goStatic
A really small static web server for Docker
The goal
My goal is to create to smallest docker container for my web static files. The advantage of Go is that you can generate a fully static binary, so that you don't need anything else.
Wait, I've been using old versions of GoStatic and things have changed!
Yeah, decided to drop support of unsecured HTTPS. Two-years ago, when I started GoStatic, there was no automatic HTTPS available. Nowadays, thanks to Let's Encrypt, it's really easy to do so. If you need HTTPS, I recommend caddy.
Features
- A fully static web server in 6MB
- No frameworkw
- Web server build for Docker
- Can generate certificate on his own
- Light container
- More security than official images (see below)
- Log enabled
Why?
Because the official Golang image is wayyyy to big (around 1/2Gb as you can see below) and could be unsecure.
For me, the whole point of containers is to have a light container... Many links should provide you with additionnal info to see my point of view:
- Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities
- Create The Smallest Possible Docker Container
- Building Docker Images for Static Go Binaries
- Small Docker Images For Go Apps
How to use
docker run -d -p 80:8043 -v path/to/website:/srv/http --name goStatic pierrezemb/gostatic
Usage
./goStatic --help
Usage of /goStatic:
-append-header HeaderName:Value
HTTP response header, specified as HeaderName:Value that should be added to all responses.
-context string
The 'context' path on which files are served, e.g. 'doc' will serve the files at 'http://localhost:<port>/doc/'
-default-user-basic-auth string
Define the user (default "gopher")
-enable-basic-auth
Enable basic auth. By default, password are randomly generated. Use --set-basic-auth to set it.
-fallback string
Default relative to be used when no file requested found. E.g. /index.html
-password-length int
Size of the randomized password (default 16)
-path string
The path for the static files (default "/srv/http")
-port int
The listening port (default 8043)
-set-basic-auth string
Define the basic auth. Form must be user:password
Wow, such container! What are you using?
I'm using the centurylink/ca-certs image instead of the scratch image to avoid this error:
x509: failed to load system roots and no roots provided
The centurylink/ca-certs image is simply the scratch image with the most common root CA certificates pre-installed. The resulting image is only 258 kB which is still a good starting point for creating your own minimal images.