diff --git a/docker/Dockerfile b/docker/Dockerfile
index b0fdff5d1f8422ef772a39fdc5667d5c02ea5780..fb51ae3f296d5fdee7eaaf0ddef4ad5aef6d825f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -7,11 +7,11 @@ WORKDIR /app
COPY . /app/
RUN --mount=type=cache,id=mvncache,target=/root/.m2/repository,rw \
- mvn -B package
+ mvn -B verify
### Then we add the builded war to a JEE server.
#FROM payara/server-full:5.2021.9-jdk11 as server
-FROM brunoe/payara:jdk11-6 as server
+FROM brunoe/payara:jdk11-13 as server
ARG STORE_PASSWORD=changeit
## Download the JDBC driver
@@ -25,26 +25,22 @@ RUN apt-get update && \
USER payara
## This script adds a jdbc connection pool and ressource
-COPY docker/post-boot-commands.asadmin $POSTBOOT_COMMANDS
+COPY --chown=payara:payara docker/post-boot-commands.asadmin $POSTBOOT_COMMANDS
##
## We copy the OUR certificates to payara
-COPY --from=build /app/utils/src/main/resources/mycert.crt /app/utils/src/main/resources/mycert.p12 /tmp/
-COPY --from=build /app/utils/src/main/resources/mycert-pub.p12 /app/utils/src/main/resources/mycert-pub.p12 /
+COPY --from=build --chown=payara:payara /app/utils/src/main/resources/mycert.crt /app/utils/src/main/resources/mycert.p12 /tmp/
+COPY --from=build --chown=payara:payara /app/utils/src/main/resources/mycert-pub.p12 /app/utils/src/main/resources/mycert-pub.p12 /
RUN keytool -importkeystore -noprompt -destkeystore /opt/payara/appserver/glassfish/domains/domain1/config/keystore.jks -srckeystore /tmp/mycert.p12 -srcstoretype PKCS12 -alias mycert -srcstorepass storepass -deststorepass ${STORE_PASSWORD} -deststoretype pkcs12 && \
keytool -importcert -noprompt -trustcacerts -destkeystore /opt/payara/appserver/glassfish/domains/domain1/config/cacerts.jks -file /tmp/mycert.crt -alias mycert -srcstorepass storepass -deststorepass ${STORE_PASSWORD} -deststoretype pkcs12
-#RUN wget https://github.com/eclipse-ee4j/mojarra/releases/download/3.0.2-RELEASE/jakarta.faces-3.0.2.jar \
-# -O /opt/payara/appserver/glassfish/modules/jakarta.faces.jar
-#RUN wget https://github.com/eclipse-ee4j/mojarra/releases/download/2.3.17-RELEASE/jakarta.faces-2.3.17.jar \
-# -O /opt/payara/appserver/glassfish/modules/jakarta.faces.jar
FROM server as production
-#COPY --from=build /app/jee/restApp/target/*.war \
+#COPY --from=build --chown=payara:payara /app/jee/restApp/target/*.war \
# $DEPLOY_DIR
-#COPY --from=build /app/jee/wsApp/target/*.war \
+#COPY --from=build --chown=payara:payara /app/jee/wsApp/target/*.war \
# $DEPLOY_DIR
-#COPY --from=build /app/jee/jsf/target/*.war \
+#COPY --from=build --chown=payara:payara /app/jee/jsf/target/*.war \
# $DEPLOY_DIR
-COPY --from=build /app/jee/ear/target/*.ear \
+COPY --from=build --chown=payara:payara /app/jee/ear/target/*.ear \
$DEPLOY_DIR
\ No newline at end of file
diff --git a/docker/payara/Dockerfile b/docker/payara/Dockerfile
index 369243efef57261fdbf19a04e29b6bb2a7838a5f..df7a754fbd12f511f3da7bc0667224c33301ece1 100644
--- a/docker/payara/Dockerfile
+++ b/docker/payara/Dockerfile
@@ -1,98 +1,95 @@
-# FROM azul/zulu-openjdk:8u222 as mypayara
-#FROM eclipse-temurin:17-jdk
FROM eclipse-temurin:11.0.13_8-jdk-focal
+
+ENV HOME_DIR=/opt/payara
+ENV PAYARA_DIR=${HOME_DIR}/appserver \
+ SCRIPT_DIR=${HOME_DIR}/scripts \
+ CONFIG_DIR=${HOME_DIR}/config \
+ DEPLOY_DIR=${HOME_DIR}/deployments \
+ PASSWORD_FILE=${HOME_DIR}/passwordFile \
+ ADMIN_USER=admin \
+ ADMIN_PASSWORD=admin \
+ JVM_ARGS="" \
+ MEM_MAX_RAM_PERCENTAGE="70.0" \
+ MEM_XSS="512k"
+ENV PATH="${PATH}:${PAYARA_DIR}/bin"
+
+ARG TINI_VERSION=v0.19.0
+
+# Download tini
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini \
