** Currently Docker Hub not allowing for free hosting for Docker images: Please run ./build.sh first by yourself locally **
This new release is designed to support the deployment for Non-Root child images implementations and deployments to platform such as OpenShift or RedHat host operating system which requiring special policy to deploy. And, for better security practice, we decided to migrate (eventaully) our Docker containers to use Non-Root implementation.
Here are some of the things you can do if your images requiring "Root" acccess - you really
want to do it:
- For Docker build: Use "sudo" or "sudo -H" prefix to your Dockerfile's command which requiring "sudo" access to install packages.
- For Docker container (access via shell): Use "sudo" command when you need to access root privilges to install packages or change configurations.
- Or, you can use older version of this kind of base images which use "root" in Dockerfile.
- Yet, you can also modify the Dockerfile at the very bottom to remove/comment out the "USER ${USER}" line so that your child images can have root as USER.
- Finally, you can also, add a new line at the very top of your child Docker image's Dockerfile to include "USER root" so that your Docker images built will be using "root".
We like to promote the use of "Non-Root" images as better Docker security practice. And, whenever possible, you also want to further confine the use of "root" privilges in your Docker implementation so that it can prevent the "rooting hacking into your Host system". To lock down your docker images and/or this base image, you will add the following line at the very end to remove sudo: (Notice that this might break some of your run-time code if you use sudo during run-time)
sudo agt-get remove -y sudo
After that, combining with other Docker security practice (see below references), you just re-build your local images and re-deploy it as non-development quality of docker container. However, there are many other practices to secure your Docker containes. See below:
- Docker security | Docker Documentation
- 5 tips for securing your Docker containers - TechRepublic
- Docker Security - 6 Ways to Secure Your Docker Containers
- Five Docker Security Best Practices - The New Stack
-
Ubuntu 20.04 LTS now as LTS Docker base image.
-
openjdk version "11.0.11" 2021-04-20 OpenJDK Runtime Environment (build 11.0.11+9-Ubuntu-0ubuntu2.20.04) OpenJDK 64-Bit Server VM (build 11.0.11+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing)
-
Apache Maven 3.8
-
Python 3.8 + pip 21.2 + Python 3 virtual environments (venv, virtualenv, virtualenvwrapper, mkvirtualenv, ..., etc.)
-
Node v16 + npm 7 (from NodeSource official Node Distribution)
-
Gradle 7
-
Other tools: git wget unzip vim python python-setuptools python-dev python-numpy, ..., etc.
- build.sh - build local image
- logs.sh - see logs of container
- run.sh - run the container
- shell.sh - shell into the container
- stop.sh - stop the container
- tryJava.sh : test Java
- tryNodeJS.sh : test NodeJS
- tryPython.sh : test Python
- tryWebSocketServer.sh : test WebSockert NodeJS Server
- git clone https://github.com/DrSnowbird/jdk-mvn-py3.git
- cd jdk-mvn-py3
- ./run.sh
./build.sh or 'make build'
./run.sh
./tryJava.sh
./tryNodeJS.sh
./tryPython.sh
./tryWebSockerServer.sh
./build.sh
docker pull openkbs/jdk-mvn-py3
FROM openkbs/jdk-mvn-py3
... (then your customization Dockerfile code here)
Then, you're ready to run:
- make sure you create your work directory, e.g., ./data
mkdir ./data
docker run -d --name my-jdk-mvn-py3 -v $PWD/data:/data -i -t openkbs/jdk-mvn-py3
Say, you will build the image "my/jdk-mvn-py3".
docker build -t my/jdk-mvn-py3 .
To run your own image, say, with some-jdk-mvn-py3:
mkdir ./data
docker run -d --name some-jdk-mvn-py3 -v $PWD/data:/data -i -t my/jdk-mvn-py3
docker exec -it some-jdk-mvn-py3 /bin/bash
To run Python code
docker run -it --rm openkbs/jdk-mvn-py3 python3 -c 'print("Hello World")'
or,
docker run -i --rm openkbs/jdk-mvn-py3 python3 < myPyScript.py
or,
mkdir ./data
echo "print('Hello World')" > ./data/myPyScript.py
docker run -it --rm --name some-jdk-mvn-py3 -v "$PWD"/data:/data openkbs/jdk-mvn-py3 python3 myPyScript.py
or,
alias dpy3='docker run --rm openkbs/jdk-mvn-py3 python3'
dpy3 -c 'print("Hello World")'
Remember, the default working directory, /data, inside the docker container -- treat is as "/". So, if you create subdirectory, "./data/workspace", in the host machine and the docker container will have it as "/data/workspace".
