Dockerfile raw

   1  # Dockerfile for Stella's Nostr Relay (next.orly.dev)
   2  # Owner: npub1v30tsz9vw6ylpz63g0a702nj3xa26t3m7p5us8f2y2sd8v6cnsvq465zjx
   3  #
   4  # Build from repository root:
   5  #   docker build -f contrib/stella/Dockerfile -t stella-relay .
   6  
   7  # Use Debian-based Go image to match runtime stage (avoids musl/glibc linker mismatch)
   8  FROM golang:1.25-bookworm AS builder
   9  
  10  # Install build dependencies
  11  RUN apt-get update && apt-get install -y --no-install-recommends git make && rm -rf /var/lib/apt/lists/*
  12  
  13  # Set working directory
  14  WORKDIR /build
  15  
  16  # Copy go modules first (for better caching)
  17  COPY go.mod go.sum ./
  18  RUN go mod download
  19  
  20  # Copy source code
  21  COPY . .
  22  
  23  # Build the relay with CGO disabled (uses purego for crypto)
  24  RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o relay .
  25  
  26  # Create non-root user for security
  27  RUN useradd -m -u 1000 stella && \
  28      chown -R 1000:1000 /build
  29  
  30  # Final stage - minimal runtime image
  31  # Use Debian slim instead of Alpine because Debian's libsecp256k1 includes
  32  # Schnorr signatures (secp256k1_schnorrsig_*) and ECDH which Nostr requires.
  33  # Alpine's libsecp256k1 is built without these modules.
  34  FROM debian:bookworm-slim
  35  
  36  # Install runtime dependencies
  37  RUN apt-get update && \
  38      apt-get install -y --no-install-recommends ca-certificates curl libsecp256k1-1 && \
  39      rm -rf /var/lib/apt/lists/*
  40  
  41  WORKDIR /app
  42  
  43  # Copy binary (libsecp256k1.so.1 is already installed via apt)
  44  COPY --from=builder /build/relay /app/relay
  45  
  46  # Create runtime user and directories
  47  RUN useradd -m -u 1000 stella && \
  48      mkdir -p /data /profiles /app && \
  49      chown -R 1000:1000 /data /profiles /app
  50  
  51  # Expose the relay port
  52  EXPOSE 7777
  53  
  54  # Set environment variables for Stella's relay
  55  ENV ORLY_DATA_DIR=/data
  56  ENV ORLY_LISTEN=0.0.0.0
  57  ENV ORLY_PORT=7777
  58  ENV ORLY_LOG_LEVEL=info
  59  ENV ORLY_MAX_CONNECTIONS=1000
  60  ENV ORLY_OWNERS=npub1v30tsz9vw6ylpz63g0a702nj3xa26t3m7p5us8f2y2sd8v6cnsvq465zjx
  61  ENV ORLY_ADMINS=npub1v30tsz9vw6ylpz63g0a702nj3xa26t3m7p5us8f2y2sd8v6cnsvq465zjx,npub1m4ny6hjqzepn4rxknuq94c2gpqzr29ufkkw7ttcxyak7v43n6vvsajc2jl,npub1l5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqstegx9z
  62  
  63  # Health check to ensure relay is responding
  64  HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  65    CMD sh -c "code=\$(curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:7777 || echo 000); echo \$code | grep -E '^(101|200|400|404|426)$' >/dev/null || exit 1"
  66  
  67  # Create volume for persistent data
  68  VOLUME ["/data"]
  69  
  70  # Drop privileges and run as stella user
  71  USER 1000:1000
  72  
  73  # Run Stella's Nostr relay
  74  CMD ["/app/relay"]
  75