Add support for Docker multi-stage builds (#2228)

Separate docker build into two stagesto discard several binaries, builder, compiler and dev dependencies not needed for production usage. Run CTFd in a venv in `/opt/venv`. Reduce the image size from 648MB to 398MB. Co-authored-by: Kevin Chung <kchung@ctfd.io>
2025-12-17 22:14:25 +01:00 · 2023-01-25 17:56:51 +00:00
parent 89289ad641
commit fe9ba03e3b
1 changed files with 31 additions and 16 deletions
--- a/47
+++ b/47
@@ -1,6 +1,6 @@
-FROM python:3.9-slim-buster
+FROM python:3.9-slim-buster as build
+
 WORKDIR /opt/CTFd
-RUN mkdir -p /opt/CTFd /var/log/CTFd /var/uploads

 # hadolint ignore=DL3008
 RUN apt-get update \
@@ -10,30 +10,45 @@ RUN apt-get update \
        libssl-dev \
        git \
    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && python -m venv /opt/venv

-COPY requirements.txt /opt/CTFd/
-
-RUN pip install -r requirements.txt --no-cache-dir
+ENV PATH="/opt/venv/bin:$PATH"

 COPY . /opt/CTFd

-# hadolint ignore=SC2086
-RUN for d in CTFd/plugins/*; do \
+RUN pip install --no-cache-dir -r requirements.txt \
+    && for d in CTFd/plugins/*; do \
        if [ -f "$d/requirements.txt" ]; then \
-            pip install -r $d/requirements.txt --no-cache-dir; \
+            pip install --no-cache-dir -r "$d/requirements.txt";\
        fi; \
    done;

-# hadolint ignore=DL3059
-RUN adduser \
-    --disabled-login \
-    -u 1001 \
-    --gecos "" \
+
+FROM python:3.9-slim-buster as release
+WORKDIR /opt/CTFd
+
+# hadolint ignore=DL3008
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        libffi6 \
+        libssl1.1 \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --chown=1001:1001 . /opt/CTFd
+
+RUN useradd \
+    --no-log-init \
    --shell /bin/bash \
+    -u 1001 \
    ctfd \
-    && chmod +x /opt/CTFd/docker-entrypoint.sh \
-    && chown -R 1001:1001 /opt/CTFd /var/log/CTFd /var/uploads
+    && mkdir -p /var/log/CTFd /var/uploads \
+    && chown -R 1001:1001 /var/log/CTFd /var/uploads \
+    && chmod +x /opt/CTFd/docker-entrypoint.sh
+
+COPY --from=build /opt/venv /opt/venv
+ENV PATH="/opt/venv/bin:$PATH"

 USER 1001
 EXPOSE 8000