#!/bin/bash -x
mkdir ./data
cat >./data/HelloWorld.java <<-EOF
public class HelloWorld {
public static void main(String[] args) {
System.out.println("Hello, World");
}
}
EOF
cat ./data/HelloWorld.java
alias djavac='docker run -it --rm --name some-jdk-mvn-py3 -v '$PWD'/data:/data openkbs/jdk-mvn-py3 javac'
alias djava='docker run -it --rm --name some-jdk-mvn-py3 -v '$PWD'/data:/data openkbs/jdk-mvn-py3 java'
djavac HelloWorld.java
djava HelloWorld
And, the output:
Hello, World
Hence, the alias above, "djavac" and "djava" is your docker-based "javac" and "java" commands and it will work the same way as your local installed Java's "javac" and "java" commands.
Run the NodeJS mini-server script:
./tryNodeJS.sh
Then, open web browser to go to http://0.0.0.0:3000/ to NodeJS mini-web server test.
There are various ways to run Python virtual envrionments, for example,
Add the following code to the end of ~/.bashrc
#########################################################################
#### ---- Customization for multiple virtual python environment ---- ####
#########################################################################
export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3
source /usr/local/bin/virtualenvwrapper.sh
export WORKON_HOME=~/Envs
if [ ! -d $WORKON_HOME ]; then
mkdir -p $WORKON_HOME
fi
mkvirtualenv my-venv
workon my-venv
However, for larger complex projects, you might want to consider to use Docker-based IDE. For example, try the following Docker-based IDEs:
- openkbs/docker-atom-editor
- openkbs/eclipse-photon-docker
- openkbs/eclipse-photon-vnc-docker
- openkbs/eclipse-oxygen-docker
- openkbs/intellj-docker
- openkbs/intellj-vnc-docker
- openkbs/knime-vnc-docker
- openkbs/netbeans9-docker
- openkbs/netbeans
- openkbs/papyrus-sysml-docker
- openkbs/pycharm-docker
- openkbs/scala-ide-docker
- openkbs/sublime-docker
- openkbs/webstorm-docker
- openkbs/webstorm-vnc-docker
Corporate Proxy Root and Intemediate Certificates setup for System and Web Browsers (FireFox, Chrome, etc)
- Save your corporate's Certificates in the currnet GIT directory,
./certificates
- During Docker run command,
-v `pwd`/certificates:/certificates ... (the rest parameters)
If you want to map to different directory for certificates, e.g., /home/developer/certificates, then
-v `pwd`/certificates:/home/developer/certificates -e SOURCE_CERTIFICATES_DIR=/home/developer/certificates ... (the rest parameters)
- And, inside the Docker startup script to invoke the
~/scripts/setup_system_certificates.sh
. Note that the script assumes the certficates are in/certificates
directory. - The script
~/scripts/setup_system_certificates.sh
will automatic copy to target directory and setup certificates for both System commands (wget, curl, etc) to use and Web Browsers'.
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
java: /usr/bin/java /usr/share/java /usr/lib/jvm/java-11-openjdk-amd64/bin/java /usr/share/man/man1/java.1.gz
/usr/lib/jvm/java-11-openjdk-amd64/bin/java
openjdk version "11.0.15" 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1, mixed mode, sharing)
/usr/bin/mvn
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /usr/apache-maven-3.8.5
Java version: 11.0.15, vendor: Private Build, runtime: /usr/lib/jvm/java-11-openjdk-amd64
Default locale: en, platform encoding: UTF-8
OS name: "linux", version: "5.11.0-34-generic", arch: "amd64", family: "unix"
/usr/bin/python3
Python 3.8.10
/usr/local/bin/pip
pip 22.1.1 from /usr/local/lib/python3.8/dist-packages/pip (python 3.8)
/usr/local/bin/pip3
pip 22.1.1 from /usr/local/lib/python3.8/dist-packages/pip (python 3.8)
/usr/bin/gradle
Welcome to Gradle 7.4.2!
