Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/docker/9.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如果删除几行代码,Docker图像大小会增加_Docker_Docker Compose_Dockerfile_Docker Machine - Fatal编程技术网
Fatal编程技术网
  • docker/
  • 如果删除几行代码,Docker图像大小会增加

如果删除几行代码,Docker图像大小会增加

docker docker-compose

如果删除几行代码,Docker图像大小会增加,docker,docker-compose,dockerfile,docker-machine,Docker,Docker Compose,Dockerfile,Docker Machine,我试图缩小docker图像的大小,但是Dockerfile很奇怪 我连接RUN命令以减小图像的大小。当我构建下面的Dockerfile时,它只创建235MB FROM nginx:alpine RUN apk add --no-cache --virtual .build-deps \ gcc \ libc-dev \ make \ openssl \ pcre-dev \ zlib-dev \

我试图缩小docker图像的大小,但是Dockerfile很奇怪

我连接
RUN
命令以减小图像的大小。当我构建下面的Dockerfile时,它只创建235MB

FROM nginx:alpine

RUN apk add --no-cache --virtual .build-deps \
        gcc \
        libc-dev \
        make \
        openssl \
        pcre-dev \
        zlib-dev \
        linux-headers \
        curl \
        gnupg \
        libxslt-dev \
        gd-dev \
        perl-dev \
    && apk add --no-cache --virtual .libmodsecurity-deps \
        pcre-dev \
        libxml2-dev \
        git \
        libtool \
        automake \
        autoconf \
        g++ \
        flex \
        bison \
        yajl-dev \
        git \
    # Add runtime dependencies that should not be removed
    && apk add --no-cache \
        doxygen \
        geoip \
        geoip-dev \
        yajl \
        libstdc++ \
        sed \
    # Installing ModSec Library version 3
    && echo "Installing ModSec Library" \
    && git clone -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /opt/ModSecurity \
    && cd /opt/ModSecurity \
    && git submodule init \
    && git submodule update \
    && ./build.sh \
    && ./configure && make && make install \
    && echo "Finished Installing ModSec Library" \
    # Installing ModSec - Nginx connector
    && cd /opt \
    && echo 'Installing ModSec - Nginx connector' \
    && git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git \
    && wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz \
    && tar zxvf nginx-$NGINX_VERSION.tar.gz \
    # Adding Nginx Connector Module
    && cd /opt/nginx-$NGINX_VERSION \ 
    && ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx \
    && make modules \
    && cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules \
    && echo "Finished Installing ModSec - Nginx connector" \
    # Begin installing ModSec OWASP Rules
    && echo "Begin installing ModSec OWASP Rules" \
    && mkdir /etc/nginx/modsec \
    && wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended \
    && mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf \
    && sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf \
    # Fetching owasp-modsecurity-crs
    && cd /opt \
    && git clone -b v3.0/master https://github.com/SpiderLabs/owasp-modsecurity-crs \
    && mv owasp-modsecurity-crs/ /usr/local/ \
    && cp /usr/local/owasp-modsecurity-crs/crs-setup.conf.example /usr/local/owasp-modsecurity-crs/crs-setup.conf \
    # Creating modsec file
    && echo 'Creating modsec file' \
    && echo -e '# From https://github.com/SpiderLabs/ModSecurity/blob/master/\n \
      # modsecurity.conf-recommended\n \
      # Edit to set SecRuleEngine On\n \
      Include "/etc/nginx/modsec/modsecurity.conf"\n \
      # OWASP CRS v3 rules\n \
      Include "/usr/local/owasp-modsecurity-crs/crs-setup.conf"\n \
      Include "/usr/local/owasp-modsecurity-crs/rules/*.conf"'\
      >>/etc/nginx/modsec/main.conf \
    && chown nginx:nginx /etc/nginx/modsec/main.conf \
    # Removing old Nginx conf files
    && rm -fr /etc/nginx/conf.d/ \
    && rm -fr /etc/nginx/nginx.conf \
    && chown -R nginx:nginx /usr/share/nginx \
    # delete uneeded and clean up
    && apk del .build-deps \
    && apk del .libmodsecurity-deps \
    && rm -fr ModSecurity \
    && rm -fr ModSecurity-nginx \
    && rm -fr nginx-$NGINX_VERSION.tar.gz \
    && rm -fr nginx-$NGINX_VERSION

COPY conf/nginx.conf /etc/nginx
COPY conf/conf.d /etc/nginx/conf.d
COPY errors /usr/share/nginx/errors

WORKDIR /usr/share/nginx/html

CMD nginx -g 'daemon off;'

EXPOSE 80
我看过docker历史图像,它显示这个RUN命令的大小增加了855MB左右。有人知道为什么它的行为很奇怪吗

任何想法都会很有帮助,每次构建映像都很难调试。

我尝试了两种构建方式,但没有发现太大的差异。
大部分磁盘空间被/opt/ModSecurity占用
最初是git克隆后的74MB

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
oldimage            latest              924a8d4f941e        11 minutes ago      867MB
newimage            latest              d1ca029927c2        About an hour ago   867MB
nginx               alpine              ebe2c7c61055        6 days ago          18MB
但是,在构建完整版本后,它已增长到约650MB

$ du -sh *
639.7M  ModSecurity
408.0K  ModSecurity-nginx
7.5M    nginx-1.13.12
996.0K  nginx-1.13.12.tar.gz
您是否在容器内运行du/以检查什么在使用空间?除此之外,多阶段构建()将允许您解耦构建和运行时依赖关系。结果将是更干净的图像,您可能会更容易找到导致空间使用泄漏的原因。@GonzaloMatheu我确实听说过多阶段构建,但在我的例子中,这是重新编译nginx,我需要依赖项以及图像。我想这是我能实现的最好的方法。你现在能试试第一张图片吗?我忘了添加几行,现在更新了第一个docker文件。根据当前docker文件,您有一条删除指令&&rm-fr ModSecurity\这是消耗639.7 MB的目录。这个目录包含源代码和生成输出二进制文件。哇@fly2matrix你让我意识到它应该是
rm-rf/opt/ModSecurity
而不仅仅是
rm-rf ModSecurity
。谢谢你,伙计。愚蠢的错误导致了两天的调试。