Dockerfile.app-root

# syntax=docker/dockerfile:1.4
#
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM ghcr.io/gchux/cloud-run-ssh:ubuntu-latest-v1.2.0

ARG DEBIAN_FRONTEND=noninteractive

ARG CONTENT_FLAVOR=app

ARG APP_PORT="8080"
ARG WEB_PORT="8022"

ARG SSH_USER="root"
ARG SSH_PASS="pass"
ARG PASSWORD_ACCESS="true"
ARG SUDO_ACCESS="true"

ARG GCSFUSE_VERSION=2.7.0
ARG GOST_VERSION=3.0.0
ARG YQ_VERSION=4.45.1
ARG DOCKER_VERSION=28.0.1
ARG CREDS_HELPER_VERSION=2.1.25

LABEL "DOCKER_VERSION"="${DOCKER_VERSION}"

ENV SSH_CONTENT_FLAVOR=${CONTENT_FLAVOR}

ENV SSH_USER_NAME=${SSH_USER}
ENV USER_PASSWORD=${SSH_PASS}

ENV WEBSSH_PORT=${WEB_PORT}
ENV WEBAPP_PORT=${APP_PORT}

ENV PASSWORD_ACCESS=${PASSWORD_ACCESS}
ENV SUDO_ACCESS=${SUDO_ACCESS}
ENV LOG_STDOUT=true
ENV SSH_PORT=2222

ENV PUID=0
ENV PGID=0

USER 0:0

COPY ./webssh /webssh
COPY ./init/svc ./init/nginx ./init/wssh ./init/dockerd /bin/init/
COPY ./conf/app.conf /svc.conf
COPY ./nginx/app.conf /nginx.conf.template
COPY ./keys/*.pub /pubkeys/
COPY ./cloud_run_ssh_banner ./keys/authorized_keys* /

COPY ./ssh_proxy_client.yaml /ssh_proxy_client.yaml
COPY ./poll_ssh_proxy_server /usr/local/bin/poll_ssh_proxy_server

COPY ./scripts/gcurl /usr/local/bin/gcurl
COPY ./scripts/gidcurl /usr/local/bin/gidcurl

COPY ./catalogs/commands.json /webssh/webssh/static/json/commands.json

RUN apt-get -qq update > /dev/null \
    && apt-get -qq -yy install --no-install-recommends \
    bash gettext dpkg vim net-tools iputils-ping dnsutils iproute2 iptables nginx \
    openssl curl wget tmux git bc traceroute tcptraceroute tcpdump jq telnet \
    mtr nmap redis python3 python3-pip strace fuse3 fuse-overlayfs > /dev/null \
    && apt-get -qq clean > /dev/null

RUN wget -nv -q -P /usr/bin 'http://www.vdberg.org/~richard/tcpping' \
    && chmod a+rx /usr/bin/tcpping

RUN python3 -m pip config --user set global.progress_bar off \
    && python3 -m pip install --break-system-packages --no-cache-dir --quiet supervisor httpie /webssh

RUN curl -o /gcsfuse.deb -L \
    https://github.com/GoogleCloudPlatform/gcsfuse/releases/download/v${GCSFUSE_VERSION}/gcsfuse_${GCSFUSE_VERSION}_amd64.deb \
    && dpkg -i --force-all /gcsfuse.deb && rm -vf /gcsfuse.deb

RUN curl -sL -o yq \
    https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 \
    && chmod +x /yq && ln -s /yq /usr/local/bin/yq

RUN curl -sL -o gost.tar.gz \
    https://github.com/go-gost/gost/releases/download/v${GOST_VERSION}/gost_${GOST_VERSION}_linux_amd64.tar.gz \
    && tar -xzf gost.tar.gz && chmod +x gost && rm -vf gost.tar.gz

RUN echo "root:${USER_PASSWORD}" | chpasswd

RUN curl -sL -o docker.tgz \
    https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
    && tar -xzf docker.tgz && cp -vf docker/* /usr/bin/ && rm -rvf docker && rm -vf docker.tgz

RUN curl -fsSL \
    https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${CREDS_HELPER_VERSION}/docker-credential-gcr_linux_amd64-${CREDS_HELPER_VERSION}.tar.gz \
    | tar xz docker-credential-gcr && chmod +x docker-credential-gcr && mv docker-credential-gcr /usr/bin/

RUN echo "${WEBSSH_PORT}" > /webssh.port \
    && echo "${WEBAPP_PORT}" > /webapp.port \
    && chsh -s /bin/bash root \
    && mkdir -pv /dl/

COPY ./tmp/app /app
COPY ./tmp/app.json /app/.app.json
COPY ./tmp/start_app /app/_
COPY ./scripts/start_app /usr/local/bin/start_app

CMD ["exec", "env", "/bin/init/svc"]