我正在尝试减小docker镜像的大小,但是Dockerfile很奇怪。
我连接了RUN命令以减小图像的大小。当我构建下面的Dockerfile时,它仅创建235MB。
FROM nginx:alpine
RUN apk add --no-cache --virtual .build-deps \
gcc \
libc-dev \
make \
openssl \
pcre-dev \
zlib-dev \
linux-headers \
curl \
gnupg \
libxslt-dev \
gd-dev \
perl-dev \
&& apk add --no-cache --virtual .libmodsecurity-deps \
pcre-dev \
libxml2-dev \
git \
libtool \
automake \
autoconf \
g++ \
flex \
bison \
yajl-dev \
git \
# Add runtime dependencies that should not be removed
&& apk add --no-cache \
doxygen \
geoip \
geoip-dev \
yajl \
libstdc++ \
sed \
# Installing ModSec Library version 3
&& echo "Installing ModSec Library" \
&& git clone -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /opt/ModSecurity \
&& cd /opt/ModSecurity \
&& git submodule init \
&& git submodule update \
&& ./build.sh \
&& ./configure && make && make install \
&& echo "Finished Installing ModSec Library" \
# Installing ModSec - Nginx connector
&& cd /opt \
&& echo 'Installing ModSec - Nginx connector' \
&& git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git \
&& wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz \
&& tar zxvf nginx-$NGINX_VERSION.tar.gz \
# Adding Nginx Connector Module
&& cd /opt/nginx-$NGINX_VERSION \
&& ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx \
&& make modules \
&& cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules \
&& echo "Finished Installing ModSec - Nginx connector" \
# Begin installing ModSec OWASP Rules
&& echo "Begin installing ModSec OWASP Rules" \
&& mkdir /etc/nginx/modsec \
&& wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended \
&& mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf \
&& sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf \
# Fetching owasp-modsecurity-crs
&& cd /opt \
&& git clone -b v3.0/master https://github.com/SpiderLabs/owasp-modsecurity-crs \
&& mv owasp-modsecurity-crs/ /usr/local/ \
&& cp /usr/local/owasp-modsecurity-crs/crs-setup.conf.example /usr/local/owasp-modsecurity-crs/crs-setup.conf \
# Creating modsec file
&& echo 'Creating modsec file' \
&& echo -e '# From https://github.com/SpiderLabs/ModSecurity/blob/master/\n \
# modsecurity.conf-recommended\n \
# Edit to set SecRuleEngine On\n \
Include "/etc/nginx/modsec/modsecurity.conf"\n \
# OWASP CRS v3 rules\n \
Include "/usr/local/owasp-modsecurity-crs/crs-setup.conf"\n \
Include "/usr/local/owasp-modsecurity-crs/rules/*.conf"'\
>>/etc/nginx/modsec/main.conf \
&& chown nginx:nginx /etc/nginx/modsec/main.conf \
# Removing old Nginx conf files
&& rm -fr /etc/nginx/conf.d/ \
&& rm -fr /etc/nginx/nginx.conf \
&& chown -R nginx:nginx /usr/share/nginx \
# delete uneeded and clean up
&& apk del .build-deps \
&& apk del .libmodsecurity-deps \
&& rm -fr ModSecurity \
&& rm -fr ModSecurity-nginx \
&& rm -fr nginx-$NGINX_VERSION.tar.gz \
&& rm -fr nginx-$NGINX_VERSION
COPY conf/nginx.conf /etc/nginx
COPY conf/conf.d /etc/nginx/conf.d
COPY errors /usr/share/nginx/errors
WORKDIR /usr/share/nginx/html
CMD nginx -g 'daemon off;'
EXPOSE 80
我已经看到了docker history imagedId,它显示此RUN命令的大小增加了约855MB。有人知道它为什么奇怪吗?
任何想法都会很有帮助,很难每次都调试生成镜像。
最佳答案
我尝试以两种方式进行构建,但发现并没有太大区别。
大部分磁盘空间被/ opt / ModSecurity占用
git克隆后最初是74MB。
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldimage latest 924a8d4f941e 11 minutes ago 867MB
newimage latest d1ca029927c2 About an hour ago 867MB
nginx alpine ebe2c7c61055 6 days ago 18MB
但是,在构建完整版本之后-它已增长到650MB。
$ du -sh *
639.7M ModSecurity
408.0K ModSecurity-nginx
7.5M nginx-1.13.12
996.0K nginx-1.13.12.tar.gz
关于docker - 如果我删除几行代码,Docker镜像大小就会增加,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49868970/