I have the following docker file
FROM debian:stable
# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
#Versions
ENV HELM_VERSION=v3.10.0
ENV KUBECTL_VERSION=v1.20.9
ENV MAVEN_OPTS="-Djavax.net.ssl.trustStore=/cicd/assets/truststore.jks"
ENV TERRAFORM_VERSION=1.2.0
ENV GOLANG_VERSION=1.19.1
ENV TERRAGRUNT_VERSION=v0.38.7
RUN set -xe \
&& apt-get update -y \
&& apt-get install -y python3-pip
RUN apt-get install zip unzip
#Copy python requirements file
COPY requirements.txt /tmp/pip-tmp/
# Makes the Ansible directories
RUN mkdir /etc/ansible /ansible
RUN mkdir ~/.ssh
# Configure apt and install python packages
RUN apt-get update -y -q \
&& apt-get upgrade -y -q \
&& apt-get install -y wget \
&& apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
&& apt-get install -y --no-install-recommends apt-utils \
&& apt-get -y install ca-certificates software-properties-common build-essential curl git gettext-base maven sshpass krb5-user \
&& pip --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt \
&& apt-get -y install jq \
&& rm -rf /tmp/pip-tmp
#Install helm
RUN wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz \
&& tar -zxvf helm-${HELM_VERSION}-linux-amd64.tar.gz \
&& mv linux-amd64/helm /usr/local/bin/helm
#Install kubectl
RUN curl --silent https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl --output /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl
#Install Docker CLI
RUN curl -sSL https://get.docker.com/ | sh \
&& curl -L "https://github.com/docker/compose/releases/download/2.10.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
&& chmod +x /usr/local/bin/docker-compose
#Install AWS CLI
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
&& unzip awscliv2.zip \
&& ./aws/install
#Copy Assets
#RUN mkdir -p /cicd
#COPY assets /cicd
#Install helm plugins
#RUN helm plugin add https://github.com/databus23/helm-diff
#RUN helm plugin install /cicd/helm-nexus-push
# Downloading gcloud package
RUN curl https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz > /tmp/google-cloud-sdk.tar.gz
# Installing the package
RUN mkdir -p /usr/local/gcloud \
&& tar -C /usr/local/gcloud -xvf /tmp/google-cloud-sdk.tar.gz \
&& /usr/local/gcloud/google-cloud-sdk/install.sh
# Adding the package path to local
ENV PATH $PATH:/usr/local/gcloud/google-cloud-sdk/bin
RUN cd /tmp && \
wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin && \
rm -rf /tmp/*
RUN cd /tmp && \
wget https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz && \
tar -xzf go${GOLANG_VERSION}.linux-amd64.tar.gz -C /usr/local && \
rm -rf /tmp/*
RUN cd /tmp && \
wget https://github.com/gruntwork-io/terragrunt/releases/download/${TERRAGRUNT_VERSION}/terragrunt_linux_amd64 && \
mv terragrunt_linux_amd64 /usr/local/bin/terragrunt && \
chmod +x /usr/local/bin/terragrunt && \
rm -rf /tmp/*
RUN git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
ENV GOPATH=/usr/local/go
ENV PATH=/usr/local/go/bin:$PATH
ENV CGO_ENABLED=0
RUN go version
RUN terraform --version
RUN terragrunt --version
RUN ansible --version
CMD bash
I build the docker image and upload it to google artifact registry, but I always come across security vulnerabilities I have tried to fix it but unfortunately I'm unable to fix the security vulnerabilities. Please look at the critical errors and let me know how I can fix this, Any recommendation is appreciated. Thank You.
It looks like the DockerFile is trying to a specific version of golang by hand into "/usr/local" rather than using the Debian package manager. According to the info at https://security-tracker.debian.org/tracker/CVE-2021-38297, that bug is fixed in 1.17.3-3 and the Dockerfile are using 1.19.1. So perhaps there is an old golang installation in the base image ... and that is what the scanner is picking up. Check that, and if necessary apt install a newer version.
Likewise, https://security-tracker.debian.org/tracker/CVE-2022-23806 should be fixed by a newer version of golang. See the CVE link for versions.
https://security-tracker.debian.org/tracker/CVE-2015-20107 could be fixed by upgrading to Python 3.10.6-1 or later.
https://security-tracker.debian.org/tracker/CVE-2019-19814 doesn't appear to have a fix from upstream, so there is nothing you can do about it except not use f2fs.
https://security-tracker.debian.org/tracker/CVE-2022-29599 can be fixed by updating the maven-shared-utils package; see the CVE link for versions.
https://security-tracker.debian.org/tracker/CVE-2022-1996 has a fix upstream but it is awaiting triage by the Debian team.
