# Multi-architecture cross-compilation Containerfile (LOCAL DEV ONLY)
# CI uses Containerfile.package instead (pre-built binaries, no musl.cc dependency).
#
# Builds linux/amd64 and linux/arm64 from any host platform
# Usage: docker buildx build --platform linux/amd64,linux/arm64 -f Containerfile.cross --target minimal .
#
# Targets:
# minimal (default) — scratch-based, ~5 MB
# alpine — Alpine-based, ~12 MB, has shell for debugging
#
# Compatible with both Podman and Docker
# --- Builder: static musl cross-compilation ---
FROM --platform=$BUILDPLATFORM rust:1.88-slim-bookworm AS builder
# TARGETARCH is injected by buildx (amd64 or arm64)
ARG TARGETARCH
# Pre-downloaded toolchain (CI downloads to build context, local builds use scripts/build-multiarch-cross.sh)
COPY aarch64-linux-musl-cross.tgz /tmp/
# Install musl cross-compilation toolchains
# hadolint ignore=DL3008
RUN apt-get update && \
apt-get install -y --no-install-recommends musl-tools && \
case "$TARGETARCH" in \
amd64) rustup target add x86_64-unknown-linux-musl ;; \
arm64) \
tar xzf /tmp/aarch64-linux-musl-cross.tgz -C /opt && \
rm /tmp/aarch64-linux-musl-cross.tgz && \
rustup target add aarch64-unknown-linux-musl ;; \
esac && \
rm -rf /var/lib/apt/lists/*
WORKDIR /build
COPY Cargo.toml Cargo.lock* ./
COPY src/ src/
COPY assets/ assets/
COPY benches/ benches/
RUN case "$TARGETARCH" in \
amd64) \
cargo build --release --target x86_64-unknown-linux-musl && \
strip target/x86_64-unknown-linux-musl/release/sks5 && \
cp target/x86_64-unknown-linux-musl/release/sks5 /build/sks5-binary ;; \
arm64) \
export PATH="/opt/aarch64-linux-musl-cross/bin:$PATH" && \
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-musl-gcc && \
export CC_aarch64_unknown_linux_musl=aarch64-linux-musl-gcc && \
cargo build --release --target aarch64-unknown-linux-musl && \
/opt/aarch64-linux-musl-cross/bin/aarch64-linux-musl-strip \
target/aarch64-unknown-linux-musl/release/sks5 && \
cp target/aarch64-unknown-linux-musl/release/sks5 /build/sks5-binary ;; \
esac
# --- CA certs (small extraction from Alpine) ---
FROM alpine:3.21 AS certs
RUN apk add --no-cache ca-certificates
# --- Target: minimal (scratch) — DEFAULT ---
FROM scratch AS minimal
LABEL org.opencontainers.image.title="sks5" \
org.opencontainers.image.description="Lightweight SSH server with SOCKS5 proxy" \
org.opencontainers.image.source="https://github.com/galti3r/sks5" \
org.opencontainers.image.licenses="MIT"
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /build/sks5-binary /sks5
EXPOSE 2222 1080 9090 9091
USER 65534
ENTRYPOINT ["/sks5"]
CMD ["--config", "/etc/sks5/config.toml"]
# --- Target: alpine ---
FROM alpine:3.21 AS alpine
LABEL org.opencontainers.image.title="sks5" \
org.opencontainers.image.description="Lightweight SSH server with SOCKS5 proxy" \
org.opencontainers.image.source="https://github.com/galti3r/sks5" \
org.opencontainers.image.licenses="MIT"
RUN apk add --no-cache ca-certificates && \
adduser -D -u 1000 sks5 && \
mkdir -p /etc/sks5 /var/log/sks5 && \
chown sks5:sks5 /etc/sks5 /var/log/sks5
COPY --from=builder /build/sks5-binary /usr/local/bin/sks5
USER sks5
WORKDIR /etc/sks5
EXPOSE 2222 1080 9090 9091
VOLUME ["/etc/sks5"]
STOPSIGNAL SIGTERM
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD ["sks5", "health-check", "--addr", "127.0.0.1:2222", "--timeout", "3"]
ENTRYPOINT ["sks5"]
CMD ["--config", "/etc/sks5/config.toml"]