From 5a489461822859fbd4a1514a352ed8af091a1b31 Mon Sep 17 00:00:00 2001 From: Bernd Schorgers Date: Wed, 2 Oct 2024 11:22:59 +0200 Subject: [PATCH] feat: Run piped frontend with unprivileged user --- Dockerfile | 6 +++--- Dockerfile.ci | 6 +++--- docker/entrypoint.sh | 13 +++++++++++-- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index ac4f6c69..8115599c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,11 +15,11 @@ RUN --mount=type=cache,target=/root/.local/share/pnpm \ pnpm install --prefer-offline && \ pnpm build && ./localizefonts.sh -FROM nginx:alpine +FROM nginxinc/nginx-unprivileged:alpine -COPY --from=build /app/dist/ /usr/share/nginx/html/ +COPY --chown=101:101 --from=build /app/dist/ /usr/share/nginx/html/ -COPY docker/nginx.conf /etc/nginx/conf.d/default.conf +COPY --chown=101:101 docker/nginx.conf /etc/nginx/conf.d/default.conf COPY docker/entrypoint.sh /entrypoint.sh diff --git a/Dockerfile.ci b/Dockerfile.ci index 59020fd6..4694f8f4 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -1,7 +1,7 @@ -FROM nginx:alpine +FROM nginxinc/nginx-unprivileged:alpine -COPY ./dist-ci/ /usr/share/nginx/html/ -COPY docker/nginx.conf /etc/nginx/conf.d/default.conf +COPY --chown=101:101 ./dist-ci/ /usr/share/nginx/html/ +COPY --chown=101:101 docker/nginx.conf /etc/nginx/conf.d/default.conf COPY docker/entrypoint.sh /entrypoint.sh EXPOSE 80 diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index ffb9c7ed..53690127 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,9 +1,18 @@ #!/bin/sh -if [ -z "$BACKEND_HOSTNAME" ]; then +if [ -z "${BACKEND_HOSTNAME}" ]; then echo "BACKEND_HOSTNAME not set" exit 1 fi -sed -i s/pipedapi.kavin.rocks/"$BACKEND_HOSTNAME"/g /usr/share/nginx/html/assets/* +sed -i "s/pipedapi.kavin.rocks/${BACKEND_HOSTNAME}/g" /usr/share/nginx/html/assets/* + +if [ -n "${HTTP_WORKERS}" ]; then + sed -i "s/worker_processes auto;/worker_processes ${HTTP_WORKERS};/g" /etc/nginx/nginx.conf +fi + +if [ -n "${HTTP_PORT}" ]; then + sed -i "s/80;/${HTTP_PORT};/g" /etc/nginx/conf.d/default.conf +fi + nginx -g "daemon off;"