summary refs log tree commit diff
path: root/docker/Dockerfile-workers
diff options
context:
space:
mode:
Diffstat (limited to 'docker/Dockerfile-workers')
-rw-r--r--docker/Dockerfile-workers119
1 files changed, 57 insertions, 62 deletions
diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers

index 2ceb6ab67c..9caf9a6646 100644
--- a/docker/Dockerfile-workers
+++ b/docker/Dockerfile-workers
@@ -1,67 +1,62 @@
 # syntax=docker/dockerfile:1
 
 ARG SYNAPSE_VERSION=latest
-ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION
-
-# first of all, we create a base image with an nginx which we can copy into the
-# target image. For repeated rebuilds, this is much faster than apt installing
-# each time.
-
-FROM docker.io/library/debian:bookworm-slim AS deps_base
-    RUN \
-       --mount=type=cache,target=/var/cache/apt,sharing=locked \
-       --mount=type=cache,target=/var/lib/apt,sharing=locked \
-      apt-get update -qq && \
-      DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \
-          redis-server nginx-light
-
-# Similarly, a base to copy the redis server from.
-#
-# The redis docker image has fewer dynamic libraries than the debian package,
-# which makes it much easier to copy (but we need to make sure we use an image
-# based on the same debian version as the synapse image, to make sure we get
-# the expected version of libc.
-FROM docker.io/library/redis:7-bookworm AS redis_base
+ARG SYNAPSE_IMAGE=docker.io/matrixdotorg/synapse:$SYNAPSE_VERSION
+
+ARG MAS_VERSION=latest
+ARG MAS_IMAGE=ghcr.io/matrix-org/matrix-authentication-service:$MAS_VERSION
+
+ARG REDIS_VERSION=7.4.0
+ARG REDIS_IMAGE=docker.io/library/redis:$REDIS_VERSION-bookworm
+
+ARG NGINX_VERSION=1.26.1
+ARG NGINX_IMAGE=docker.io/library/nginx:$NGINX_VERSION-bookworm
+
+FROM $NGINX_IMAGE AS nginx
+FROM $REDIS_IMAGE AS redis
+FROM $MAS_IMAGE AS mas
 
 # now build the final image, based on the the regular Synapse docker image
-FROM $FROM
-
-    # Install supervisord with pip instead of apt, to avoid installing a second
-    # copy of python.
-    RUN --mount=type=cache,target=/root/.cache/pip \
-        pip install supervisor~=4.2
-    RUN mkdir -p /etc/supervisor/conf.d
-
-    # Copy over redis and nginx
-    COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin
-
-    COPY --from=deps_base /usr/sbin/nginx /usr/sbin
-    COPY --from=deps_base /usr/share/nginx /usr/share/nginx
-    COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx
-    COPY --from=deps_base /etc/nginx /etc/nginx
-    RUN rm /etc/nginx/sites-enabled/default
-    RUN mkdir /var/log/nginx /var/lib/nginx
-    RUN chown www-data /var/lib/nginx
-
-    # have nginx log to stderr/out
-    RUN ln -sf /dev/stdout /var/log/nginx/access.log
-    RUN ln -sf /dev/stderr /var/log/nginx/error.log
-
-    # Copy Synapse worker, nginx and supervisord configuration template files
-    COPY ./docker/conf-workers/* /conf/
-
-    # Copy a script to prefix log lines with the supervisor program name
-    COPY ./docker/prefix-log /usr/local/bin/
-
-    # Expose nginx listener port
-    EXPOSE 8080/tcp
-
-    # A script to read environment variables and create the necessary
-    # files to run the desired worker configuration. Will start supervisord.
-    COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py
-    ENTRYPOINT ["/configure_workers_and_start.py"]
-
-    # Replace the healthcheck with one which checks *all* the workers. The script
-    # is generated by configure_workers_and_start.py.
-    HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
-        CMD /bin/sh /healthcheck.sh
+FROM $SYNAPSE_IMAGE
+
+# Install supervisord with pip instead of apt, to avoid installing a second
+# copy of python.
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip install supervisor~=4.2
+RUN mkdir -p /etc/supervisor/conf.d
+
+# Copy over redis, nginx and matrix-authentication-service
+COPY --from=redis /usr/local/bin/redis-server /usr/local/bin
+
+COPY --from=nginx /usr/sbin/nginx /usr/sbin
+COPY --from=nginx /usr/share/nginx /usr/share/nginx
+COPY --from=nginx /usr/lib/nginx /usr/lib/nginx
+COPY --from=nginx /etc/nginx /etc/nginx
+RUN mkdir /var/log/nginx /var/lib/nginx
+RUN chown www-data /var/lib/nginx
+
+# have nginx log to stderr/out
+RUN ln -sf /dev/stdout /var/log/nginx/access.log
+RUN ln -sf /dev/stderr /var/log/nginx/error.log
+
+COPY --from=mas /usr/local/bin/mas-cli /usr/local/bin
+COPY --from=mas /usr/local/share/mas-cli /usr/local/share
+
+# Copy Synapse worker, nginx and supervisord configuration template files
+COPY ./docker/conf-workers/* /conf/
+
+# Copy a script to prefix log lines with the supervisor program name
+COPY ./docker/prefix-log /usr/local/bin/
+
+# Expose nginx listener port
+EXPOSE 8080/tcp
+
+# A script to read environment variables and create the necessary
+# files to run the desired worker configuration. Will start supervisord.
+COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py
+ENTRYPOINT ["/configure_workers_and_start.py"]
+
+# Replace the healthcheck with one which checks *all* the workers. The script
+# is generated by configure_workers_and_start.py.
+HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
+    CMD /bin/sh /healthcheck.sh
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-07 08:40:00 +0000