… except OpenSSL, which is the reason we’re here
echo 'Package: openssl libssl*'; \
echo "Pin: version $OPENSSL_VERSION"; \
echo 'Pin-Priority: 990'; \
} > /etc/apt/preferences.d/stretch-openssl; \
fi; \
apt-get update; \
apt-get install -y --no-install-recommends openssl="$OPENSSL_VERSION"; \
rm -rf /var/lib/apt/lists/*; \
fi
RUN apt-get update && apt-get install -y --no-install-recommends
libapr1
&& rm -rf /var/lib/apt/lists/*
see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
see also “update.sh” (https://github.com/docker-library/tomcat/blob/master/update.sh)
ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
ENV TOMCAT_MAJOR 8
ENV TOMCAT_VERSION 8.0.50
ENV TOMCAT_SHA1 ec66581d322a8ef58e3988fc72e2c076968f3e2e
ENV TOMCAT_TGZ_URLS \
https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz \
if the version is outdated, we might have to pull from the dist/archive 😕
https://www-us.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz \
https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz \
https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz
ENV TOMCAT_ASC_URLS
https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat-
T
O
M
C
A
T
M
A
J
O
R
/
v
TOMCAT_MAJOR/v
TOMCATMAJOR/vTOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc \
not all the mirrors actually carry the .asc files 😢
https://www-us.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc \
https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc \
https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc
RUN set -eux;
savedAptMark=“
(
a
p
t
−
m
a
r
k
s
h
o
w
m
a
n
u
a
l
)
"
;
a
p
t
−
g
e
t
u
p
d
a
t
e
;
a
p
t
−
g
e
t
i
n
s
t
a
l
l
−
y
−
−
n
o
−
i
n
s
t
a
l
l
−
r
e
c
o
m
m
e
n
d
s
g
n
u
p
g
d
i
r
m
n
g
r
;
e
x
p
o
r
t
G
N
U
P
G
H
O
M
E
=
"
(apt-mark showmanual)"; \ apt-get update; \ \ apt-get install -y --no-install-recommends gnupg dirmngr; \ \ export GNUPGHOME="
(apt−markshowmanual)"; apt−getupdate; apt−getinstall−y−−no−install−recommendsgnupgdirmngr; exportGNUPGHOME="(mktemp -d)”;
for key in
G
P
G
K
E
Y
S
;
d
o
g
p
g
−
−
k
e
y
s
e
r
v
e
r
h
a
.
p
o
o
l
.
s
k
s
−
k
e
y
s
e
r
v
e
r
s
.
n
e
t
−
−
r
e
c
v
−
k
e
y
s
"
GPG_KEYS; do \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "
GPGKEYS;do gpg−−keyserverha.pool.sks−keyservers.net−−recv−keys"key";
done;
apt-get install -y --no-install-recommends wget ca-certificates;
success=;
for url in
T
O
M
C
A
T
T
G
Z
U
R
L
S
;
d
o
i
f
w
g
e
t
−
O
t
o
m
c
a
t
.
t
a
r
.
g
z
"
TOMCAT_TGZ_URLS; do \ if wget -O tomcat.tar.gz "
TOMCATTGZURLS;do ifwget−Otomcat.tar.gz"url"; then
success=1;
break;
fi;
done;
[ -n “
s
u
c
c
e
s
s
"
]
;
e
c
h
o
"
success" ]; \ \ echo "
success"]; echo"TOMCAT_SHA1 *tomcat.tar.gz” | sha1sum -c -;
success=;
for url in
T
O
M
C
A
T
A
S
C
U
R
L
S
;
d
o
i
f
w
g
e
t
−
O
t
o
m
c
a
t
.
t
a
r
.
g
z
.
a
s
c
"
TOMCAT_ASC_URLS; do \ if wget -O tomcat.tar.gz.asc "
TOMCATASCURLS;do ifwget−Otomcat.tar.gz.asc"url"; then
success=1;
break;
fi;
done;
[ -n “
s
u
c
c
e
s
s
"
]
;
g
p
g
−
−
b
a
t
c
h
−
−
v
e
r
i
f
y
t
o
m
c
a
t
.
t
a
r
.
g
z
.
a
s
c
t
o
m
c
a
t
.
t
a
r
.
g
z
;
t
a
r
−
x
v
f
t
o
m
c
a
t
.
t
a
r
.
g
z
−
−
s
t
r
i
p
−
c
o
m
p
o
n
e
n
t
s
=
1
;
r
m
b
i
n
/
∗
.
b
a
t
;
r
m
t
o
m
c
a
t
.
t
a
r
.
g
z
∗
;
r
m
−
r
f
"
success" ]; \ \ gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ tar -xvf tomcat.tar.gz --strip-components=1; \ rm bin/*.bat; \ rm tomcat.tar.gz*; \ rm -rf "
success"]; gpg−−batch−−verifytomcat.tar.gz.asctomcat.tar.gz; tar−xvftomcat.tar.gz−−strip−components=1; rmbin/∗.bat; rmtomcat.tar.gz∗; rm−rf"GNUPGHOME”;
nativeBuildDir=“
(
m
k
t
e
m
p
−
d
)
"
;
t
a
r
−
x
v
f
b
i
n
/
t
o
m
c
a
t
−
n
a
t
i
v
e
.