Here are the highlights of this release:
- Aggregated test and JaCoCo reports
- Marking additional test source directories as tests in IntelliJ
- Support for Adoptium JDKs in Java toolchains
For more details see https://docs.gradle.org/7.4.2/release-notes.html
------------------------------------------------------------
Gradle 7.4.2
------------------------------------------------------------
Build time: 2022-03-31 15:25:29 UTC
Revision: 540473b8118064efcc264694cbcaa4b677f61041
Kotlin: 1.5.31
Groovy: 3.0.9
Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM: 11.0.15 (Private Build 11.0.15+10-Ubuntu-0ubuntu0.20.04.1)
OS: Linux 5.11.0-34-generic amd64
/usr/bin/npm
8.11.0
/usr/bin/node
v18.2.0
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS"
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
argon2-cffi==21.3.0
argon2-cffi-bindings==21.2.0
asttokens==2.0.5
atomicwrites==1.1.5
attrs==21.4.0
backcall==0.2.0
beautifulsoup4==4.11.1
bleach==5.0.0
certifi==2022.5.18.1
cffi==1.15.0
chardet==3.0.4
charset-normalizer==2.0.12
cloudpickle==2.1.0
commonmark==0.9.1
cycler==0.11.0
dbus-python==1.2.16
debugpy==1.6.0
decorator==5.1.1
defusedxml==0.7.1
distlib==0.3.4
distro-info===0.23ubuntu1
dominate==2.6.0
entrypoints==0.4
et-xmlfile==1.0.1
executing==0.8.3
fastjsonschema==2.15.3
filelock==3.7.0
funcy==1.17
future==0.18.2
greenlet==1.1.2
html5lib==1.0.1
httpie==3.2.1
hyperopt==0.2.7
idna==3.3
importlib-metadata==4.11.4
importlib-resources==5.7.1
ipaddress==1.0.23
ipykernel==6.13.0
ipython==8.4.0
ipython-genutils==0.2.0
ipywidgets==7.7.0
isodate==0.6.1
j2cli==0.3.10
jdcal==1.0
jedi==0.18.1
Jinja2==3.1.2
joblib==1.1.0
json-lines==0.5.0
jsonschema==4.5.1
jupyter==1.0.0
jupyter-client==7.2.0
jupyter-console==6.4.3
jupyter-core==4.10.0
jupyterlab-pygments==0.2.2
jupyterlab-widgets==1.1.0
kiwisolver==1.4.2
lxml==4.5.0
Markdown==3.3.7
MarkupSafe==2.1.1
matplotlib==3.3.4
matplotlib-inline==0.1.3
mistune==0.8.4
more-itertools==4.2.0
multidict==6.0.2
nbclient==0.6.3
nbconvert==6.5.0
nbformat==5.4.0
nest-asyncio==1.5.5
networkx==2.8.2
notebook==6.4.11
numexpr==2.8.1
numpy==1.22.4
olefile==0.46
openpyxl==3.0.3
packaging==21.3
panda==0.3.1
pandas==0.24.2
pandasql==0.7.3
pandocfilters==1.5.0
parso==0.8.3
pbr==5.9.0
pexpect==4.8.0
pickleshare==0.7.5
Pillow==9.1.1
pkgconfig==1.5.5
platformdirs==2.5.2
pluggy==0.13.0
prometheus-client==0.14.1
prompt-toolkit==3.0.29
psutil==5.9.1
ptyprocess==0.7.0
pure-eval==0.2.2
py==1.8.1
py4j==0.10.9.5
pycparser==2.21
pydot==1.4.2
Pygments==2.12.0
PyGObject==3.36.0
pyLDAvis==3.2.2
pyLODE==3.0.1
pyparsing==3.0.9
pyrsistent==0.18.1
PySocks==1.7.1
pytest==4.6.9
python-apt==2.0.0+ubuntu0.20.4.7
python-dateutil==2.5.2
python-git==2018.2.1
pytz==2022.1
PyYAML==3.11
pyzmq==23.0.0
qtconsole==5.3.0
QtPy==2.1.0
rdflib==6.1.1
requests==2.27.1
requests-toolbelt==0.9.1
requests-unixsocket==0.2.0
rich==12.4.4
scikit-learn==1.1.1
scipy==1.8.1
seaborn==0.11.2
Send2Trash==1.8.0
six==1.16.0
soupsieve==2.3.2.post1
SPARQLWrapper==2.0.0
SQLAlchemy==1.4.36
stack-data==0.2.0
stevedore==3.5.0
tables==3.6.1
terminado==0.15.0
threadpoolctl==3.1.0
tinycss2==1.1.1
tornado==6.1
tqdm==4.64.0
traitlets==5.2.1.post0
typing_extensions==4.2.0
unattended-upgrades==0.1
urllib3==1.26.9
virtualenv==20.14.1
virtualenv-clone==0.5.7
virtualenvwrapper==4.8.4
wcwidth==0.2.5
webencodings==0.5.1
widgetsnbextension==3.6.0
xlrd==1.1.0
xlwt==1.3.0
yml2json==1.1.3
zipp==3.8.0