I am building a custom openvpn client within a Docker container that is based on a standard node-alpine image.
The (trimmed) docker image looks like:
FROM node:8.4-alpine
MAINTAINER: Dave <redacted#redacted.redacted>
RUN apk add --update --no-cache \
file \
make \
gcc \
g++ \
python \
wget
# install openVPN
RUN wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.gz --no-check-certificate
RUN gunzip openvpn-2.4.3.tar.gz
RUN tar -xvf openvpn-2.4.3.tar
WORKDIR openvpn-2.4.3
RUN ./configure --enable-password-save
RUN make
RUN make install
# ... the rest of the file
When I build this I get an error
configure: WARNING: unrecognized options: --enable-password-save
then the checks continue for a while before failing at
checking whether TUNSETPERSIST is declared... no
configure: error: no tap header could be found
What am I missing?
The warning you got and the error in the configure script are unrelated.
The warning is just indicating the flag you passed is not valid, while the error means you are missing a dependency in your build path.
In this specific case you are missing the tap header. You need to install the linux-headers package.
By the way, you are also missing some other openVPN build dependencies:
openssl-dev
lzo-dev
linux-pam-dev
To summarize, you need to edit the third command of your Dockerfile as follows:
RUN apk add --update --no-cache \
file \
make \
gcc \
g++ \
python \
wget \
linux-headers \
openssl-dev \
lzo-dev \
linux-pam-dev
And you should be good to go
Related
I build a docker container based on alpine linux. I try to send messages to an external kafka broker using the symfony messenger.
This is my messenger config:
messenger:
transports:
de_fadi_criminal_charges_public_criminal_charge_created:
dsn: '%env(KAFKA_DSN)%'
serializer: App\Serializer\Avro\CriminalChargeCreatedSerializer
options:
flushTimeout: 10000
flushRetries: 5
topic:
name: 'de.fadi.criminal_charges.public.criminal_charge_created'
kafka_conf:
security.protocol: 'sasl_ssl'
ssl.ca.location: '%kernel.project_dir%/config/kafka/ca.pem'
sasl.username: '%env(KAFKA_SASL_USERNAME)%'
sasl.password: '%env(KAFKA_SASL_PASSWORD)%'
sasl.mechanism: 'PLAIN'
and these are the relevant lines in my Docker file:
ARG LIBRDKAFKA_GIT_SHA1=1f7417d4796e036b8c19f17373f8290ff5c7561f
RUN apk add --update --no-cache alpine-sdk bash python autoconf openssl \
&& git clone -o ${LIBRDKAFKA_GIT_SHA1} https://github.com/edenhill/librdkafka.git /tmp/librdkafka \
&& cd /tmp/librdkafka/ \
&& ./configure \
&& make \
&& make install
When I check after the build if Open SSL is available I get this:
$ openssl version
OpenSSL 1.1.1l 24 Aug 2021
When I try to send messages to the configured server I get this error message:
Unsupported value "sasl_ssl" for configuration property "security.protocol": OpenSSL not available at build time
All answers I found pointed to the fact that you first have to install openssl, then build rdkafka which I did. What am I missing?
as #dave_thompson_085 pointed out it isn't sufficient to include the openssl library, if you are going to use it to build software
Replacing openssl with openssl-dev did the trick:
RUN apk add --update --no-cache alpine-sdk bash python autoconf openssl-dev \
&& git clone -o ${LIBRDKAFKA_GIT_SHA1} https://github.com/edenhill/librdkafka.git /tmp/librdkafka \
&& cd /tmp/librdkafka/ \
&& ./configure \
&& make \
&& make install
I have try to build docker image using golang:1.14.9-alpine, and i always getting below error for installing thus libraries , what i need to do install thus libraies ?
ERROR: unable to select packages:
liblzma-dev (no such package):
required by: world[liblzma-dev]
libxml-dev (no such package):
required by: world[libxml-dev]
below my docker file
FROM golang:1.14.9-alpine
RUN apk update && apk upgrade \
&& apk --no-cache --update add build-base
RUN apk add --no-cache \
alpine-sdk \
protobuf \
ca-certificates \
curl \
make \
libx11-dev \
libxslt-dev \
libxml2 \
gcc \
g++ \
ca-certificates \
libxml-dev \
liblzma-dev \
libxslt-dev
RUN go get github.com/golang/protobuf/proto#v1.4.3
RUN go get github.com/golang/protobuf/protoc-gen-go#v1.4.3
RUN go get github.com/micro/protoc-gen-micro/v2
RUN export GO111MODULE=on
COPY . .