t
a
r
.
g
z
−
C
"
(mktemp -d)"; \ tar -xvf bin/tomcat-native.tar.gz -C "
(mktemp−d)"; tar−xvfbin/tomcat−native.tar.gz−C"nativeBuildDir” --strip-components=1;
apt-get install -y --no-install-recommends
dpkg-dev
gcc
libapr1-dev
libssl-dev
make
“openjdk-KaTeX parse error: Expected '}', got 'EOF' at end of input: …%[.~bu-]*}-jdk=JAVA_DEBIAN_VERSION”
;
(
export CATALINA_HOME=“
P
W
D
"
;
c
d
"
PWD"; \ cd "
PWD"; cd"nativeBuildDir/native”;
gnuArch=“
(
d
p
k
g
−
a
r
c
h
i
t
e
c
t
u
r
e
−
−
q
u
e
r
y
D
E
B
B
U
I
L
D
G
N
U
T
Y
P
E
)
"
;
.
/
c
o
n
f
i
g
u
r
e
−
−
b
u
i
l
d
=
"
(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ ./configure \ --build="
(dpkg−architecture−−queryDEBBUILDGNUTYPE)"; ./configure −−build="gnuArch”
–libdir=“
T
O
M
C
A
T
N
A
T
I
V
E
L
I
B
D
I
R
"
−
−
p
r
e
f
i
x
=
"
TOMCAT_NATIVE_LIBDIR" \ --prefix="
TOMCATNATIVELIBDIR" −−prefix="CATALINA_HOME”
–with-apr=“
(
w
h
i
c
h
a
p
r
−
1
−
c
o
n
f
i
g
)
"
−
−
w
i
t
h
−
j
a
v
a
−
h
o
m
e
=
"
(which apr-1-config)" \ --with-java-home="
(whichapr−1−config)" −−with−java−home="(docker-java-home)”
–with-ssl=yes;
make -j “
(
n
p
r
o
c
)
"
;
m
a
k
e
i
n
s
t
a
l
l
;
)
;
r
m
−
r
f
"
(nproc)"; \ make install; \ ); \ rm -rf "
(nproc)"; makeinstall; ); rm−rf"nativeBuildDir”;
rm bin/tomcat-native.tar.gz;
\
reset apt-mark’s “manual” list so that “purge --auto-remove” will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*; \
\
sh removes env vars it doesn’t support (ones with periods)
https://github.com/docker-library/tomcat/issues/77
find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +
verify Tomcat Native is working properly
RUN set -e
&& nativeLines="KaTeX parse error: Expected 'EOF', got '&' at position 27: …h configtest 2>&̲1)" \ && nativ…(echo "KaTeX parse error: Expected 'EOF', got '&' at position 49: …t Native')" \ &̲& nativeLines="(echo “KaTeX parse error: Expected 'EOF', got '&' at position 29: …| sort -u)" \ &̲& if ! echo "nativeLines” | grep ‘INFO: Loaded APR based Apache Tomcat Native library’ >&2; then
echo >&2 "KaTeX parse error: Expected 'EOF', got '&' at position 39: …1; \ fi \ &̲& sed -i "107c …"1 \n echo “2” \n echo “3” \n if [ "$“3 == 1 ] \n then \n echo “1” \n sed -i ‘135,138d’ /usr/local/tomcat/conf/server.xml \n echo “2” \n else \n echo “3” \n fi” /usr/local/tomcat/bin/catalina.sh
this step can be cancel until this dockerfile is done
#RUN apt-get update && apt-get install -y \
vim \
&& rm -rf /var/lib/apt/lists/*
#EXPOSE 8080
#CMD [“catalina.sh”, “run”]
#MAINTAINER admin admin@domain.com
ENTRYPOINT [“catalina.sh”,“run”]
将dockerfile生成镜像tomcat:wave1.0
启动时:
docker run -it --name mdhtomcat -d -p 80:8080 tomcat:wave1.0 :默认走catalina.sh命令;默认访问日志开启;
docker run -it --name mdhtomcat -d -p 80:8080 tomcat:wave1.0 catalina.sh 1 :通过传参1,告诉catalina.sh 修改server.xml,该容器不开启访问日志。
3.注意点
ENTRYPOINT和CMD的区别;
sed中如果需要传送特殊字符($),需要用 [“”]括住。
往\*.sh文件中插入语句时,如果需要使用换行符,则用:[ \n ]
shell中 if 的判断中[ 空格 a == b 空格 ],其中 == 用于数值,-eq 用于字符串
4.附录一些docker的基本命令
[docker build -t tomcat:wave1.0 . ]
[docker run -it --name mdhtomcat -d -p 80:8080 tomcat:wave1.0]
[docker exec -it mdhtomcat bash ]
[exit]
[docker container stop mdhtomcat]
[docker image ls]
[docker ps -a ]
[docker rm 容器号]
[docker rmi 镜像号]
-------------------------------------------------------------------------------------------------------------------------
commit定制Docker镜像:
docker commit \
--author "作者" \
--message "信息" \
mdhtomcat \
tomcat:wave2.0