-
Notifications
You must be signed in to change notification settings - Fork 7
/
Dockerfile
136 lines (115 loc) · 4.61 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
FROM debian:bullseye-slim AS builder
ARG NFDUMP_VERSION=1.6.23
ARG NFSEN_VERSION=1.3.8
ARG TIMEZONE=UTC
ARG VERSION=1.0.0
ARG BUILD_ID=0000000
ENV DEBIANFRONTEND=noninteractive
ENV NFDUMP_VERSION=${NFDUMP_VERSION}
ENV NFSEN_VERSION=${NFSEN_VERSION}
ENV TIMEZONE=${TIMEZONE}
ENV VERSION=${VERSION}
ENV BUILD_ID=${BUILD_ID}
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections \
&& apt-get update -qq \
&& apt-get install --no-install-recommends --no-install-suggests -y \
autoconf \
autogen \
automake \
bison \
build-essential \
ca-certificates \
flex \
libbz2-dev \
librrd-dev \
libtool \
m4 \
pkg-config \
wget
WORKDIR /artifacts
# Bellow are nfdump configure options:
#
# --prefix - Install files in PREFIX/bin, PREFIX/lib, etc.
# --enable-nfprofile - Build nfprofile used by NfSen.
# --enable-nftrack - Build nftrack used by PortTracker.
# --enable-sflow - Build sflow collector sfcpad.
#
RUN wget -O nfdump.tar.gz https://github.com/phaag/nfdump/archive/refs/tags/v${NFDUMP_VERSION}.tar.gz \
&& tar -xzf nfdump.tar.gz \
&& cd nfdump-${NFDUMP_VERSION} \
&& bash autogen.sh \
&& mkdir -p /artifacts/nfdump \
&& ./configure \
--prefix=/artifacts/nfdump \
--enable-nfprofile \
--enable-nftrack \
--enable-sflow \
&& make \
&& make install
ADD nfsen.conf /artifacts/nfsen.conf
ADD entrypoint.sh /artifacts/entrypoint.sh
ADD healthcheck.sh /artifacts/healthcheck.sh
WORKDIR /artifacts
RUN wget -O nfsen.tar.gz http://sourceforge.net/projects/nfsen/files/stable/nfsen-${NFSEN_VERSION}/nfsen-${NFSEN_VERSION}.tar.gz \
&& tar -xzf nfsen.tar.gz \
&& mv nfsen-${NFSEN_VERSION} nfsen \
&& sed -i -re "s|rrd_version < 1.6|rrd_version < 1.8|g" nfsen/libexec/NfSenRRD.pm \
&& mv /artifacts/nfsen.conf /artifacts/nfsen/etc/nfsen.conf
FROM debian:bullseye-slim
ARG TIMEZONE=UTC
ARG VERSION=1.0.0
ARG BUILD_ID=0000000
LABEL org.opencontainers.image.authors="Serghei Iakovlev <[email protected]>" \
org.opencontainers.image.description="Slimmed-down Netflow collector and local processing Docker image" \
org.opencontainers.image.source="https://github.com/sergeyklay/docker-netflow" \
org.opencontainers.image.version=$VERSION \
org.opencontainers.image.revision=$BUILD_ID
# Copy artifacts
COPY --from=builder /artifacts/nfdump/ /usr/local
COPY --from=builder /artifacts/nfsen /build/nfsen
# start script
COPY --from=builder /artifacts/entrypoint.sh /entrypoint.sh
# healthcheck script
COPY --from=builder /artifacts/healthcheck.sh /healthcheck.sh
HEALTHCHECK --interval=1m --timeout=5s CMD /healthcheck.sh
RUN ln -snf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime \
&& echo "$TIMEZONE" > /etc/timezone \
&& echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections \
&& apt-get update -qq \
&& apt-get install --no-install-recommends --no-install-suggests -y \
libmailtools-perl \
librrds-perl \
libsocket6-perl \
lighttpd \
php-cgi \
&& lighttpd-enable-mod fastcgi-php \
&& sed -i -re 's|^server.document-root[ ]+=.*|server.document-root = "/var/www/nfsen"|g' /etc/lighttpd/lighttpd.conf \
&& sed -i -re 's|^server.errorlog[ ]+=.*|server.errorlog = "/dev/stdout"|g' /etc/lighttpd/lighttpd.conf \
&& sed -i -re 's|^index-file.names[ ]+=.*|index-file.names = ( "nfsen.php" )|g' /etc/lighttpd/lighttpd.conf \
&& sed -i -re 's|^server.pid-file[ ]+=.*|server.pid-file = "/run/lighttpd/lighttpd.pid"|g' /etc/lighttpd/lighttpd.conf \
&& sed -i -re 's|"socket"[ ]+=>.*|"socket" => "/run/lighttpd/php.socket",|g' /etc/lighttpd/conf-enabled/15-fastcgi-php.conf \
&& mkdir -p /var/www /opt/nfsen /build/nfsen \
&& cd /build/nfsen \
&& ldconfig \
&& echo | ./install.pl ./etc/nfsen.conf || true \
&& chmod +x /entrypoint.sh \
&& rm -rf /var/www/html \
&& rm -f /etc/lighttpd/conf-enabled/99-unconfigured.conf \
&& rm -rf /build \
&& apt-get autoremove -y >/dev/null 2>&1 || true \
&& apt-get clean -y >/dev/null 2>&1 || true \
&& apt-get autoclean -y >/dev/null 2>&1 || true \
&& rm -rf /tmp/* /var/tmp/* \
&& find /var/cache/apt/archives /var/lib/apt/lists -not -name lock -type f -delete \
&& find /var/cache -type f -delete \
&& find /var/log -type f | while read -r f; do echo -ne '' > "${f}" >/dev/null 2>&1 || true; done
# HTTP server
EXPOSE 80
# NetFlow
EXPOSE 2055/udp
# IPFIX
EXPOSE 4739/udp
# sFlow
EXPOSE 6343/udp
ENTRYPOINT ["/entrypoint.sh"]
CMD ["lighttpd", "-D", "-f", "/etc/lighttpd/lighttpd.conf", "2>&1"]