In summary, some of the vulnerabilities can be fixed, but for a couple of them no fix is readily available. So:
Apply the fixes that are available.
Then read the CVEs and accompanying explanations and 1) make a judgement whether they represent a risk that you can take, and 2) figure out if you can mitigate the risk; e.g. by locking down access to the running Docker container.
Related
This Python 3.9 project has a Dockerfile, that builds successfully. The file makes use of an ENTRYPOINT script to create some directories and handle some clean-up at run time. It is a bash script. The ENTRYPOINT script has no problem running until the very end, where it is expected to execute the CMD that is passed next. Well, I should say this behavior only happens when Kaniko builds the image. When the image is built locally, no such problem occurs. However, I am willing to chalk that up to the fact that locally is on a Windows machine. However, that shouldn't matter here because the error thrown is:
/opt/project/conf/entrypoint.sh: /usr/bin/supervisord: /usr/bin/python3: bad interpreter: No such file or directory
/opt/project/conf/entrypoint.sh: line 8: /usr/bin/supervisord: Success
Now I have looked at many "bad interpreter" questions. They all seem to revolve around the interpreter being in a custom place. I am reliant upon the default spot for the Python 3.9 interpreter. On Debian Bullseye (The OS behind the base image) that should be /usr/local/bin/python or /usr/local/bin/python3. So I am completely stumped as to why it is unable to find or use it.
Here are the implementation details:
Dockerfile:
FROM python:3.9-slim-bullseye
# Minimum Required Environment Variables
ENV SHELL=/bin/bash
ENV CC /usr/bin/gcc
ENV CXX /usr/bin/g++
ENV LANG=C.UTF-8
ENV DEBIAN_FRONTEND=noninteractive
ENV PYMSSQL_BUILD_WITH_BUNDLED_FREETDS=1
ENV PIP_CONFIG_FILE=/etc/pip.conf
ENV TZ=America/Los_Angeles
# Project Specific Environment Variables
ENV PROJECT_LOGFILE=/var/log/project/project.log
ENV PROJECT_CONFIG_DIRECTORY=/opt/project/conf
ENV PROJECT_SETTINGS_MODULE="project.settings"
# Files Needed for Dependency Installation
COPY dev/.pip.conf /etc/pip.conf
COPY dev/dev-requirements.txt /usr/local/requirements.txt
# Dependency Installation
WORKDIR /tmp
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install musl-dev g++ bash curl gnupg -y \
&& curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
&& curl https://packages.microsoft.com/config/debian/11/prod.list > /etc/apt/sources.list.d/mssql-release.list \
&& apt-get update \
&& apt-get install --no-install-recommends libfreetype-dev freetds-dev python-dev git libpng-dev libxml2-dev \
libxslt-dev libssl-dev libopenblas-dev rsyslog supervisor tini tzdata libghc-zlib-dev libjpeg-dev cron \
libgssapi-krb5-2 unixodbc-dev -y \
&& ACCEPT_EULA=Y apt-get install -y msodbcsql18 \
&& ln -s /usr/include/locale.h /usr/include/xlocale.h \
&& pip install --no-cache-dir --upgrade pip setuptools wheel \
&& pip install matplotlib --no-cache-dir \
&& pip install --no-cache-dir -r /usr/local/requirements.txt
# Setting Up For Install
COPY conf/ /opt/project/conf/
RUN mkdir -p /var/log/project /conf \
&& cp /opt/project/conf/supervisord.conf /conf/supervisord.conf \
&& cp /opt/project/conf/rsyslog.conf /conf/rsyslog.conf
WORKDIR /opt
# Copy Over Packages
COPY project-db-migrations /opt/project/project-db-migrations
COPY infrastructure /opt/infrastructure
COPY project /opt/project/src
COPY README.md /opt/project/README.md
# Install Infrastructure
RUN cd /opt/infrastructure && python3 setup.py install
# Install Project Service
RUN cd /opt/project/src && python3 setup.py install
RUN ["chmod", "+x", "/opt/project/conf/entrypoint.sh"]
WORKDIR /
EXPOSE 80
ENTRYPOINT ["tini", "--", "/opt/project/conf/entrypoint.sh"]
CMD ["supervisord", "-c", "/conf/supervisord.conf"]
entrypoint.sh
#!/bin/bash
set -eu
echo "Setting Up Project Service"
# Adding Temp Directory
mkdir -p /opt/project/tmp
echo "Service has been setup"
exec $#
supervisord.conf
[supervisord]
nodaemon=true
logfile=/var/log/project/supervisord.log
childlogdir=/var/log/project
[program:rsyslogd]
command=/usr/sbin/rsyslogd -n -f /conf/rsyslog.conf
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:crond]
command=/usr/sbin/cron -f -l 15
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:project]
command=python -m project.run --server
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
The image is ran and deployed without changes to the user, so it should be running as root.
