A redis/Containerfile => redis/Containerfile +48 -0
@@ 0,0 1,48 @@
+FROM alpine:3.18
+
+# alpine-sdk: build essentials
+# linux-headers & openssl-dev: redis build dependencies
+# tcl procps: redis test dependencies
+RUN apk --no-cache add \
+ alpine-sdk linux-headers openssl-dev \
+ tcl procps
+RUN wget https://download.redis.io/releases/redis-7.2.1.tar.gz \
+ && tar -xf redis-7.2.1.tar.gz \
+ && cd redis-7.2.1 \
+ && CFLAGS="-DUSE_MALLOC_USABLE_SIZE -O2 -flto=auto" \
+ make USE_JEMALLOC=no MALLOC=libc BUILD_TLS=yes all \
+ && make test \
+ && make install
+
+RUN adduser -Dh/data -s/sbin/nologin -u1000 redis
+
+FROM scratch
+
+COPY --from=0 /usr/local/bin/redis-server /bin/
+COPY --from=0 /etc/ssl /etc/ssl
+COPY --from=0 /lib/libssl.so.* /lib/
+COPY --from=0 /lib/libcrypto.so.* /lib/
+COPY --from=0 /lib/libc.musl-x86_64.so.* /lib/
+COPY --from=0 /lib/ld-musl-x86_64.so.1 /lib/
+
+# Add temporary files to facilitate the remaining steps
+COPY --from=0 /bin/busybox /bin/
+COPY --from=0 /bin/chown /bin/
+COPY --from=0 /bin/mkdir /bin/
+COPY --from=0 /bin/rm /bin/
+COPY --from=0 /bin/sh /bin/
+COPY --from=0 /etc/group /etc/
+COPY --from=0 /etc/passwd /etc/
+
+RUN mkdir /data && chown redis:redis /data
+
+# Clean up temporary files
+RUN rm -f /etc/passwd /etc/group \
+ /bin/busybox /bin/chown /bin/mkdir /bin/rm /bin/sh
+
+USER 1000
+WORKDIR /data
+EXPOSE 6379/tcp
+
+ENTRYPOINT ["/bin/redis-server"]
+CMD ["--daemonize", "no", "--protected-mode", "no"]
D redis/Dockerfile => redis/Dockerfile +0 -9
@@ 1,9 0,0 @@
-FROM alpine:3.18
-
-RUN apk --no-cache add redis ca-certificates doas
-RUN echo "permit nopass root" >> /etc/doas.d/doas.conf
-
-RUN mkdir /data && chown redis:redis /data
-WORKDIR /data
-
-ENTRYPOINT ["/usr/bin/doas", "-u", "redis", "/usr/bin/redis-server", "--protected-mode", "no"]