feat: Run piped frontend with unprivileged user

2024-11-22 05:27:20 +00:00 · 2024-10-02 11:22:59 +02:00 · 2024-10-02 11:22:59 +02:00 · 5a48946182
commit 5a48946182
parent afe3008ac7
3 changed files with 17 additions and 8 deletions
--- a/6
+++ b/6
@ -15,11 +15,11 @@ RUN --mount=type=cache,target=/root/.local/share/pnpm \
    pnpm install --prefer-offline && \
    pnpm build && ./localizefonts.sh
-FROM nginx:alpine
+FROM nginxinc/nginx-unprivileged:alpine
-COPY --from=build /app/dist/ /usr/share/nginx/html/
+COPY --chown=101:101 --from=build /app/dist/ /usr/share/nginx/html/
-COPY docker/nginx.conf /etc/nginx/conf.d/default.conf
+COPY --chown=101:101 docker/nginx.conf /etc/nginx/conf.d/default.conf
 COPY docker/entrypoint.sh /entrypoint.sh
--- a/Dockerfile.ci
+++ b/Dockerfile.ci
@ -1,7 +1,7 @@
-FROM nginx:alpine
+FROM nginxinc/nginx-unprivileged:alpine
-COPY ./dist-ci/ /usr/share/nginx/html/
+COPY --chown=101:101 ./dist-ci/ /usr/share/nginx/html/
-COPY docker/nginx.conf /etc/nginx/conf.d/default.conf
+COPY --chown=101:101 docker/nginx.conf /etc/nginx/conf.d/default.conf
 COPY docker/entrypoint.sh /entrypoint.sh
 EXPOSE 80
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -1,9 +1,18 @@
 #!/bin/sh
-if [ -z "$BACKEND_HOSTNAME" ]; then
+if [ -z "${BACKEND_HOSTNAME}" ]; then
    echo "BACKEND_HOSTNAME not set"
    exit 1
 fi
-sed -i s/pipedapi.kavin.rocks/"$BACKEND_HOSTNAME"/g /usr/share/nginx/html/assets/*
+sed -i "s/pipedapi.kavin.rocks/${BACKEND_HOSTNAME}/g" /usr/share/nginx/html/assets/*
 if [ -n "${HTTP_WORKERS}" ]; then
    sed -i "s/worker_processes  auto;/worker_processes  ${HTTP_WORKERS};/g" /etc/nginx/nginx.conf
 fi
 if [ -n "${HTTP_PORT}" ]; then
    sed -i "s/80;/${HTTP_PORT};/g" /etc/nginx/conf.d/default.conf
 fi
 nginx -g "daemon off;"