In this case, after some digging I found there is an issue with the Kaniko version DevOps had running. That was causing the issue. Because the image wasn't being flattened correctly, Python could not start properly.
error:
xvfb-run: line 169: 18 Killed DISPLAY=:$SERVERNUM XAUTHORITY=$AUTHFILE
Dockerfile xvfb command
ENTRYPOINT ["/usr/bin/dumb-init", "--", "xvfb-run", "--server-args", "-screen 0 1280x1024x24 -ac"]
Full Dockerfile
FROM ubuntu:focal-20220302
WORKDIR /app
# Ensures tzinfo doesn't ask for region info.
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install -y \
dumb-init \
xvfb \
build-essential libxi-dev libglu1-mesa-dev libglew-dev pkg-config
# Source: https://gist.github.com/remarkablemark/aacf14c29b3f01d6900d13137b21db3a
# replace shell with bash so we can source files
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
# update the repository sources list
# and install dependencies
RUN apt-get update \
&& apt-get install -y curl \
&& apt-get -y autoclean
RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash -
RUN apt-get install -y nodejs
# confirm installation
RUN node -v
RUN npm -v
# FONT CONFIG
RUN apt-get install fontconfig -y
## INSTALL EDITLY
# ## Install app dependencies
COPY package.json /app/
RUN npm install
# Add app source
COPY . /app
# Ensure `editly` binary available in container
RUN npm link
RUN apt-get update && apt-get install -y wget \
xz-utils \
dumb-init \
xvfb
# Get ffmpeg and ffprobe with static build
RUN wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz \
&& tar xvf ffmpeg-release-amd64-static.tar.xz \
&& cp ffmpeg-5.0-amd64-static/ffmpeg /usr/local/bin/ \
&& cp ffmpeg-5.0-amd64-static/ffprobe /usr/local/bin/ \
&& rm -rf ffmpeg-release-amd64-static.tar.xz \
&& rm -rf ffmpeg-5.0-amd64-static
# Ensure ffmpeg and ffprobe are successfully copied
RUN ffmpeg -version && ffprobe -version
ENTRYPOINT ["/usr/bin/dumb-init", "--", "xvfb-run", "--server-args", "-screen 0 1280x1024x24 -ac"]
EXPOSE 3000
CMD [ "node","./index.js" ]
I need to install on docker the latest version of curl
when using the following the docker size is ~140MB
FROM debian:10.7
RUN apt-get update && \
apt-get install --no-install-recommends -y curl wget ca-certificates
This use curl 7.64
when using the following
FROM debian:10.7
RUN apt-get update && \
apt-get install --yes --no-install-recommends wget build-essential ca-certificates libcurl4 && \
wget https://curl.se/download/curl-7.73.0.tar.gz && \
tar -xvf curl-7.73.0.tar.gz && cd curl-7.74.0 && \
./configure && make && make install && \
apt-get purge -y --auto-remove build-essential && \
The docker image size is 240MB, I've tried to remove the build essintials which reduce the size from 440 to 240 , is there a way to remove this additional ~100MB ?
In fact, you are close to the solution. The one you missed is to delete the curl source package.
