** Currently Docker Hub not allowing free hosting for Docker images: Please run ./build.sh first by yourself locally **
(**NEW**) Updated to latest Ubuntu 24.04 and related latest tools, e.g., pip, Maven, Python, Java, etc.
This new release is designed to support the deployment for Non-Root child images implementations and deployments to platform such as OpenShift or RedHat host operating system which requiring special policy to deploy. And, for better security practice, we decided to migrate (eventaully) our Docker containers to use Non-Root implementation.
Here are some of the things you can do if your images requiring "Root" acccess - you really
want to do it:
- For Docker build: Use "sudo" or "sudo -H" prefix to your Dockerfile's command which requiring "sudo" access to install packages.
- For Docker container (access via shell): Use "sudo" command when you need to access root privilges to install packages or change configurations.
- Or, you can use older version of this kind of base images which use "root" in Dockerfile.
- Yet, you can also modify the Dockerfile at the very bottom to remove/comment out the "USER ${USER}" line so that your child images can have root as USER.
- Finally, you can also, add a new line at the very top of your child Docker image's Dockerfile to include "USER root" so that your Docker images built will be using "root".
We like to promote the use of "Non-Root" images as better Docker security practice. And, whenever possible, you also want to further confine the use of "root" privilges in your Docker implementation so that it can prevent the "rooting hacking into your Host system". To lock down your docker images and/or this base image, you will add the following line at the very end to remove sudo: (Notice that this might break some of your run-time code if you use sudo during run-time)
sudo agt-get remove -y sudo
After that, combining with other Docker security practice (see below references), you just re-build your local images and re-deploy it as non-development quality of docker container. However, there are many other practices to secure your Docker containes. See below:
- Docker security | Docker Documentation
- 5 tips for securing your Docker containers - TechRepublic
- Docker Security - 6 Ways to Secure Your Docker Containers
- Five Docker Security Best Practices - The New Stack
- Ubuntu 24.04 now.
- openjdk version "23-ea" 2024-09-17 OpenJDK Runtime Environment (build 23-ea+10-Ubuntu-1) OpenJDK 64-Bit Server VM (build 23-ea+10-Ubuntu-1, mixed mode, sharing)
- Apache Maven 3.9
- Python 3.12 + pip 23 + Python 3 virtual environments (venv, virtualenv, virtualenvwrapper, mkvirtualenv, ..., etc.)
- Node v21 + npm 10 (from NodeSource official Node Distribution)
- Gradle 7
- Other tools: git wget unzip vim python python-setuptools python-dev python-numpy, ..., etc.
- See Releases Information
- Note: 'yarn' is removed from this latest build -- if needed, it will be put back later releases.
- build.sh - build local image.
- logs.sh - see logs of container.
- run.sh - run the container.
- shell.sh - shell into the container.
- save.sh - save a running Container instance into a tgz file for later to restore.
- restore.sh - restore the previously archived tgz Container instance ready for running again.
- stop.sh - stop the container.
- tryJava.sh : test Java
- tryNodeJS.sh : test NodeJS
- tryPython.sh : test Python
- tryWebSocketServer.sh : test WebSockert NodeJS Server
- git clone https://github.com/DrSnowbird/jdk-mvn-py3.git
- cd jdk-mvn-py3
- ./run.sh
./build.sh or 'make build'
./run.sh
./tryJava.sh
./tryNodeJS.sh
./tryPython.sh
./tryWebSockerServer.sh
- Issue: the
./tryJava.sh
encouters some permission to write share folder in Container. To fix later!
./build.sh
docker pull openkbs/jdk-mvn-py3
FROM openkbs/jdk-mvn-py3
... (then your customization Dockerfile code here)
Then, you're ready to run:
- make sure you create your work directory, e.g., ./data
mkdir ./data
docker run -d --name my-jdk-mvn-py3 -v $PWD/data:/data -i -t openkbs/jdk-mvn-py3
Say, you will build the image "my/jdk-mvn-py3".
docker build -t my/jdk-mvn-py3 .
To run your own image, say, with some-jdk-mvn-py3:
mkdir ./data
docker run -d --name some-jdk-mvn-py3 -v $PWD/data:/data -i -t my/jdk-mvn-py3
docker exec -it some-jdk-mvn-py3 /bin/bash
To run Python code
docker run -it --rm openkbs/jdk-mvn-py3 python3 -c 'print("Hello World")'
or,
docker run -i --rm openkbs/jdk-mvn-py3 python3 < myPyScript.py
or,
mkdir ./data
echo "print('Hello World')" > ./data/myPyScript.py
docker run -it --rm --name some-jdk-mvn-py3 -v "$PWD"/data:/data openkbs/jdk-mvn-py3 python3 myPyScript.py
or,
alias dpy3='docker run --rm openkbs/jdk-mvn-py3 python3'
dpy3 -c 'print("Hello World")'
Remember, the default working directory, /data, inside the docker container -- treat is as "/". So, if you create subdirectory, "./data/workspace", in the host machine and the docker container will have it as "/data/workspace".
