I want to run the certbot-auto client while building a docker container from within this container and therefore I need port 443 to be accessible to the outside world.
Is there any way I can bind ports to the host while building a docker image ?
Asked
Active
Viewed 158 times
2
-
Why does the port need to be bound when building the image instead of when running the container? – jwodder Dec 20 '16 at 22:30
-
1Because I want certbot to fetch the certificate while building the image, not when running the container. – Nicolas Seiller Dec 20 '16 at 22:34
1 Answers
2
Short answer, no.
The option isn't there as part of docker build, and the build shouldn't hang waiting for externalities to connect in. They should also be designed to run on any developer workstation, externally hosted build server, and everything in between.
Longer answer, I think you're going down the wrong path. Injecting unique container specific data into the image creates something that goes against the typical pattern of docker images. Instead of trying to inject a certificate into your image, have it do this as part of the container entrypoint, and if you need persistence, store the result in a volume so you can skip that step on the next startup.
BMitch
- 231,797
- 42
- 475
- 450
-
That's more or less what I did. I wanted to run certbot at build time because it takes _ages_ to install everything (it runs on a raspberry Pi). `--os-packages-only` does not solve this as e. g. it does not install python packages. So I run it once at build time, event if it fails (and I make docker ignore errors using [this nifty trick](http://stackoverflow.com/questions/30716937/dockerfile-build-possible-to-ignore-error)) at least everything is setup. Then I run it once again at execution time and it generates certificates almost instantly. – Nicolas Seiller Dec 22 '16 at 14:57