Skip to content

mubarakcoded/rust-actix-web-minimal-docker-image

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src
src
 
 
.dockerignore
.dockerignore
 
 
.gcloudignore
.gcloudignore
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.original
Dockerfile.original
 
 
Readme.md
Readme.md
 
 

Repository files navigation

Rust Actix Web Minimal Docker Image

This project demonstrates how to build and run a Rust application using Docker, with a focus on security and efficiency.

Table of Contents

Getting Started

  1. Build the Docker image:
docker build -t servercrust/cloud-run-app .
  1. Run the Docker image:
docker run --init -p 8080:8080 -t servercrust/cloud-run-app

Note: The --init option is optional.

  1. Test app using curl
curl localhost:8000
  1. Load test using wrk with 8 threads, 256 connections for 30 seconds duration (about 50k req/sec)
wrk -t8 -c256 -d30s http://localhost:8080

Running 30s test @ http://localhost:8080
  8 threads and 256 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency     4.81ms    4.35ms 144.35ms   87.94%
    Req/Sec     7.39k   839.75    15.28k    80.21%
  1767602 requests in 30.07s, 219.14MB read
Requests/sec:  58780.61
Transfer/sec:      7.29MB

Docker and Multistage Builds

A Docker image is a lightweight, standalone, executable package that includes everything needed to run a piece of software. Images are built from a Dockerfile, which contains instructions to generate the image.

Multistage Builds

Multistage builds in Docker allow the use of multiple FROM statements in a Dockerfile. Each FROM instruction begins a new stage of the build, potentially using a different base image.

Advantages:

  1. Smaller final images
  2. Improved security
  3. Better organization
  4. Efficient caching

Our Dockerfile uses a four-stage build:

  1. Planner stage: Creates a dependency recipe using cargo-chef
  2. Cacher stage: Builds dependencies based on the recipe
  3. Builder stage: Compiles the application
  4. Final stage: Creates a lean runtime image

Distroless Images

Distroless Docker images are minimalist images containing only the essentials to run an application. They lack typical OS tools and shells, resulting in a smaller attack surface and enhanced security.

Benefits of Distroless:

  • Reduced attack surface
  • Minimized vulnerabilities
  • No shell access for potential attackers
  • Backed by Google's expertise in cloud security

Cargo Chef

Cargo Chef is a tool that optimizes Rust Docker builds by separating dependency building from application code building.

How it works:

  1. Dependency Planning: Creates a "recipe" file of project dependencies
  2. Dependency Building: Builds dependencies using the recipe
  3. Caching: Allows Docker to cache the dependency-building step
  4. Application Building: Compiles application code with pre-built dependencies

Benefits:

  • Faster builds
  • Reduced build times
  • Smaller images

Security Best Practices

Principle of Least Privilege

Creating a least privilege user is crucial for container security. This practice ensures that processes have only the minimum necessary privileges to function.

Benefits:

  1. Reduced attack surface
  2. Prevention of privilege escalation
  3. Compliance with security policies
  4. Limited accidental damage
  5. Enhanced container isolation

Contributing

We welcome contributions! Please see our Contributing Guide for more details.

License

This project is licensed under the MIT License.

About

Minimal Docker image for Rust actix-web backend service. Multistage build reduces build time to 10 seconds and image size from 2.1 GB to 29 MB. Optimized for cloud deployment.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Dockerfile 72.9%
  • Rust 27.1%