Dockerfile raw

   1  # Multi-stage Dockerfile for ORLY relay + bridge (unified binary)
   2  #
   3  # Default: runs the relay (port 3334)
   4  # Bridge:  docker run orly bridge (port 2525)
   5  # Launcher: docker run orly launcher (relay + bridge + db)
   6  
   7  # Stage 1: Build stage
   8  # Use Debian-based Go image to match runtime stage (avoids musl/glibc linker mismatch)
   9  FROM golang:1.25-bookworm AS builder
  10  
  11  # Install build dependencies
  12  RUN apt-get update && apt-get install -y --no-install-recommends git make && rm -rf /var/lib/apt/lists/*
  13  
  14  # Set working directory
  15  WORKDIR /build
  16  
  17  # Copy go mod files
  18  COPY go.mod go.sum ./
  19  RUN go mod download
  20  
  21  # Copy source code
  22  COPY . .
  23  
  24  # Build the unified binary (includes all subcommands: relay, bridge, db, acl, launcher)
  25  RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o orly -ldflags="-w -s" ./cmd/orly
  26  
  27  # Stage 2: Runtime stage
  28  # Use Debian slim instead of Alpine because Debian's libsecp256k1 includes
  29  # Schnorr signatures (secp256k1_schnorrsig_*) and ECDH which Nostr requires.
  30  # Alpine's libsecp256k1 is built without these modules.
  31  FROM debian:bookworm-slim
  32  
  33  # Install runtime dependencies
  34  RUN apt-get update && \
  35      apt-get install -y --no-install-recommends ca-certificates curl libsecp256k1-1 && \
  36      rm -rf /var/lib/apt/lists/*
  37  
  38  # Create app user
  39  RUN groupadd -g 1000 orly && \
  40      useradd -m -u 1000 -g orly orly
  41  
  42  # Set working directory
  43  WORKDIR /app
  44  
  45  # Copy binary (libsecp256k1.so.1 is already installed via apt)
  46  COPY --from=builder /build/orly /app/orly
  47  
  48  # Create data and DKIM directories
  49  RUN mkdir -p /data /dkim && chown -R orly:orly /data /dkim /app
  50  
  51  # Switch to app user
  52  USER orly
  53  
  54  # Expose ports: 3334=relay WebSocket, 2525=bridge SMTP inbound
  55  EXPOSE 3334 2525
  56  
  57  # Health check (relay mode — override for bridge mode in compose)
  58  HEALTHCHECK --interval=10s --timeout=5s --start-period=20s --retries=3 \
  59      CMD curl -f http://localhost:3334/ || exit 1
  60  
  61  # Set default environment variables
  62  ENV ORLY_LISTEN=0.0.0.0 \
  63      ORLY_PORT=3334 \
  64      ORLY_DATA_DIR=/data \
  65      ORLY_LOG_LEVEL=info
  66  
  67  # Run the binary (default: relay; pass "bridge" to run the email bridge)
  68  ENTRYPOINT ["/app/orly"]
  69