+ https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /
+
+RUN true \
+ && apt-get update \
+ && apt-get install -y gpg wget unzip\
+ && rm -rf /var/lib/apt/lists/* \
+ && mkdir -p ${HOME_DIR} \
+ && addgroup --gid 1000 payara \
+ && adduser --system --uid 1000 --no-create-home --shell /bin/bash --home "${HOME_DIR}" --gecos "" --ingroup payara payara \
+ && echo payara:payara | chpasswd \
+ && mkdir -p ${PAYARA_DIR} \
+ && mkdir -p ${DEPLOY_DIR} \
+ && mkdir -p ${CONFIG_DIR} \
+ && mkdir -p ${SCRIPT_DIR} \
+ && chown -R payara:payara ${HOME_DIR} \
+ # Verify tini
+ && gpg --verbose --keyserver keyserver.ubuntu.com --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
+ && gpg --verify /tini.asc \
+ && chmod +x /tini \
+ && true
+
+USER payara
+WORKDIR ${HOME_DIR}
+
# Default payara ports to expose
# 4848: admin console
# 9009: debug port (JPDA)
# 8080: http
# 8181: https
-EXPOSE 4848 9009 8080 8181 8686
+EXPOSE 4848 9009 8080 8181
-#ARG PAYARA_VERSION=5.2021.9
-#ARG PAYARA_SHA1=81c43f3c537ec74a813b48172758866615e1e792
+ENV DOMAIN_NAME=domain1 \
+ PAYARA_ARGS="" \
+ PREBOOT_COMMANDS=${CONFIG_DIR}/pre-boot-commands.asadmin \
+ PREBOOT_COMMANDS_FINAL=${CONFIG_DIR}/pre-boot-commands-final.asadmin \
+ POSTBOOT_COMMANDS=${CONFIG_DIR}/post-boot-commands.asadmin \
+ POSTBOOT_COMMANDS_FINAL=${CONFIG_DIR}/post-boot-commands-final.asadmin \
+ DEPLOY_PROPS=""
ARG PAYARA_VERSION=6.2021.1.Alpha1
ARG PAYARA_SHA1=0262f8af7e52b318109ed43f8a31a1e93f111bbf
-
ARG PAYARA_PKG=https://search.maven.org/remotecontent?filepath=fish/payara/distributions/payara/${PAYARA_VERSION}/payara-${PAYARA_VERSION}.zip
-
-ARG TINI_VERSION=v0.19.0
-
-# Initialize the configurable environment variables
-ENV HOME_DIR=/opt/payara\
- PAYARA_DIR=/opt/payara/appserver\
- SCRIPT_DIR=/opt/payara/scripts\
- CONFIG_DIR=/opt/payara/config\
- DEPLOY_DIR=/opt/payara/deployments\
- PASSWORD_FILE=/opt/payara/passwordFile\
- # Payara Server Domain options
- DOMAIN_NAME=domain1\
- ADMIN_USER=admin\
- ADMIN_PASSWORD=admin\
- # Utility environment variables
- JVM_ARGS=\
- PAYARA_ARGS=\
- DEPLOY_PROPS=\
- POSTBOOT_COMMANDS=/opt/payara/config/post-boot-commands.asadmin\
- PREBOOT_COMMANDS=/opt/payara/config/pre-boot-commands.asadmin
-ENV PATH="${PATH}:${PAYARA_DIR}/bin"
-
-# Create and set the Payara user and working directory owned by the new user
-RUN groupadd -g 1000 payara && \
- useradd -u 1000 -M -s /bin/bash -d ${HOME_DIR} payara -g payara && \
- echo payara:payara | chpasswd && \
- mkdir -p ${DEPLOY_DIR} && \
- mkdir -p ${CONFIG_DIR} && \
- mkdir -p ${SCRIPT_DIR} && \
- chown -R payara: ${HOME_DIR} && \
- # Install required packages
- apt-get update && \
- apt-get install -y wget unzip gpg && \
- rm -rf /var/lib/apt/lists/*
-
-# Install tini as minimized init system
-RUN wget --no-verbose -O /tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini && \
- wget --no-verbose -O /tini.asc https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc && \
- gpg --batch --keyserver "keyserver.ubuntu.com" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && \
- gpg --batch --verify /tini.asc /tini && \
- chmod +x /tini
-
-USER payara
-WORKDIR ${HOME_DIR}
+COPY --chown=payara:payara bin/* ${SCRIPT_DIR}/
+#COPY --chown=payara:payara maven/artifacts/payara6 ${PAYARA_DIR}/
# Download and unzip the Payara distribution
RUN ulimit -n 1024 ; wget --no-verbose -O payara.zip ${PAYARA_PKG} && \
echo "${PAYARA_SHA1} *payara.zip" | sha1sum -c - && \
unzip -qq payara.zip -d ./ && \
- mv payara*/ appserver && \
- # Configure the password file for configuring Payara
- echo "AS_ADMIN_PASSWORD=\nAS_ADMIN_NEWPASSWORD=${ADMIN_PASSWORD}" > /tmp/tmpfile && \
