# 使用 CentOS 8 作为基础镜像 FROM centos:8 # 维护者信息 LABEL maintainer="小蚂蚁云团队" \ description="JDK 17 on CentOS 8 with Chinese support" \ version="1.0" # 设置环境变量 ENV LANG zh_CN.UTF-8 ENV LC_ALL zh_CN.UTF-8 ENV JAVA_HOME /opt/jdk-17.0.16 ENV PATH $JAVA_HOME/bin:$PATH ENV CLASSPATH .:$JAVA_HOME/lib/jrt-fs.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar # 设置工作目录 WORKDIR /tmp # 备份并替换 yum 源(解决 CentOS 8 EOL 问题) RUN cd /etc/yum.repos.d/ && \ # 备份原有 repo 文件 rename '.repo' '.repo.bak' /etc/yum.repos.d/*.repo && \ # 安装阿里云的 CentOS 8 归档镜像源 curl -s -o /etc/yum.repos.d/Centos-vault-8.5.2111.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \ # 启用阿里云仓库并禁用官方仓库 sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/Centos-*.repo && \ sed -i 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.aliyun.com|g' /etc/yum.repos.d/Centos-*.repo && \ sed -i 's|^baseurl=http://mirror.centos.org|baseurl=https://mirrors.aliyun.com|g' /etc/yum.repos.d/Centos-*.repo && \ # 确保仓库启用 sed -i 's|^enabled=.*|enabled=1|g' /etc/yum.repos.d/Centos-*.repo # 安装基础软件包和中文支持,并一次性清理缓存 RUN yum install -y \ fontconfig \ glibc-langpack-zh \ glibc-locale-source \ glibc-common && \ # yum-utils \ # net-tools \ # vim \ # curl && \ # 设置中文语言环境 localedef -c -f UTF-8 -i zh_CN zh_CN.utf8 && \ localedef -c -f UTF-8 -i C UTF-8 && \ # 设置系统locale echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf && \ echo 'LC_ALL="zh_CN.UTF-8"' >> /etc/locale.conf && \ # 创建字体目录 mkdir -p /usr/share/fonts/ && \ chmod 755 /usr/share/fonts/ && \ # 清理yum缓存 yum clean all && \ rm -rf /var/cache/yum && \ yum makecache # 复制字体文件 RUN mkdir -p /usr/share/fonts COPY ./fonts/ /usr/share/fonts/ # 更新字体缓存并设置时区 RUN fc-cache -fv && \ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ echo 'Asia/Shanghai' > /etc/timezone # # 安装 JDK # WORKDIR /usr/local # ADD jdk-17.0.16_linux-x64_bin.tar.gz /usr/local/ # # 验证 JDK 安装 # RUN ln -sf ${JAVA_HOME} /usr/local/jdk-17.0.16 && \ # java -version && \ # javac -version # 添加并精简 JDK ADD jdk-17.0.16_linux-x64_bin.tar.gz /opt/ # 精简JDK:删除不必要的文件 RUN set -eux && \ # 重命名JDK目录 mv /opt/jdk-17.0.16 /opt/jdk-17.0.16-original && \ \ # 创建新的精简JDK目录 mkdir -p /opt/jdk-17.0.16 && \ \ # 保留必要的目录和文件 cp -r /opt/jdk-17.0.16-original/bin /opt/jdk-17.0.16/ && \ cp -r /opt/jdk-17.0.16-original/lib /opt/jdk-17.0.16/ && \ cp -r /opt/jdk-17.0.16-original/conf /opt/jdk-17.0.16/ && \ cp -r /opt/jdk-17.0.16-original/include /opt/jdk-17.0.16/ && \ \ # 删除调试文件(使用通配符) rm -rf /opt/jdk-17.0.16/lib/*.diz \ /opt/jdk-17.0.16/lib/*/*.diz \ /opt/jdk-17.0.16/lib/*/*/*.diz \ /opt/jdk-17.0.16/lib/*.debuginfo \ /opt/jdk-17.0.16/lib/*/*.debuginfo \ /opt/jdk-17.0.16/lib/*/*/*.debuginfo \ /opt/jdk-17.0.16/lib/*.pdb \ /opt/jdk-17.0.16/lib/*/*.pdb \ /opt/jdk-17.0.16/lib/*/*/*.pdb && \ \ # 删除不必要的模块和文件 rm -rf /opt/jdk-17.0.16/lib/src.zip \ /opt/jdk-17.0.16/lib/missioncontrol \ /opt/jdk-17.0.16/lib/visualvm \ /opt/jdk-17.0.16/lib/jfr \ /opt/jdk-17.0.16/lib/security/cacerts.dummy \ \ # 删除演示和样例 /opt/jdk-17.0.16-original/demo \ /opt/jdk-17.0.16-original/sample \ /opt/jdk-17.0.16-original/man \ \ # 删除文档 /opt/jdk-17.0.16-original/legal \ /opt/jdk-17.0.16-original/README.md \ /opt/jdk-17.0.16-original/release && \ \ # 删除原始JDK目录 rm -rf /opt/jdk-17.0.16-original && \ \ # 设置权限 chmod -R 755 /opt/jdk-17.0.16 && \ chown -R root:root /opt/jdk-17.0.16 &&\ \ # 验证JDK安装 /opt/jdk-17.0.16/bin/java -version && \ /opt/jdk-17.0.16/bin/javac -version # 清理临时文件和缓存 RUN rm -rf /tmp/* /var/tmp/* /var/log/*log /var/log/nginx/*log \ /var/log/*.log /var/log/dmesg /var/log/audit/*log \ /root/.cache /*.repo.bak # 创建非 root 用户运行应用 RUN groupadd -r esxi && \ useradd -r -g esxi -m -d /app esxi && \ chown -R esxi:esxi /app && \ # 设置JDK目录权限 chown -R esxi:esxi $JAVA_HOME # 设置最终工作目录 WORKDIR /app # 切换到非root用户 #USER esxi # 健康检查(可选) # HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ # CMD java -version || exit 1 # 默认命令 CMD ["java", "-version"]