如果删除几行代码,Docker图像大小会增加
我试图缩小docker图像的大小,但是Dockerfile很奇怪 我连接如果删除几行代码,Docker图像大小会增加,docker,docker-compose,dockerfile,docker-machine,Docker,Docker Compose,Dockerfile,Docker Machine,我试图缩小docker图像的大小,但是Dockerfile很奇怪 我连接RUN命令以减小图像的大小。当我构建下面的Dockerfile时,它只创建235MB FROM nginx:alpine RUN apk add --no-cache --virtual .build-deps \ gcc \ libc-dev \ make \ openssl \ pcre-dev \ zlib-dev \
RUN
命令以减小图像的大小。当我构建下面的Dockerfile时,它只创建235MB
FROM nginx:alpine
RUN apk add --no-cache --virtual .build-deps \
gcc \
libc-dev \
make \
openssl \
pcre-dev \
zlib-dev \
linux-headers \
curl \
gnupg \
libxslt-dev \
gd-dev \
perl-dev \
&& apk add --no-cache --virtual .libmodsecurity-deps \
pcre-dev \
libxml2-dev \
git \
libtool \
automake \
autoconf \
g++ \
flex \
bison \
yajl-dev \
git \
# Add runtime dependencies that should not be removed
&& apk add --no-cache \
doxygen \
geoip \
geoip-dev \
yajl \
libstdc++ \
sed \
# Installing ModSec Library version 3
&& echo "Installing ModSec Library" \
&& git clone -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity /opt/ModSecurity \
&& cd /opt/ModSecurity \
&& git submodule init \
&& git submodule update \
&& ./build.sh \
&& ./configure && make && make install \
&& echo "Finished Installing ModSec Library" \
# Installing ModSec - Nginx connector
&& cd /opt \
&& echo 'Installing ModSec - Nginx connector' \
&& git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git \
&& wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz \
&& tar zxvf nginx-$NGINX_VERSION.tar.gz \
# Adding Nginx Connector Module
&& cd /opt/nginx-$NGINX_VERSION \
&& ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx \
&& make modules \
&& cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules \
&& echo "Finished Installing ModSec - Nginx connector" \
# Begin installing ModSec OWASP Rules
&& echo "Begin installing ModSec OWASP Rules" \
&& mkdir /etc/nginx/modsec \
&& wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended \
&& mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf \
&& sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf \
# Fetching owasp-modsecurity-crs
&& cd /opt \
&& git clone -b v3.0/master https://github.com/SpiderLabs/owasp-modsecurity-crs \
&& mv owasp-modsecurity-crs/ /usr/local/ \
&& cp /usr/local/owasp-modsecurity-crs/crs-setup.conf.example /usr/local/owasp-modsecurity-crs/crs-setup.conf \
# Creating modsec file
&& echo 'Creating modsec file' \
&& echo -e '# From https://github.com/SpiderLabs/ModSecurity/blob/master/\n \
# modsecurity.conf-recommended\n \
# Edit to set SecRuleEngine On\n \
Include "/etc/nginx/modsec/modsecurity.conf"\n \
# OWASP CRS v3 rules\n \
Include "/usr/local/owasp-modsecurity-crs/crs-setup.conf"\n \
Include "/usr/local/owasp-modsecurity-crs/rules/*.conf"'\
>>/etc/nginx/modsec/main.conf \
&& chown nginx:nginx /etc/nginx/modsec/main.conf \
# Removing old Nginx conf files
&& rm -fr /etc/nginx/conf.d/ \
&& rm -fr /etc/nginx/nginx.conf \
&& chown -R nginx:nginx /usr/share/nginx \
# delete uneeded and clean up
&& apk del .build-deps \
&& apk del .libmodsecurity-deps \
&& rm -fr ModSecurity \
&& rm -fr ModSecurity-nginx \
&& rm -fr nginx-$NGINX_VERSION.tar.gz \
&& rm -fr nginx-$NGINX_VERSION
COPY conf/nginx.conf /etc/nginx
COPY conf/conf.d /etc/nginx/conf.d
COPY errors /usr/share/nginx/errors
WORKDIR /usr/share/nginx/html
CMD nginx -g 'daemon off;'
EXPOSE 80
我看过docker历史图像,它显示这个RUN命令的大小增加了855MB左右。有人知道为什么它的行为很奇怪吗
任何想法都会很有帮助,每次构建映像都很难调试。我尝试了两种构建方式,但没有发现太大的差异。
大部分磁盘空间被/opt/ModSecurity占用
最初是git克隆后的74MB
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oldimage latest 924a8d4f941e 11 minutes ago 867MB
newimage latest d1ca029927c2 About an hour ago 867MB
nginx alpine ebe2c7c61055 6 days ago 18MB
但是,在构建完整版本后,它已增长到约650MB
$ du -sh *
639.7M ModSecurity
408.0K ModSecurity-nginx
7.5M nginx-1.13.12
996.0K nginx-1.13.12.tar.gz
您是否在容器内运行du/以检查什么在使用空间?除此之外,多阶段构建()将允许您解耦构建和运行时依赖关系。结果将是更干净的图像,您可能会更容易找到导致空间使用泄漏的原因。@GonzaloMatheu我确实听说过多阶段构建,但在我的例子中,这是重新编译nginx,我需要依赖项以及图像。我想这是我能实现的最好的方法。你现在能试试第一张图片吗?我忘了添加几行,现在更新了第一个docker文件。根据当前docker文件,您有一条删除指令&&rm-fr ModSecurity\这是消耗639.7 MB的目录。这个目录包含源代码和生成输出二进制文件。哇@fly2matrix你让我意识到它应该是
rm-rf/opt/ModSecurity
而不仅仅是rm-rf ModSecurity
。谢谢你,伙计。愚蠢的错误导致了两天的调试。