted.redacted>
RUN apk add --update --no-cache \
file \
make \
gcc \
g++ \
python \
wget
# install openVPN
RUN wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.gz --no-check-certificate
RUN gunzip openvpn-2.4.3.tar.gz
RUN tar -xvf openvpn-2.4.3.tar
WORKDIR openvpn-2.4.3
RUN ./configure --enable-password-save
RUN make
RUN make install
# ... the rest of the file
When I build this I get an error
configure: WARNING: unrecognized options: --enable-password-save
then the checks continue for a while before failing at
checking whether TUNSETPERSIST is declared... no
configure: error: no tap header could be found
What am I missing?
The warning you got and the error in the configure script are unrelated.
The warning is just indicating the flag you passed is not valid, while the error means you are missing a dependency in your build path.
In this specific case you are missing the tap header. You need to install the linux-headers package.
By the way, you are also missing some other openVPN build dependencies:
openssl-dev
lzo-dev
linux-pam-dev
To summarize, you need to edit the third command of your Dockerfile as follows:
RUN apk add --update --no-cache \
file \
make \
gcc \
g++ \
python \
wget \
linux-headers \
openssl-dev \
lzo-dev \
linux-pam-dev
And you should be good to go