- echo "AS_ADMIN_PASSWORD=${ADMIN_PASSWORD}" >> ${PASSWORD_FILE} && \
- # Configure the payara domain
- ${PAYARA_DIR}/bin/asadmin --user ${ADMIN_USER} --passwordfile=/tmp/tmpfile change-admin-password --domain_name=${DOMAIN_NAME} && \
- ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-domain ${DOMAIN_NAME} && \
- ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} enable-secure-admin && \
- for MEMORY_JVM_OPTION in $(${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} list-jvm-options | grep "Xm[sx]"); do\
- ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} delete-jvm-options $MEMORY_JVM_OPTION;\
- done && \
- # FIXME: when upgrading this container to Java 10+, this needs to be changed to '-XX:+UseContainerSupport' and '-XX:MaxRAMPercentage'
-# ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} create-jvm-options '-XX\:+UnlockExperimentalVMOptions:-XX\:+UseCGroupMemoryLimitForHeap:-XX\:MaxRAMFraction=1' && \
- ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} create-jvm-options '-XX\:+UseContainerSupport:-XX\:MaxRAMPercentage=100' && \
- ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} set-log-attributes com.sun.enterprise.server.logging.GFFileHandler.logtoFile=false && \
- ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} stop-domain ${DOMAIN_NAME} && \
- # Cleanup unused files
- rm -rf \
- /tmp/tmpFile \
- payara.zip \
- ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/osgi-cache \
- ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/logs
-# ${PAYARA_DIR}/glassfish/domains/domain1
+ mv payara*/* ${PAYARA_DIR} && rm -rf payara*
-# Copy across docker scripts
-COPY --chown=payara:payara bin/*.sh ${SCRIPT_DIR}/
-RUN mkdir -p ${SCRIPT_DIR}/init.d && \
- chmod +x ${SCRIPT_DIR}/*
+RUN true \
+ && echo "AS_ADMIN_PASSWORD=\nAS_ADMIN_NEWPASSWORD=${ADMIN_PASSWORD}" > /tmp/password-change-file.txt \
+ && echo "AS_ADMIN_PASSWORD=${ADMIN_PASSWORD}" >> ${PASSWORD_FILE} \
+ && ${PAYARA_DIR}/bin/asadmin --user ${ADMIN_USER} --passwordfile=/tmp/password-change-file.txt change-admin-password --domain_name=${DOMAIN_NAME} \
+ && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-domain ${DOMAIN_NAME} \
+ && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} enable-secure-admin \
+ && for MEMORY_JVM_OPTION in \
+ $(${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} list-jvm-options | grep "Xm[sx]\|Xss"); \
+ do\
+ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} delete-jvm-options $MEMORY_JVM_OPTION;\
+ done \
+ && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} create-jvm-options \
+ '-XX\:+UseContainerSupport:-XX\:MaxRAMPercentage=${ENV=MEM_MAX_RAM_PERCENTAGE}:-Xss${ENV=MEM_XSS}' \
+ && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} \
+ set-log-attributes com.sun.enterprise.server.logging.GFFileHandler.logtoFile=false \
+ && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} stop-domain ${DOMAIN_NAME} \
+ && rm -rf \
+ /tmp/password-change-file.txt \
+ ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/osgi-cache \
+ ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/logs \
+ && true
ENTRYPOINT ["/tini", "--"]
-CMD ${SCRIPT_DIR}/entrypoint.sh
+CMD "${SCRIPT_DIR}/entrypoint.sh"
diff --git a/docker/payara/build.sh b/docker/payara/build.sh
index 6ee1b511105493c2a4181dd967400f0fadc99ede..3f45d23d2c622a2823acc8c2750919d53f86563a 100755
--- a/docker/payara/build.sh
+++ b/docker/payara/build.sh
@@ -1 +1 @@
-COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker build -t brunoe/payara:jdk11-6 .
+COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker build -t brunoe/payara:jdk11-13 .