mirror/rustnet
1
0
Fork 0
mirror of https://github.com/domcyrus/rustnet.git synced 2025-12-30 18:39:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
eca0e6000d960dcea6618a96a532c3cb3afce53a
rustnet/Dockerfile
Marco Cadetg 9ead15f3ed do not use CMD --help
2025-09-11 08:35:10 +02:00

67 lines
2.2 KiB
Docker
Raw Blame History

# Multi-stage Docker build for RustNet
FROM rust:1.89-slim AS builder
# Install build dependencies
RUN apt-get update && apt-get install -y \
libpcap-dev \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# Set working directory
WORKDIR /app
# Copy Cargo files first for better caching
COPY Cargo.toml Cargo.lock ./
# Copy source code
COPY src ./src
COPY assets/services ./assets/services
# Build the application in release mode
RUN cargo build --release
# Runtime stage - use trixie-slim to match GLIBC version from builder
FROM debian:trixie-slim
# Install runtime dependencies
RUN apt-get update && apt-get install -y \
libpcap0.8 \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Create a non-root user for general security practices
# Note: While this follows Docker security best practices, RustNet requires elevated
# privileges for packet capture (NET_RAW/NET_ADMIN capabilities or root access).
# The container will need to be run with --cap-add=NET_RAW --cap-add=NET_ADMIN
# or --privileged flag to function properly for network monitoring.
RUN useradd -r -s /bin/false rustnet
# Set working directory
WORKDIR /app
# Copy the binary from builder stage
COPY --from=builder /app/target/release/rustnet /usr/local/bin/rustnet
# Copy assets/services only
COPY --from=builder /app/assets/services ./assets/services
# Create logs directory
RUN mkdir -p /app/logs && chown rustnet:rustnet /app/logs
# Set executable permissions
RUN chmod +x /usr/local/bin/rustnet
# Expose no ports by default (rustnet is for monitoring, not serving)
# Network access is handled via host networking or packet capture capabilities
# Add labels for better image metadata
LABEL org.opencontainers.image.title="RustNet"
LABEL org.opencontainers.image.description="A cross-platform network monitoring tool with deep packet inspection"
LABEL org.opencontainers.image.source="https://github.com/domcyrus/rustnet"
LABEL org.opencontainers.image.licenses="Apache License, Version 2.0"
# Important: RustNet requires elevated privileges for packet capture functionality
# Run with: docker run --cap-add=NET_RAW --cap-add=NET_ADMIN rustnet
# Or with: docker run --privileged rustnet
ENTRYPOINT ["rustnet"]
Reference in New Issue View Git Blame Copy Permalink