#!/bin/bash -x
mkdir ./data
cat >./data/HelloWorld.java <<-EOF
public class HelloWorld {
public static void main(String[] args) {
System.out.println("Hello, World");
}
}
EOF
cat ./data/HelloWorld.java
alias djavac='docker run -it --rm --name some-jdk-mvn-py3 -v '$PWD'/data:/data openkbs/jdk-mvn-py3 javac'
alias djava='docker run -it --rm --name some-jdk-mvn-py3 -v '$PWD'/data:/data openkbs/jdk-mvn-py3 java'
djavac HelloWorld.java
djava HelloWorld
And, the output:
Hello, World
Hence, the alias above, "djavac" and "djava" is your docker-based "javac" and "java" commands and it will work the same way as your local installed Java's "javac" and "java" commands.
Run the NodeJS mini-server script:
./tryNodeJS.sh
Then, open web browser to go to http://0.0.0.0:3000/ to NodeJS mini-web server test.
There are various ways to run Python virtual envrionments, for example,
Add the following code to the end of ~/.bashrc
#########################################################################
#### ---- Customization for multiple virtual python environment ---- ####
#########################################################################
export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3
source /usr/local/bin/virtualenvwrapper.sh
export WORKON_HOME=~/Envs
if [ ! -d $WORKON_HOME ]; then
mkdir -p $WORKON_HOME
fi
mkvirtualenv my-venv
workon my-venv
However, for larger complex projects, you might want to consider to use Docker-based IDE. For example, try the following Docker-based IDEs:
- openkbs/docker-atom-editor
- openkbs/eclipse-photon-docker
- openkbs/eclipse-photon-vnc-docker
- openkbs/eclipse-oxygen-docker
- openkbs/intellj-docker
- openkbs/intellj-vnc-docker
- openkbs/knime-vnc-docker
- openkbs/netbeans9-docker
- openkbs/netbeans
- openkbs/papyrus-sysml-docker
- openkbs/pycharm-docker
- openkbs/scala-ide-docker
- openkbs/sublime-docker
- openkbs/webstorm-docker
- openkbs/webstorm-vnc-docker
Corporate Proxy Root and Intemediate Certificates setup for System and Web Browsers (FireFox, Chrome, etc)
- Save your corporate's Certificates in the currnet GIT directory,
./certificates
- During Docker run command,
-v `pwd`/certificates:/certificates ... (the rest parameters)
If you want to map to different directory for certificates, e.g., /home/developer/certificates, then
-v `pwd`/certificates:/home/developer/certificates -e SOURCE_CERTIFICATES_DIR=/home/developer/certificates ... (the rest parameters)
- And, inside the Docker startup script to invoke the
~/scripts/setup_system_certificates.sh
. Note that the script assumes the certficates are in/certificates
directory. - The script
~/scripts/setup_system_certificates.sh
will automatic copy to target directory and setup certificates for both System commands (wget, curl, etc) to use and Web Browsers'.
~$ /usr/scripts/printVersions.sh
JAVA_HOME=/usr/lib/jvm/java-23-openjdk-amd64
java: /usr/bin/java /usr/share/java /usr/lib/jvm/java-23-openjdk-amd64/bin/java /usr/share/man/man1/java.1.gz
/usr/lib/jvm/java-23-openjdk-amd64/bin/java
openjdk version "23-ea" 2024-09-17
OpenJDK Runtime Environment (build 23-ea+10-Ubuntu-1)
OpenJDK 64-Bit Server VM (build 23-ea+10-Ubuntu-1, mixed mode, sharing)
/usr/bin/mvn
Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae)
Maven home: /usr/apache-maven-3.9.6
Java version: 23-ea, vendor: Private Build, runtime: /usr/lib/jvm/java-23-openjdk-amd64
Default locale: en, platform encoding: UTF-8
OS name: "linux", version: "6.5.0-21-generic", arch: "amd64", family: "unix"
/usr/bin/python3
Python 3.12.2
/usr/bin/pip
pip 23.3 from /usr/lib/python3/dist-packages/pip (python 3.12)
/usr/bin/pip3
pip 23.3 from /usr/lib/python3/dist-packages/pip (python 3.12)
/usr/bin/gradle
Welcome to Gradle 7.6.4!
Here are the highlights of this release:
- Added support for Java 19.
- Introduced `--rerun` flag for individual task rerun.
- Improved dependency block for test suites to be strongly typed.
- Added a pluggable system for Java toolchains provisioning.
For more details see https://docs.gradle.org/7.6.4/release-notes.html
------------------------------------------------------------
Gradle 7.6.4
------------------------------------------------------------
Build time: 2024-02-05 14:29:18 UTC
Revision: e0bb3fc8cefad8432c9033cdfb12dc14facc9dd9
Kotlin: 1.7.10
Groovy: 3.0.13
Ant: Apache Ant(TM) version 1.10.13 compiled on January 4 2023
JVM: 23-ea (Private Build 23-ea+10-Ubuntu-1)
OS: Linux 6.5.0-21-generic amd64
/usr/bin/npm
10.2.4
/usr/bin/node
v21.6.2
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu Noble Numbat (development branch)"
PRETTY_NAME="Ubuntu Noble Numbat (development branch)"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo