From 80026806423eaeee4e5db49c4d103f1ce34f7b60 Mon Sep 17 00:00:00 2001 From: Minei3oat Date: Sun, 28 Sep 2025 22:24:46 +0200 Subject: [PATCH 1/3] Reduce docker image size by 35% Since docker caches each instruction as a layer, we have to clean cached packages at the end of each step for minimal image size. --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c4abc19..caf6fbe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,8 +15,8 @@ RUN bun run build # Base fedora container FROM --platform=$TARGETARCH quay.io/fedora/fedora:42 AS base RUN dnf -y update && dnf install -y python3.13 libnetfilter_queue \ - libnfnetlink libmnl libcap-ng-utils nftables git \ - vectorscan libtins python3-nftables libpcap uv + libnfnetlink libmnl libcap-ng-utils nftables \ + vectorscan libtins python3-nftables libpcap && dnf clean all RUN mkdir -p /execute/modules WORKDIR /execute @@ -37,10 +37,10 @@ FROM --platform=$TARGETARCH base AS final ADD ./backend/requirements.txt /execute/requirements.txt COPY ./fgex-lib /execute/fgex-lib -RUN dnf install -y gcc-c++ python3.13-devel uv git &&\ +RUN dnf -y update && dnf install -y gcc-c++ python3.13-devel uv git &&\ uv pip install --no-cache --system ./fgex-lib &&\ uv pip install --no-cache --system -r /execute/requirements.txt &&\ - dnf remove -y gcc-c++ python3.13-devel uv git + uv cache clean && dnf remove -y gcc-c++ python3.13-devel uv git && dnf clean all COPY ./backend/ /execute/ COPY --from=compiler /execute/cppregex /execute/cpproxy /execute/modules/ From ebe62acd8d8f52892c98a393af9656cba5cc3464 Mon Sep 17 00:00:00 2001 From: Minei3oat Date: Sun, 28 Sep 2025 22:25:26 +0200 Subject: [PATCH 2/3] Cleanup duplicate installs --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index caf6fbe..ebeb27c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,8 @@ WORKDIR /execute FROM --platform=$TARGETARCH base AS compiler RUN dnf -y update && dnf install -y python3.13-devel @development-tools gcc-c++ \ - libnetfilter_queue-devel libnfnetlink-devel libmnl-devel libcap-ng-utils nftables \ - vectorscan-devel libtins-devel python3-nftables libpcap-devel boost-devel + libnetfilter_queue-devel libnfnetlink-devel libmnl-devel \ + vectorscan-devel libtins-devel libpcap-devel boost-devel COPY ./backend/binsrc /execute/binsrc RUN g++ binsrc/nfregex.cpp -o cppregex -std=c++23 -O3 -lnetfilter_queue -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libhs libmnl) From 2f967399085974f758567d221e9df610bd7d4885 Mon Sep 17 00:00:00 2001 From: Minei3oat Date: Sun, 28 Sep 2025 22:28:46 +0200 Subject: [PATCH 3/3] Use COPY instead of ADD > Use ADD only when you need the additional capabilities it offers, but be mindful of potential security implications. https://www.docker.com/blog/docker-best-practices-understanding-the-differences-between-add-and-copy-instructions-in-dockerfiles/ --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ebeb27c..0fbedb1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN g++ binsrc/nfproxy.cpp -o cpproxy -std=c++23 -O3 -lnetfilter_queue -lpython3 #Building main conteiner FROM --platform=$TARGETARCH base AS final -ADD ./backend/requirements.txt /execute/requirements.txt +COPY ./backend/requirements.txt /execute/requirements.txt COPY ./fgex-lib /execute/fgex-lib RUN dnf -y update && dnf install -y gcc-c++ python3.13-devel uv git &&\