# Dockerfile for socktop webterm # Based on Debian Trixie Slim with all required dependencies FROM debian:trixie-slim # Avoid prompts from apt ENV DEBIAN_FRONTEND=noninteractive # Set environment variables ENV RUST_VERSION=stable ENV CARGO_HOME=/usr/local/cargo ENV RUSTUP_HOME=/usr/local/rustup ENV PATH=/usr/local/cargo/bin:$PATH ENV TERM=xterm-256color # Install system dependencies and security updates RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y \ # Build dependencies build-essential \ pkg-config \ libssl-dev \ # Rust/Cargo (needed to build webterm) curl \ ca-certificates \ # Node.js and npm (for xterm.js) nodejs \ npm \ # Alacritty dependencies cmake \ fontconfig \ libfontconfig1-dev \ libfreetype6-dev \ libxcb-xfixes0-dev \ libxkbcommon-dev \ python3 \ # Runtime dependencies fonts-liberation \ gnupg2 \ wget \ unzip \ git \ # Process management supervisor \ && rm -rf /var/lib/apt/lists/* # Install Rust RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \ sh -s -- -y --default-toolchain ${RUST_VERSION} --profile minimal && \ chmod -R a+w ${RUSTUP_HOME} ${CARGO_HOME} # Install Alacritty RUN cargo install alacritty && \ rm -rf ${CARGO_HOME}/registry ${CARGO_HOME}/git # Download and install FiraCode Nerd Font RUN mkdir -p /usr/share/fonts/truetype/firacode-nerd && \ cd /tmp && \ wget -q https://github.com/ryanoasis/nerd-fonts/releases/download/v3.1.1/FiraCode.zip && \ unzip -q FiraCode.zip -d /usr/share/fonts/truetype/firacode-nerd/ && \ rm FiraCode.zip && \ fc-cache -fv && \ rm -rf /var/lib/apt/lists/* # Add socktop APT repository with GPG key RUN curl -fsSL https://jasonwitty.github.io/socktop/KEY.gpg | \ gpg --dearmor -o /usr/share/keyrings/socktop-archive-keyring.gpg && \ echo "deb [signed-by=/usr/share/keyrings/socktop-archive-keyring.gpg] https://jasonwitty.github.io/socktop stable main" > /etc/apt/sources.list.d/socktop.list && \ apt-get update && \ apt-get install -y socktop socktop-agent && \ rm -rf /var/lib/apt/lists/* # Create application user (if not already exists from package) RUN id -u socktop &>/dev/null || useradd -m -s /bin/bash socktop && \ mkdir -p /home/socktop/.config/alacritty && \ mkdir -p /home/socktop/.config/socktop && \ chown -R socktop:socktop /home/socktop # Set working directory WORKDIR /app # Copy application files COPY --chown=socktop:socktop Cargo.toml Cargo.lock ./ COPY --chown=socktop:socktop src ./src COPY --chown=socktop:socktop templates ./templates COPY --chown=socktop:socktop static ./static COPY --chown=socktop:socktop package.json package-lock.json ./ # Build the Rust application RUN cargo build --release && \ rm -rf target/release/build target/release/deps target/release/incremental && \ strip target/release/webterm-server # Install npm dependencies and copy static files RUN npm ci --only=production && \ cp static/terminado-addon.js node_modules/ && \ cp static/bg.png node_modules/ && \ cp static/styles.css node_modules/ && \ cp static/terminal.js node_modules/ && \ cp static/favicon.png node_modules/ # Copy configuration files from /files directory (will be mounted as volume) # This will be done at runtime via entrypoint script # Copy supervisor configuration COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf # Copy entrypoint and restricted shell scripts COPY docker/entrypoint.sh /entrypoint.sh COPY docker/restricted-shell.sh /usr/local/bin/restricted-shell RUN chmod +x /entrypoint.sh && chmod +x /usr/local/bin/restricted-shell # Expose ports # 8082 - webterm HTTP server # 3001 - socktop agent EXPOSE 8082 3001 # Health check HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://localhost:8082/ || exit 1 # Set entrypoint (runs as root, then switches to socktop user) ENTRYPOINT ["/entrypoint.sh"] # Default command (can be overridden) CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]