So next should make the image reduce:
FROM debian:10.7
RUN apt-get update && \
apt-get install --yes --no-install-recommends wget build-essential ca-certificates libcurl4 && \
wget https://curl.se/download/curl-7.73.0.tar.gz && \
tar -xvf curl-7.73.0.tar.gz && cd curl-7.73.0 && \
./configure && make && make install && \
apt-get purge -y --auto-remove build-essential && \
cd .. && rm -fr curl-7.73.0.tar.gz curl-7.73.0
Without Curl:
$ docker images abc:1
REPOSITORY TAG IMAGE ID CREATED SIZE
abc 1 d742bfdf5fa6 25 seconds ago 148MB
With curl & source package delete:
$ docker images abc:2
REPOSITORY TAG IMAGE ID CREATED SIZE
abc 2 afe3d404852a 27 minutes ago 151MB
Additional, if you delete apt cache with rm -rf /var/lib/apt/lists/* in Dockerfile, if will be smaller:
$ docker images abc:3
REPOSITORY TAG IMAGE ID CREATED SIZE
abc 3 5530b0e9b44f 2 minutes ago 134MB
Another solution maybe use multistage-build, you could use ./configure --prefix=xxx to set a default install location, then stage1 just used to build curl, while stage2 copy the xxx folder from stage1 to final image.
You should inclide rm -rf /var/lib/apt/lists/* into your RUN instruction to remove apt index files and might include apt-get clean to remove any other remaining package file.
Apart from that, you could also try using the slim image version, according to Docker Hub debian:10.7-slim is almost half size (~24Mb vs ~48Mb)
Finally, you can execute du -h | sort -h on a container from your generated image to find out where is the remaining space usage.
Using multistage-build as suggested by atline :
FROM debian:10.7 AS builder
WORKDIR /app
RUN mkdir /app/usr2
RUN apt-get update && \
apt-get install --yes --no-install-recommends wget build-essential ca-certificates libcurl4 && \
wget https://curl.se/download/curl-7.73.0.tar.gz && \
tar -xvf curl-7.73.0.tar.gz && cd curl-7.73.0 && \
./configure --prefix=/app/usr2 && make install
FROM debian:10.7
RUN apt-get update && \
apt-get install --no-install-recommends -y wget ca-certificates &&\
rm -rf /var/lib/apt/lists/*
COPY --from=builder /app/usr2/. /usr
Final size is 129MB
This dockerfile installs nodejs version 4.2 and I cant understand why. could someone please help me install node 9.2. i've tried taking out the -- no install-recommends command to no avail.
adding more text her because stack would not let me post this even though it is a very simple question that I've looked on the web for quite some time about to no avail.adding more text her because stack would not let me post this even though it is a very simple question that I've looked on the web for quite some time about to no avail.
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y --no-install-recommends curl sudo
RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
RUN apt-get install -y nodejs && \
apt-get install --yes build-essential
RUN apt-get install --yes npm
#VOLUME "/usr/local/app"
# Set up C++ dev env
RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install gcc-multilib g++-multilib cmake wget -y && \
apt-get clean autoclean && \
apt-get autoremove -y
#wget -O /tmp/conan.deb -L https://github.com/conan-io/conan/releases/download/0.25.1/conan-ubuntu-64_0_25_1.deb && \
#dpkg -i /tmp/conan.deb
#ADD ./scripts/cmake-build.sh /build.sh
#RUN chmod +x /build.sh
#RUN /build.sh
RUN mkdir -p /usr/local/app
WORKDIR /usr/local/app
COPY package.json /usr/local/app
RUN ["npm", "install"]
COPY . .
RUN echo "/usr/local/app/dm" > /etc/ld.so.conf.d/mythrift.conf
RUN echo "/usr/lib/x86_64-linux-gnu" >> /etc/ld.so.conf.d/mythrift.conf
RUN echo "/usr/local/lib64" >> /etc/ld.so.conf.d/mythrift.conf
RUN ldconfig
RUN chmod +x dm/dm3
RUN ldd dm/dm3
RUN ["chmod", "+x", "dm/dm3"]
RUN ["chmod", "777", "policy"]
RUN ls -al .
RUN ["nodejs", "-v"]
CMD ["nodejs", "-v"]
EDIT
Apparently it's important for the OP to run exactly this version of ubuntu. Here's a sample that builds on top of FROM ubuntu:16.04:
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y --reinstall ca-certificates curl build-essential \
&& curl -s https://nodejs.org/dist/v9.9.0/node-v9.9.0-linux-x64.tar.xz \
-o node-v9.9.0-linux-x64.tar.xz && tar xf node-v9.9.0-linux-x64.tar.xz \
&& cd node-v9.9.0-linux-x64 && cp -r bin include lib share /usr/local \
&& rm -rf /node-v9.9.0-linux-x64.tar.xz /node-v9.9.0-linux-x64
CMD ["node", "-v"]
Build
docker build -t testing .
Test
docker run testing
v9.9.0
Note that this only takes care of the node related things and don't take into account all the other dependencies.
