Commit 5635dc5142aa ("Enable --transparent mode for docker") made a
little bit of a mess of the Dockerfile and container-entrypoint.sh.
A few issues are, but not limited to; trailing whitespaces, incorrect
indentation, removed final newline, component sortability just to name a
few.
This MR fixes that and cleans up those files again.
One thing not touched was the enable/disablement of `set +e` to exit the
script on error. It is nicer/cleaner to solve this in a different way,
but that adds to much complexity.
While here, make the container architecture and alpine version
configurable, allowing us to build multi-arch images from the CI in the
future.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
A container is best served with the least amount of privileges. This
also ensures we don't have to drop anything later.
This does require running the container with elevated capabilities.
Note, that if for whatever reason, 'root' access within the container is
needed, this can easily be accomplished by running the container with
`docker run --user root:root sslh` for example.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
As per docker guidelines [0] a container should always really have a
consistent entrypoint, without having to override it or do special
tricks.
The behavior should be _identical_ as before, but will no longer trigger
errors because sslh doesn't understand certain parameters (/bin/sh
for example being common). Further more, allows a proper entrypoint for
a CI to work easily with the container as well. Allowing for scenario's
such as `apk add git && sslh --foreground` in your sslh image for example.
E.g. `docker run sslh --help` works though with the default
`--foreground` a bit weirdly, as does `docker run sslh
/bin/sh` or `docker run sslh ls`.
[0]: https://github.com/docker-library/official-images#consistency
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
It is weird that when invoking sslh, that it daemonizess in foreground by
default. This should always be a user choice, and if not, it should be a
program default.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Docker is most efficient if you can 'order' the layers from
least-changing to most changing to improve on cache hits.
While here, change ADD to COPY as add is really intended to download
external packages, as well as installing sslh into a proper location.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