RUN make build
RUN chmod 765 test-service
I think the package is xz-dev
You can try a multistage build and then copy the required executables to alpine version. It will optimize the build further.
You can try something like this:
# Build Stage
FROM golang:1.14.9 as build
...
# Build here
RUN make build
...
# Release stage
FROM alpine:3.13.5 as release
# Copy only the needed files
COPY --from=build <build output> <exec location>
CMD <exec>
I am trying to install a package in alpine, in this case I specify 'jasper-dev', but it has happened to me with many others. The output I get in the terminal is:
/ # apk add jasper-dev
ERROR: unsatisfiable constraints:
jasper-dev (missing):
required by: world [jasper-dev]
However when I search for the package at https://pkgs.alpinelinux.org/, the package appears.
This is my Dockerfile.
FROM python:3.7-alpine
RUN echo "#testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk --update --no-cache add py3-numpy py3-pandas#testing \
build-base \
openblas-dev \
unzip \
wget \
cmake \
ca-certificates \
libjpeg \
libjpeg-turbo-dev \
libpng-dev \
jasper-dev \
tiff-dev \
libwebp-dev \
clang-dev \
linux-headers
How can I install this package?
I show the version of alpine with cat /etc/alpine-release and see that it is the 3.12.0. Then I search https://pkgs.alpinelinux.org/ for the package jasper-dev in the branch v3.12 and we see that it does not appear.
So we look in previous branches and see that it appears in v3.10, so I modify my Dockerfile to add that repo to /etc/apk/repositories with RUN echo 'http: // dl-cdn. alpinelinux.org/alpine/v3.10/main ' >> /etc/apk/repositories. This will install the package by executing the docker build
When I use curl --head to test my website, it returns the server information.
I followed this tutorial to hide the nginx server header.
But when I run the command yum install nginx-module-security-headers
, it returns yum: not found.
I also tried apk add nginx-module-security-headers, and it shows that the package is missing.
I have used nginx:1.17.6-alpine as my base docker image. Does anyone know how to hide the server from header under this Alpine?
I think I have an easier solution here: https://gist.github.com/hermanbanken/96f0ff298c162a522ddbba44cad31081. Big thanks to hermanbanken on Github for sharing this gist.
The idea is to create a multi stage build with the nginx alpine image to be a base for compiling the module. This turns into the following Dockerfile:
ARG VERSION=alpine
FROM nginx:${VERSION} as builder
ENV MORE_HEADERS_VERSION=0.33
ENV MORE_HEADERS_GITREPO=openresty/headers-more-nginx-module
# Download sources
RUN wget "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O nginx.tar.gz && \
wget "https://github.com/${MORE_HEADERS_GITREPO}/archive/v${MORE_HEADERS_VERSION}.tar.gz" -O extra_module.tar.gz
# For latest build deps, see https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
RUN apk add --no-cache --virtual .build-deps \
gcc \
libc-dev \
make \
openssl-dev \
pcre-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
mercurial \
bash \
alpine-sdk \
findutils
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN rm -rf /usr/src/nginx /usr/src/extra_module && mkdir -p /usr/src/nginx /usr/src/extra_module && \
tar -zxC /usr/src/nginx -f nginx.tar.gz && \
tar -xzC /usr/src/extra_module -f extra_module.tar.gz
WORKDIR /usr/src/nginx/nginx-${NGINX_VERSION}
# Reuse same cli arguments as the nginx:alpine image used to build
RUN CONFARGS=$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p') && \
sh -c "./configure --with-compat $CONFARGS --add-dynamic-module=/usr/src/extra_module/*" && make modules
# Production container starts here
FROM nginx:${VERSION}
COPY --from=builder /usr/src/nginx/nginx-${NGINX_VERSION}/objs/*_module.so /etc/nginx/modules/
.... skipped inserting config files and stuff ...
