localnet: multi-stage dockerfile

This commit is contained in:
Tommy Verrall
2026-02-16 14:33:02 +01:00
parent 00467e4440
commit c7cd962627
2 changed files with 25 additions and 19 deletions
+1
View File
@@ -3,4 +3,5 @@
.gitignore
**/node_modules
**/target
target-otel
dist
+24 -19
View File
@@ -1,21 +1,24 @@
# Single-stage Dockerfile for Nym localnet
# Builds: nym-node, nym-network-requester, nym-socks5-client
# Target: Apple Container Runtime with host networking
# Multi-stage Dockerfile for Nym localnet
# Stage 1: Build binaries
# Stage 2: Slim runtime with only the final binaries
FROM rust:latest
# --- Build stage ---
FROM rust:latest AS builder
WORKDIR /usr/src/nym
COPY ./ ./
ENV CARGO_BUILD_JOBS=8
# Build all required binaries in release mode
# nym-node is built with the otel feature for OpenTelemetry tracing support
RUN cargo build --release --locked -p nym-node --features otel && \
cargo build --release --locked -p nym-network-requester -p nym-socks5-client
# Install runtime dependencies including Go for wireguard-go
RUN apt update && apt install -y \
# --- Runtime stage ---
FROM debian:trixie-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
build-essential \
python3 \
python3-pip \
netcat-openbsd \
@@ -23,31 +26,33 @@ RUN apt update && apt install -y \
iproute2 \
net-tools \
wireguard-tools \
golang-go \
git \
iptables \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install wireguard-go (userspace WireGuard implementation)
RUN git clone https://git.zx2c4.com/wireguard-go && \
# Install Go and build wireguard-go, then clean up
ARG TARGETARCH
RUN curl -fsSL "https://go.dev/dl/go1.23.6.linux-${TARGETARCH}.tar.gz" \
| tar -C /usr/local -xz && \
export PATH="/usr/local/go/bin:$PATH" && \
git clone https://git.zx2c4.com/wireguard-go && \
cd wireguard-go && \
make && \
cp wireguard-go /usr/local/bin/ && \
cd .. && \
rm -rf wireguard-go
rm -rf wireguard-go /usr/local/go && \
apt-get purge -y --auto-remove build-essential curl
# Install Python dependencies for build_topology.py
RUN pip3 install --break-system-packages base58
# Move binaries to /usr/local/bin for easy access
RUN cp target/release/nym-node /usr/local/bin/ && \
cp target/release/nym-network-requester /usr/local/bin/ && \
cp target/release/nym-socks5-client /usr/local/bin/
# Copy only the compiled binaries from the builder stage
COPY --from=builder /usr/src/nym/target/release/nym-node /usr/local/bin/
COPY --from=builder /usr/src/nym/target/release/nym-network-requester /usr/local/bin/
COPY --from=builder /usr/src/nym/target/release/nym-socks5-client /usr/local/bin/
# Copy supporting scripts
COPY ./docker/localnet/build_topology.py /usr/local/bin/
WORKDIR /nym
# Default command
CMD ["nym-node", "--help"]