Debdut/Dockerfile

## Dockerfile
#############################
# 0. Base image: Ubuntu + all apt deps + browser
#############################
FROM ubuntu:22.04 AS base

ENV DEBIAN_FRONTEND=noninteractive

# One big apt layer: cached as long as THIS block doesn't change
RUN apt-get update && \
  apt-get install -y --no-install-recommends \
    ca-certificates \
    openssl \
    wget \
    curl \
    gnupg \
    git \
    build-essential \
    pkg-config \
    xvfb \
    x11vnc \
    fluxbox \
    fonts-liberation \
    tzdata \
    libasound2 \
    libatk-bridge2.0-0 \
    libatk1.0-0 \
    libatspi2.0-0 \
    libc6 \
    libcairo2 \
    libcups2 \
    libcurl4 \
    libdbus-1-3 \
    libexpat1 \
    libgbm1 \
    libglib2.0-0 \
    libgtk-3-0 \
    libnspr4 \
    libnss3 \
    libpango-1.0-0 \
    libudev1 \
    libvulkan1 \
    libx11-6 \
    libxcb1 \
    libxcomposite1 \
    libxdamage1 \
    libxext6 \
    libxfixes3 \
    libxkbcommon0 \
    libxrandr2 && \
  ARCH=$(dpkg --print-architecture) && \
  if [ "$ARCH" = "amd64" ]; then \
    wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-chrome.gpg && \
    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list && \
    apt-get update && \
    apt-get install -y --no-install-recommends google-chrome-stable && \
    echo "BROWSERAPI_CHROME_BIN=/usr/bin/google-chrome-stable" >> /etc/environment; \
  else \
    apt-get install -y --no-install-recommends chromium-browser && \
    echo "BROWSERAPI_CHROME_BIN=/usr/bin/chromium-browser" >> /etc/environment; \
  fi && \
  rm -rf /var/lib/apt/lists/*

RUN useradd -m -s /bin/bash browserapi || true


#############################
# 1. Builder: install Go via dynamic URL, then build
#############################
FROM base AS builder

# Go version + arch from buildx
ARG GO_VERSION=1.22.5
ARG TARGETARCH

# Install Go using dynamic URL once per arch (cached)
RUN set -eux; \
  # default if building without buildx
  : "${TARGETARCH:=amd64}"; \
  case "$TARGETARCH" in \
    amd64) GOARCH=amd64 ;; \
    arm64) GOARCH=arm64 ;; \
    *) echo "Unsupported TARGETARCH: $TARGETARCH" >&2; exit 1 ;; \
  esac; \
  curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${GOARCH}.tar.gz" -o /tmp/go.tgz; \
  tar -C /usr/local -xzf /tmp/go.tgz; \
  rm /tmp/go.tgz

ENV PATH="/usr/local/go/bin:${PATH}" \
  GOPATH="/go" \
  GOCACHE="/go-build" \
  CGO_ENABLED=1 \
  GOOS=linux

WORKDIR /app

# Cache-friendly deps layer: only go.mod/go.sum here
COPY go.mod go.sum ./
RUN go mod download

# App source (this is what changes often)
COPY . .

# Adjust path if your main is elsewhere (e.g. ./cmd/server/main.go)
RUN go build -o BrowserAPI main.go


#############################
# 2. Runtime
#############################
FROM base AS runtime

WORKDIR /app

# Copy compiled binary only
COPY --from=builder /app/BrowserAPI /app/BrowserAPI
# Optional: app assets/config
COPY app ./app

# Data + certs
RUN mkdir -p /data/profiles /certs && \
  chown -R browserapi:browserapi /app /data /certs && \
  mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix

RUN openssl req -x509 -newkey rsa:2048 -nodes \
    -keyout /certs/server.key \
    -out /certs/server.crt \
    -days 365 \
    -subj "/CN=localhost" && \
  chown -R browserapi:browserapi /certs

# Entrypoint script
RUN cat > /app/entrypoint.sh << 'EOF'
#!/bin/bash
set -e

# Detect Chrome binary path
if [ -f /usr/bin/google-chrome-stable ]; then
  export BROWSERAPI_CHROME_BIN=/usr/bin/google-chrome-stable
elif [ -f /usr/bin/chromium-browser ]; then
  export BROWSERAPI_CHROME_BIN=/usr/bin/chromium-browser
fi

# Start X server, window manager, VNC in background
Xvfb :99 -screen 0 1280x720x24 &
fluxbox &
x11vnc -display :99 -nopw -forever -rfbport 5900 &

sleep 2

exec /app/BrowserAPI
EOF

RUN chmod +x /app/entrypoint.sh && \
  chown browserapi:browserapi /app/entrypoint.sh

ENV BROWSERAPI_LISTEN_ADDR=":8443" \
  BROWSERAPI_DB_PATH="/data/browserapi.db" \
  BROWSERAPI_PROFILE_ROOT="/data/profiles" \
  BROWSERAPI_TLS_CERT="/certs/server.crt" \
  BROWSERAPI_TLS_KEY="/certs/server.key" \
  DISPLAY=":99"

USER browserapi

EXPOSE 8443 5900

CMD ["/app/entrypoint.sh"]
	#############################
	# 0. Base image: Ubuntu + all apt deps + browser
	#############################
	FROM ubuntu:22.04 AS base