The reason you are getting node 4 is because apt-get only installs the default version of a package which will never be the cutting edge latest.
Whilst this issue is present in a Docker container, it is not specific to Docker as it will happen on any Ubuntu installation, both inside or outside of Docker.
To get the latest version you have 2 options.
(1) Install using a PPA:
cd ~
curl -sL https://deb.nodesource.com/setup_9.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt-get install nodejs
nodejs -v
(2) Install using Node Version Manager (nvm)
The latter is great because it lets you install multiple versions of Node and jump between them very quickly.
Here's a link to an amazing Digital Ocean article on this very topic:
https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-16-04
Here's a link to NVM ... https://github.com/creationix/nvm
I am user of AWS elastic beanstalk, and I have a little problem. I want to build my CSS files with less+node. But I don`t know how to install node in my dockerfile, when building with jenkins.
Here is installation packages what I am using in my docker. I will be glad for any suggestions.
FROM php:5.6-apache
# Install PHP5 and modules along with composer binary
RUN apt-get update
RUN apt-get -y install \
curl \
default-jdk \
git \
libcurl4-openssl-dev \
libpq-dev \
libmcrypt-dev \
libpq5 \
npm \
node \
zlib1g-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng12-dev
RUN docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/
RUN docker-php-ext-install curl json mbstring opcache pdo_mysql zip gd exif sockets mcrypt
# Install pecl
RUN pecl install -o -f memcache-beta \
&& rm -rf /tmp/pear \
&& echo 'extension=memcache.so' > /usr/local/etc/php/conf.d/memcache.ini
After this I am runing my entrypoint.sh with code
#!/usr/bin/env sh
composer run-script post-install-cmd --no-interaction
chmod 0777 -R /var/app/app/cache
chmod 0777 -R /var/app/app/logs
exec apache2-foreground
But then I`ve got this error
Error Output: [2016-04-04 11:23:44] assetic.ERROR: The template ":tmp:module.html.twig" contains an error: A template that extends another one cannot have a body in ":tmp:module.ht
ml.twig" at line 7.
But when I install inside the Docker container node this way
apt-get install git-core curl build-essential openssl libssl-dev
git clone https://github.com/nodejs/node.git
cd node
./configure
make
sudo make install
node -v
I can build my CSS. So question is..how this installation above make install inside my Dockerfile when I am building it with Jenkins?
I think this works slightly better.
ENV NODE_VERSION=16.13.0
RUN apt install -y curl
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
ENV NVM_DIR=/root/.nvm
RUN . "$NVM_DIR/nvm.sh" && nvm install ${NODE_VERSION}
RUN . "$NVM_DIR/nvm.sh" && nvm use v${NODE_VERSION}
RUN . "$NVM_DIR/nvm.sh" && nvm alias default v${NODE_VERSION}
ENV PATH="/root/.nvm/versions/node/v${NODE_VERSION}/bin/:${PATH}"
RUN node --version
RUN npm --version
Note that nvm is a version manager for node.js, designed to be installed per-user, and invoked per-shell. nvm works on any POSIX-compliant shell (sh, dash, ksh, zsh, bash), in particular on these platforms: unix, macOS, and windows WSL.
Running apt-get install node does not install Node.js, because that's not the package you're asking for.
If you run apt-cache info node you can see that what you are installing is a "Amateur Packet Radio Node program (transitional package)"
You should follow the Node.js install instructions to install via package manager.
Or if you like building from git, you can just do that inside Docker:
RUN apt-get install -y git-core curl build-essential openssl libssl-dev \
&& git clone https://github.com/nodejs/node.git \
&& cd node \
&& ./configure \
&& make \
&& sudo make install
According to the following answer, I would suggest using npm via the n package, that lets you choose the nodejs version, or use the latest tag or the lts tag. For example for latest:
RUN apt-get update && apt-get install -y \
software-properties-common \
npm
RUN npm install npm#latest -g && \
npm install n -g && \
n latest
Just 2 lines
RUN curl -sL https://deb.nodesource.com/setup_12.x | bash -
RUN apt-get install -y nodejs
Get the node image and put it at the top of your dockerfile:
FROM node:[tag_name] AS [alias_name]
Verify the version by adding following code:
RUN echo "NODE Version:" && node --version
RUN echo "NPM Version:" && npm --version
Then add the following code every time you need to use nodejs in a container:
COPY --from=[alias_name] . .
From the codes above, replace the following with:
[tag_name] - the tag value of the node image you want to use. Visit https://hub.docker.com/_/node?tab=tags for the list of available tags.
