Skip to content

Add rust Dockerfile #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tnull merged 3 commits into from
Jun 2, 2026
+75 −6
Merged

Add rust Dockerfile #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c4c26ba
Upgrade bitcoin_hashes to 1.0
tankyleo Jun 2, 2026
71506ab
Add Dockerfile
Jun 2, 2026
e9df9b6
Add vss-server to docker-compose.yml
tankyleo Jun 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions rust/.dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
target/
10 changes: 5 additions & 5 deletions rust/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

48 changes: 48 additions & 0 deletions rust/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Build stage
FROM rust:1.91-bookworm AS builder

WORKDIR /build

# Copy workspace files
COPY Cargo.toml Cargo.lock ./
COPY rustfmt.toml ./

# Copy all workspace members
COPY server ./server
COPY api ./api
COPY impls ./impls
COPY auth-impls ./auth-impls
Comment thread
tankyleo marked this conversation as resolved.

# Build the application in release mode
RUN cargo build --locked --release --bin vss-server

# Runtime stage
FROM debian:bookworm-slim

# Install runtime dependencies and create an unprivileged runtime user
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 \
&& rm -rf /var/lib/apt/lists/* \
&& groupadd --system vss \
&& useradd --system --gid vss --home-dir /app --shell /usr/sbin/nologin vss \
&& mkdir -p /app \
&& chown vss:vss /app

WORKDIR /app

# Copy the compiled binary from builder
COPY --from=builder --chown=vss:vss /build/target/release/vss-server /app/vss-server

# Copy default configuration file
COPY --chown=vss:vss server/vss-server-config.toml /app/vss-server-config.toml

USER vss:vss

ENV VSS_BIND_ADDRESS=0.0.0.0:8080

EXPOSE 8080
Copy link
Copy Markdown
Contributor

@tnull tnull Jun 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems by default this will only bind to localhost. Do we need to set VSS_BIND_ADDRESS to make this work outside of docker/reachable by other docker containers?

  • [P2] Use container-reachable network defaults — /home/tnull/workspace/vss-server/rust/Dockerfile:40-40
    When the image is run with its default CMD, e.g. docker run -p 8080:8080 ..., /app/vss-server-config.toml still binds VSS to 127.0.0.1 and points PostgreSQL at 127.0.0.1. Inside Docker those are container-loopback addresses, so the published port cannot reach the server and Postgres on
    another container/host is unreachable unless users override both env vars. Consider shipping a Docker-specific config or setting Docker defaults such as VSS_BIND_ADDRESS=0.0.0.0:8080 and a network-reachable Postgres address.

Copy link
Copy Markdown
Contributor

@tankyleo tankyleo Jun 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks made a couple more passes with codex, see below


# Run the server with the config file
CMD ["/app/vss-server", "/app/vss-server-config.toml"]
2 changes: 1 addition & 1 deletion rust/auth-impls/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ sigs = [ "bitcoin_hashes", "hex-conservative", "secp256k1" ]
api = { path = "../api" }
async-trait = "0.1.77"
base64 = { version = "0.22.1", optional = true, default-features = false, features = ["std"] }
bitcoin_hashes = { version = "0.19", optional = true, default-features = false }
bitcoin_hashes = { version = "1.0", optional = true, default-features = false }
hex-conservative = { version = "1.0", optional = true, default-features = false }
openssl = { version = "0.10.75", optional = true, default-features = false }
secp256k1 = { version = "0.31", optional = true, default-features = false, features = [ "global-context" ] }
Expand Down
20 changes: 20 additions & 0 deletions rust/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,19 @@
services:
vss-server:
build:
context: .
dockerfile: Dockerfile
ports:
- "8080:8080"
environment:
VSS_BIND_ADDRESS: 0.0.0.0:8080
VSS_PSQL_ADDRESS: postgres:5432
depends_on:
postgres:
condition: service_healthy
networks:
- app-network

postgres:
image: postgres:15
environment:
Expand All @@ -9,6 +24,11 @@ services:
- postgres-data:/var/lib/postgresql/data
ports:
- "5432:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"]
interval: 5s
timeout: 5s
retries: 5
networks:
- app-network

Expand Down
Loading