Updated Unbound to version `1.22.0` and improved Docker setup
parent
89d1889e57
commit
8b055fb30f
|
@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
## [1.22.0]
|
||||||
|
- Updated Unbound to version `1.22.0`
|
||||||
|
- Fixed configuration for local healthcheck record
|
||||||
|
- Added `bootstrap-image.sh` to clean up the `Dockerfile`
|
||||||
|
- Moved the entrypoint definition inline within the `Dockerfile`
|
||||||
|
|
||||||
## [1.21.0]
|
## [1.21.0]
|
||||||
- Updated Unbound to version `1.21.0`
|
- Updated Unbound to version `1.21.0`
|
||||||
|
|
||||||
|
|
28
Dockerfile
28
Dockerfile
|
@ -1,29 +1,11 @@
|
||||||
FROM alpine:3.15.5
|
FROM alpine:3.15.5
|
||||||
|
ARG UNBOUND_VERSION=1.22.0
|
||||||
|
|
||||||
ARG UNBOUND_VERSION=1.21.0
|
COPY bootstrap-image.sh /tmp/
|
||||||
|
RUN sh /tmp/bootstrap-image.sh -x && rm -rf /tmp/*
|
||||||
|
|
||||||
# Install dependencies and build unbound, clean up after
|
|
||||||
RUN apk --update add --no-cache alpine-sdk bison dns-root-hints expat-dev flex git openssl-dev && \
|
|
||||||
# Clone at given tag and build Unbound from source (https://github.com/NLnetLabs/unbound)
|
|
||||||
git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound && \
|
|
||||||
cd /tmp/unbound && \
|
|
||||||
./configure && \
|
|
||||||
make && \
|
|
||||||
make install && \
|
|
||||||
# Clean up build dependencies
|
|
||||||
make clean && \
|
|
||||||
cd /srv && \
|
|
||||||
rm -rf /tmp/* && \
|
|
||||||
apk del alpine-sdk bison expat-dev flex git openssl-dev
|
|
||||||
|
|
||||||
# Prepare image
|
|
||||||
COPY entrypoint.sh /srv/
|
|
||||||
COPY healthcheck.sh /srv/
|
COPY healthcheck.sh /srv/
|
||||||
|
|
||||||
# Prepare unbound
|
|
||||||
RUN addgroup -S unbound && adduser -S -G unbound unbound
|
|
||||||
RUN mkdir -p /srv/unbound/conf
|
|
||||||
COPY unbound.conf /srv/unbound/unbound.conf
|
COPY unbound.conf /srv/unbound/unbound.conf
|
||||||
|
|
||||||
HEALTHCHECK --interval=10s --timeout=1s --retries=1 CMD sh /srv/healthcheck.sh
|
HEALTHCHECK --interval=10s --timeout=1s --retries=1 CMD ["sh", "/srv/healthcheck.sh"]
|
||||||
ENTRYPOINT ["sh", "/srv/entrypoint.sh"]
|
ENTRYPOINT ["sh", "-c", "unbound -V && unbound -c /srv/unbound/unbound.conf -d"]
|
||||||
|
|
|
@ -6,4 +6,4 @@ When starting a container, `cap_add` `NET_ADMIN` might be needed to allow the in
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
- Add additional config files to the `/srv/unbound/conf` container directory
|
- Add additional config files to the `/srv/unbound/conf` container directory
|
||||||
- Override the default config by mounting a `/srv/unbound/unbound.conf` file
|
- Override the default config by mounting a `/srv/unbound/unbound.conf` file
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Refuse to run without -x
|
||||||
|
if [ "$1" != "-x" ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Upgrade packages & install dependencies
|
||||||
|
apk --no-cache update && apk --no-cache upgrade
|
||||||
|
apk --no-cache add alpine-sdk bison dns-root-hints expat-dev flex git openssl-dev
|
||||||
|
|
||||||
|
# Clone Unbound source at given tag
|
||||||
|
git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound
|
||||||
|
cd /tmp/unbound
|
||||||
|
|
||||||
|
# Build Unbound
|
||||||
|
sh configure
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
|
||||||
|
# Clean up dependencies
|
||||||
|
make clean
|
||||||
|
apk --purge del -r alpine-sdk bison expat-dev flex git openssl-dev
|
||||||
|
|
||||||
|
# Prepare Unbound
|
||||||
|
addgroup -S unbound
|
||||||
|
adduser -S -G unbound unbound
|
||||||
|
mkdir -p /srv/unbound/conf
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
echo 'Starting unbound...'
|
|
||||||
unbound -V
|
|
||||||
unbound -c /srv/unbound/unbound.conf -d
|
|
|
@ -59,5 +59,5 @@ server:
|
||||||
access-control: 0.0.0.0/0 allow
|
access-control: 0.0.0.0/0 allow
|
||||||
|
|
||||||
# Record used for container healthcheck
|
# Record used for container healthcheck
|
||||||
local-zone: "healthrecord.unbound" nodefault
|
local-zone: "healthcheck.unbound" nodefault
|
||||||
local-data: "healthcheck.unbound. A 127.0.0.1"
|
local-data: "healthcheck.unbound. A 127.0.0.1"
|
Loading…
Reference in New Issue