[alias_name] - your preferred image name to use in your dockerfile.
Example:
FROM node:latest AS node_base
RUN echo "NODE Version:" && node --version
RUN echo "NPM Version:" && npm --version
FROM php:5.6-apache
COPY --from=node_base . .
### OTHER CODE GOES HERE
Binary download without any compilation
FROM ubuntu
RUN apt-get update && apt-get install -y \
ca-certificates \
curl
ARG NODE_VERSION=14.16.0
ARG NODE_PACKAGE=node-v$NODE_VERSION-linux-x64
ARG NODE_HOME=/opt/$NODE_PACKAGE
ENV NODE_PATH $NODE_HOME/lib/node_modules
ENV PATH $NODE_HOME/bin:$PATH
RUN curl https://nodejs.org/dist/v$NODE_VERSION/$NODE_PACKAGE.tar.gz | tar -xzC /opt/
# comes with npm
# RUN npm install -g typescript
I am using following Dockerfile to setup node version 8.10.0.
Here I have used NVM (Node Version Manager ), so we can choose which node version should be installed on that container. Please use absolute path of npm when installing node modules (eg: /root/.nvm/versions/node/v${NODE_VERSION}/bin/npm install leasot#latest -g)
FROM ubuntu:18.04
ENV NODE_VERSION=8.10.0
RUN apt-get update && \
apt-get install wget curl ca-certificates rsync -y
RUN wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh | bash
ENV NVM_DIR=/root/.nvm
RUN . "$NVM_DIR/nvm.sh" && nvm install ${NODE_VERSION}
RUN . "$NVM_DIR/nvm.sh" && nvm use v${NODE_VERSION}
RUN . "$NVM_DIR/nvm.sh" && nvm alias default v${NODE_VERSION}
RUN cp /root/.nvm/versions/node/v${NODE_VERSION}/bin/node /usr/bin/
RUN cp /root/.nvm/versions/node/v${NODE_VERSION}/bin/npm /usr/bin/
RUN /root/.nvm/versions/node/v${NODE_VERSION}/bin/npm install leasot#latest -g
Note: This is a cropped Dockerfile.
The short answer, for example, install v14.17.1
ENV PATH="/opt/node-v14.17.1-linux-x64/bin:${PATH}"
RUN curl https://nodejs.org/dist/v14.17.1/node-v14.17.1-linux-x64.tar.gz |tar xzf - -C /opt/
list of all available versions can be found here -> https://nodejs.org/dist/
Directly into /usr/local so it's already in your $PATH
ARG NODE_VERSION=8.10.0
RUN curl https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz | tar -xz -C /usr/local --strip-components 1
The accepted answer gives the link to the installation instructions for all systems, but it won't run out of the box since you often (e.g. for ubuntu) don't have all required dependencies installed (namely curl and sudo).
So here's for example how you'd do it for ubuntu:
FROM ubuntu
# Core dependencies
RUN apt-get update && apt-get install -y curl sudo
# Node
# Uncomment your target version
# RUN curl -fsSL https://deb.nodesource.com/setup_10.x | sudo -E bash -
# RUN curl -fsSL https://deb.nodesource.com/setup_12.x | sudo -E bash -
# RUN curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
# RUN curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
RUN sudo apt-get install -y nodejs
RUN echo "NODE Version:" && node --version
RUN echo "NPM Version:" && npm --version
then build with
docker build . --progress=plain
to see the output of the echo statements. Of course you could also leave away the echo statements and run it regularly with docker build ., after you've made sure everything is working as intended.
You can also leave away the installation of sudo, but then you'll have to get rid of the sudo occurrences in the script.
FROM ubuntu:20.04
# all necessaries for next RUN
RUN set -e; \
apt-get update && \
apt-get install -qqy --no-install-recommends \
curl wget nano gnupg2 software-properties-common && \
rm -rf /var/lib/apt/lists;
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
# uncomment for checking versions
# Step 4/10 : RUN apt-cache show nodejs | grep Version;return 1;
# ---> Running in xxxxxxxxx
# Version: 14.18.2-deb-1nodesource1
# Version: 10.19.0~dfsg-3ubuntu1
#RUN apt-cache show nodejs | grep Version;return 1;
RUN set -e; \
apt-get update && \
apt-get install -qqy \
nodejs && \
rm -rf /var/lib/apt/lists;
# uncomment for check
# RUN node -v