	ENV DEBIAN_FRONTEND=noninteractive

	# One big apt layer: cached as long as THIS block doesn't change
	RUN apt-get update && \
	apt-get install -y --no-install-recommends \
	ca-certificates \
	openssl \
	wget \
	curl \
	gnupg \
	git \
	build-essential \
	pkg-config \
	xvfb \
	x11vnc \
	fluxbox \
	fonts-liberation \
	tzdata \
	libasound2 \
	libatk-bridge2.0-0 \
	libatk1.0-0 \
	libatspi2.0-0 \
	libc6 \
	libcairo2 \
	libcups2 \
	libcurl4 \
	libdbus-1-3 \
	libexpat1 \
	libgbm1 \
	libglib2.0-0 \
	libgtk-3-0 \
	libnspr4 \
	libnss3 \
	libpango-1.0-0 \
	libudev1 \
	libvulkan1 \
	libx11-6 \
	libxcb1 \
	libxcomposite1 \
	libxdamage1 \
	libxext6 \
	libxfixes3 \
	libxkbcommon0 \
	libxrandr2 && \
	ARCH=$(dpkg --print-architecture) && \
	if [ "$ARCH" = "amd64" ]; then \
	wget -q -O - https://dl.google.com/linux/linux_signing_key.pub \| gpg --dearmor -o /usr/share/keyrings/google-chrome.gpg && \
	echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list && \
	apt-get update && \
	apt-get install -y --no-install-recommends google-chrome-stable && \
	echo "BROWSERAPI_CHROME_BIN=/usr/bin/google-chrome-stable" >> /etc/environment; \
	else \
	apt-get install -y --no-install-recommends chromium-browser && \
	echo "BROWSERAPI_CHROME_BIN=/usr/bin/chromium-browser" >> /etc/environment; \
	fi && \
	rm -rf /var/lib/apt/lists/*

	RUN useradd -m -s /bin/bash browserapi \|\| true


	#############################
	# 1. Builder: install Go via dynamic URL, then build
	#############################
	FROM base AS builder

	# Go version + arch from buildx
	ARG GO_VERSION=1.22.5
	ARG TARGETARCH

	# Install Go using dynamic URL once per arch (cached)
	RUN set -eux; \
	# default if building without buildx
	: "${TARGETARCH:=amd64}"; \
	case "$TARGETARCH" in \
	amd64) GOARCH=amd64 ;; \
	arm64) GOARCH=arm64 ;; \
	*) echo "Unsupported TARGETARCH: $TARGETARCH" >&2; exit 1 ;; \
	esac; \
	curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${GOARCH}.tar.gz" -o /tmp/go.tgz; \
	tar -C /usr/local -xzf /tmp/go.tgz; \
	rm /tmp/go.tgz

	ENV PATH="/usr/local/go/bin:${PATH}" \
	GOPATH="/go" \
	GOCACHE="/go-build" \
	CGO_ENABLED=1 \
	GOOS=linux

	WORKDIR /app

	# Cache-friendly deps layer: only go.mod/go.sum here
	COPY go.mod go.sum ./
	RUN go mod download

	# App source (this is what changes often)
	COPY . .

	# Adjust path if your main is elsewhere (e.g. ./cmd/server/main.go)
	RUN go build -o BrowserAPI main.go


	#############################
	# 2. Runtime
	#############################
	FROM base AS runtime

	WORKDIR /app

	# Copy compiled binary only
	COPY --from=builder /app/BrowserAPI /app/BrowserAPI
	# Optional: app assets/config
	COPY app ./app

	# Data + certs
	RUN mkdir -p /data/profiles /certs && \
	chown -R browserapi:browserapi /app /data /certs && \
	mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix

	RUN openssl req -x509 -newkey rsa:2048 -nodes \
	-keyout /certs/server.key \
	-out /certs/server.crt \
	-days 365 \
	-subj "/CN=localhost" && \
	chown -R browserapi:browserapi /certs

	# Entrypoint script
	RUN cat > /app/entrypoint.sh << 'EOF'
	#!/bin/bash
	set -e

	# Detect Chrome binary path
	if [ -f /usr/bin/google-chrome-stable ]; then
	export BROWSERAPI_CHROME_BIN=/usr/bin/google-chrome-stable
	elif [ -f /usr/bin/chromium-browser ]; then
	export BROWSERAPI_CHROME_BIN=/usr/bin/chromium-browser
	fi

	# Start X server, window manager, VNC in background
	Xvfb :99 -screen 0 1280x720x24 &
	fluxbox &
	x11vnc -display :99 -nopw -forever -rfbport 5900 &

	sleep 2

	exec /app/BrowserAPI
	EOF

	RUN chmod +x /app/entrypoint.sh && \
	chown browserapi:browserapi /app/entrypoint.sh

	ENV BROWSERAPI_LISTEN_ADDR=":8443" \
	BROWSERAPI_DB_PATH="/data/browserapi.db" \
	BROWSERAPI_PROFILE_ROOT="/data/profiles" \
	BROWSERAPI_TLS_CERT="/certs/server.crt" \
	BROWSERAPI_TLS_KEY="/certs/server.key" \
	DISPLAY=":99"

	USER browserapi

	EXPOSE 8443 5900

	CMD ["/app/entrypoint.sh"]
No results found