Last active
August 20, 2025 15:36
-
-
Save karlhillx/9209ca8e319594888e800bc59a7d0d39 to your computer and use it in GitHub Desktop.
Eclipse Temurin JDK/JRE 21 w/ Apache Tomcat 11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM eclipse-temurin:21-jdk-jammy AS builder | |
| # Build args to make this reusable | |
| ARG TOMCAT_MAJOR=11 | |
| ARG TOMCAT_VERSION=11.0.3 | |
| # Set environment variables | |
| ENV CATALINA_HOME=/usr/local/tomcat | |
| ENV CATALINA_BASE=/opt/tomcat | |
| # Install necessary tools for download and verification | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| curl ca-certificates tar \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Download and setup Tomcat with security best practices | |
| RUN set -eux; \ | |
| mkdir -p "${CATALINA_HOME}" "${CATALINA_BASE}"; \ | |
| curl -fsSL "https://dlcdn.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz" -o /tmp/tomcat.tgz || \ | |
| curl -fsSL "https://archive.apache.org/dist/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz" -o /tmp/tomcat.tgz; \ | |
| curl -fsSL "https://dlcdn.apache.org/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512" -o /tmp/tomcat.tgz.sha512 || \ | |
| curl -fsSL "https://archive.apache.org/dist/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512" -o /tmp/tomcat.tgz.sha512; \ | |
| sha512sum -c /tmp/tomcat.tgz.sha512; \ | |
| tar -xzf /tmp/tomcat.tgz -C /tmp; \ | |
| cp -R /tmp/apache-tomcat-${TOMCAT_VERSION}/* "${CATALINA_HOME}"; \ | |
| rm -rf /tmp/apache-tomcat-* /tmp/tomcat.tgz*; \ | |
| rm -rf "${CATALINA_HOME}"/webapps/docs "${CATALINA_HOME}"/webapps/examples "${CATALINA_HOME}"/webapps/host-manager "${CATALINA_HOME}"/webapps/manager | |
| # Final stage | |
| FROM eclipse-temurin:21-jre-jammy | |
| LABEL maintainer="Karl Hill <[email protected]>" | |
| # OCI labels for better metadata | |
| ARG TOMCAT_VERSION | |
| LABEL org.opencontainers.image.title="Apache Tomcat" \ | |
| org.opencontainers.image.description="Apache Tomcat on Eclipse Temurin JRE 21 (parametrized, non-root)" \ | |
| org.opencontainers.image.version="${TOMCAT_VERSION}" \ | |
| org.opencontainers.image.licenses="Apache-2.0" | |
| ENV CATALINA_HOME=/usr/local/tomcat | |
| ENV CATALINA_BASE=/opt/tomcat | |
| ENV PATH=${CATALINA_HOME}/bin:${PATH} | |
| # Copy only necessary files from builder | |
| COPY --from=builder ${CATALINA_HOME} ${CATALINA_HOME} | |
| # Install runtime tools needed for healthchecks | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| curl ca-certificates \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Create non-root user for security | |
| RUN groupadd -r tomcat && useradd -r -g tomcat -d "${CATALINA_BASE}" -s /sbin/nologin tomcat | |
| # Prepare writable directories and permissions | |
| RUN set -eux; \ | |
| mkdir -p "${CATALINA_BASE}"/logs "${CATALINA_BASE}"/temp "${CATALINA_BASE}"/work "${CATALINA_BASE}"/webapps; \ | |
| chown -R tomcat:tomcat "${CATALINA_HOME}" "${CATALINA_BASE}" | |
| USER tomcat | |
| # Health check | |
| HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ | |
| CMD curl -fsS http://localhost:8080/ || exit 1 | |
| EXPOSE 8080 | |
| # Sensible JVM defaults for containers | |
| ENV JAVA_OPTS="-XX:MaxRAMPercentage=75.0 -XX:+UseContainerSupport" | |
| CMD ["catalina.sh", "run"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment