Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-02-12 10:09:03 -05:00
Code Issues Activity

🐳 Use nginx-unprivileged as base image

Browse source
This commit is contained in:
David Barragán Merino 2024-09-18 19:21:40 +02:00
parent 4a6b246f0f
commit e64c956693
4 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES.md
View file

@ -6,6 +6,8 @@
### :boom: Breaking changes & Deprecations
- Use [nginx-unprivileged](https://hub.docker.com/r/nginxinc/nginx-unprivileged) as base image for Penpot's frontend docker image. Now all the docker images runs with the same unprivileged user (penpot). Because of that, the default NGINX listen port now is 8080, instead of 80, so you will have to modify your infrastructure to apply this change.
### :heart: Community contributions (Thank you!)
### :sparkles: New features

12
docker/images/Dockerfile.frontend
View file

@ -1,6 +1,8 @@
FROM nginx:1.23
FROM nginxinc/nginx-unprivileged:1.27.1
LABEL maintainer="Andrey Antukh <niwi@niwi.nz>"
USER root
RUN set -ex; \
useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \
mkdir -p /opt/data/assets; \
@ -12,5 +14,13 @@ ADD ./files/nginx.conf /etc/nginx/nginx.conf.template
ADD ./files/nginx-mime.types /etc/nginx/mime.types
ADD ./files/nginx-entrypoint.sh /entrypoint.sh
RUN chown -R 1001:0 /var/cache/nginx; \
chmod -R g+w /var/cache/nginx; \
chown -R 1001:0 /etc/nginx; \
chmod -R g+w /etc/nginx; \
chown -R 1001:0 /var/www; \
chmod -R g+w /var/www;
USER penpot:penpot
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]

2
docker/images/docker-compose.yaml
View file

@ -35,7 +35,7 @@ services:
image: "penpotapp/frontend:latest"
restart: always
ports:
- 9001:80
- 9001:8080
volumes:
- penpot_assets:/opt/data/assets

11
docker/images/files/nginx.conf
View file

@ -1,6 +1,5 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
pid /tmp/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
@ -9,6 +8,12 @@ events {
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
@ -56,7 +61,7 @@ http {
include /etc/nginx/overrides.d/*.conf;
server {
listen 80 default_server;
listen 8080 default_server;
server_name _;
client_max_body_size 100M;