# Validate the config
RUN nginx -t
Alpine repo probably doesn't have the ngx_security_headers module but, the mentioned tutorial also provides an option of using Headers More module. You should be able to install this module in your alpine distro using the command:
apk add nginx-mod-http-headers-more
Hope it helps.
Source
I found the alternate solution. The reason that it shows binary not compatible is because I have one nginx pre-installed under the target route, and it is not compatible with the header-more module I am using. That means I cannot simply install the third party library from Alpine package.
So I prepare a clean Alpine OS, and follow the GitHub repository to build Nginx from the source with additional feature. The path of build result is the prefix path you specified.
we are trying to host tensorflow object-detection model on GCP.
we have maintain below directory structure before running "gcloud app deploy".
For you convenient I am attaching the configuration files with the question.
Wer are getting deployment error which is mentioned below. Please suggest a solution.
+root
+object_detection/
+slim/
+env
+app.yaml
+Dockerfile
+requirement.txt
+index.html
+test.py
Dockerfile
FROM gcr.io/google-appengine/python
LABEL python_version=python2.7
RUN virtualenv --no-download /env -p python2.7
# Set virtualenv environment variables. This is equivalent to running
# source /env/bin/activate
ENV VIRTUAL_ENV /env
ENV PATH /env/bin:$PATH
# Various Python and C/build deps
RUN apt-get update && apt-get install -y \
wget \
build-essential \
cmake \
git \
unzip \
pkg-config \
python-dev \
python-opencv \
libopencv-dev \
libav-tools \
libjpeg-dev \
libpng-dev \
libtiff-dev \
libjasper-dev \
libgtk2.0-dev \
python-numpy \
python-pycurl \
libatlas-base-dev \
gfortran \
webp \
python-opencv \
qt5-default \
libvtk6-dev \
zlib1g-dev \
protobuf-compiler \
python-pil python-lxml \
python-tk
# Install Open CV - Warning, this takes absolutely forever
ADD requirements.txt /app/
RUN pip install -r requirements.txt
ADD . /app/
RUN protoc /app/object_detection/protos/*.proto --python_out=/app/.
RUN export PYTHONPATH=$PYTHONPATH:`pwd`:`pwd`/app/slim
CMD exec gunicorn -b :$PORT UploadTest:app
requirement.txt
Flask==0.12.2
gunicorn==19.7.1
numpy==1.13.1
requests==0.11.1
bs4==0.0.1
nltk==3.2.1
pymysql==0.7.2
xlsxwriter==0.8.5
Pillow==4.2.1
pytesseract==0.1
opencv-python>=3.0
matplotlib==2.0.2
tensorflow==1.3.0
lxml==4.0.0
app.yaml
runtime: custom
env: flex
entrypoint: gunicorn -b :$PORT UploadTest:app
threadsafe: true
runtime_config:
python_version: 2
After all this i am seeting up the google cloud environment with gcloud init
And then start command gcloud app deploy
I am getting below error while deploying the solution.
Error:
Step 10/12 : RUN protoc /app/object_detection/protos/*.proto --python_out=/app/.
---> Running in 9b3ec9c43c2d
/app/object_detection/protos/anchor_generator.proto: File does not reside within any path specified using --proto_path (or -I). You must specify a --proto_path which encompasses this file. Note that the proto_path must be an exact prefix of the .proto file names -- protoc is too dumb to figure out when two paths (e.g. absolute and relative) are equivalent (it's harder than you think).
The command '/bin/sh -c protoc /app/object_detection/protos/*.proto --python_out=/app/.' returned a non-zero code: 1
ERROR
ERROR: build step "gcr.io/cloud-builders/docker#sha256:a4a83be9b2fb61452e864ecf1bcfca99d1845499ef9500ae2905cea0ea593769" failed: exit status 1
----------------------------------------------------------------------------------------------------------------------------------------------
ERROR: (gcloud.app.deploy) Cloud build failed. Check logs at https://console.cloud.google.com/gcr/builds/4dba3217-b7d6-4341-b28e-09a9dad45c18?
There is a directory "object_detection/protos" present and all necessary files are present there. Still getting deployment error. Please suggest where to change in dockerfile to deploy it successfully.
My assumption: GCP is not able to figure out the path of the protc file. May be I have to alter something in Docketfile. But not able to figure out the solution. Please answer.
NB: This setup is running well in local machine. But not working in GCP