diff --git a/CHANGES.md b/CHANGES.md index 55a2deb816..4027a9d3c9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,6 +6,8 @@ ### :boom: Breaking changes & Deprecations +- Use [nginx-unprivileged](https://hub.docker.com/r/nginxinc/nginx-unprivileged) as base image for Penpot's frontend docker image. Now all the docker images runs with the same unprivileged user (penpot). Because of that, the default NGINX listen port now is 8080, instead of 80, so you will have to modify your infrastructure to apply this change. + ### :heart: Community contributions (Thank you!) ### :sparkles: New features diff --git a/docker/devenv/Dockerfile b/docker/devenv/Dockerfile index 042e16d0ed..3b292c69e4 100644 --- a/docker/devenv/Dockerfile +++ b/docker/devenv/Dockerfile @@ -1,5 +1,5 @@ FROM debian:bookworm -LABEL maintainer="Andrey Antukh " +LABEL maintainer="Penpot " ARG DEBIAN_FRONTEND=noninteractive diff --git a/docker/images/Dockerfile.backend b/docker/images/Dockerfile.backend index db789dfd25..c68e5181c8 100644 --- a/docker/images/Dockerfile.backend +++ b/docker/images/Dockerfile.backend @@ -1,6 +1,6 @@ FROM ubuntu:22.04 +LABEL maintainer="Penpot " -LABEL maintainer="Andrey Antukh " ENV LANG='en_US.UTF-8' \ LC_ALL='en_US.UTF-8' \ JAVA_HOME="/opt/jdk" \ diff --git a/docker/images/Dockerfile.exporter b/docker/images/Dockerfile.exporter index e4fceec85f..3b62176fcd 100644 --- a/docker/images/Dockerfile.exporter +++ b/docker/images/Dockerfile.exporter @@ -1,5 +1,5 @@ FROM ubuntu:22.04 -LABEL maintainer="Andrey Antukh " +LABEL maintainer="Penpot " ENV LANG=en_US.UTF-8 \ LC_ALL=en_US.UTF-8 \ diff --git a/docker/images/Dockerfile.frontend b/docker/images/Dockerfile.frontend index 0edc1b2d9d..25ee128cef 100644 --- a/docker/images/Dockerfile.frontend +++ b/docker/images/Dockerfile.frontend @@ -1,5 +1,7 @@ -FROM nginx:1.23 -LABEL maintainer="Andrey Antukh " +FROM nginxinc/nginx-unprivileged:1.27.1 +LABEL maintainer="Penpot " + +USER root RUN set -ex; \ useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \ @@ -12,5 +14,13 @@ ADD ./files/nginx.conf /etc/nginx/nginx.conf.template ADD ./files/nginx-mime.types /etc/nginx/mime.types ADD ./files/nginx-entrypoint.sh /entrypoint.sh +RUN chown -R 1001:0 /var/cache/nginx; \ + chmod -R g+w /var/cache/nginx; \ + chown -R 1001:0 /etc/nginx; \ + chmod -R g+w /etc/nginx; \ + chown -R 1001:0 /var/www; \ + chmod -R g+w /var/www; + +USER penpot:penpot ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/images/docker-compose.yaml b/docker/images/docker-compose.yaml index d16402ce54..6e0d476526 100644 --- a/docker/images/docker-compose.yaml +++ b/docker/images/docker-compose.yaml @@ -35,7 +35,7 @@ services: image: "penpotapp/frontend:latest" restart: always ports: - - 9001:80 + - 9001:8080 volumes: - penpot_assets:/opt/data/assets diff --git a/docker/images/files/nginx.conf b/docker/images/files/nginx.conf index fee0e3fca6..ee2f641750 100644 --- a/docker/images/files/nginx.conf +++ b/docker/images/files/nginx.conf @@ -1,6 +1,5 @@ -user www-data; worker_processes auto; -pid /run/nginx.pid; +pid /tmp/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { @@ -9,6 +8,12 @@ events { } http { + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + sendfile on; tcp_nopush on; tcp_nodelay on; @@ -56,7 +61,7 @@ http { include /etc/nginx/overrides.d/*.conf; server { - listen 80 default_server; + listen 8080 default_server; server_name _; client_max_body_size 100M; diff --git a/manage.sh b/manage.sh index aa1580d483..165ffb613b 100755 --- a/manage.sh +++ b/manage.sh @@ -178,17 +178,24 @@ function build-exporter-bundle { echo ">> bundle exporter end"; } -function build-docker-images { +function build-frontend-docker-images { rsync -avr --delete ./bundles/frontend/ ./docker/images/bundle-frontend/; - rsync -avr --delete ./bundles/backend/ ./docker/images/bundle-backend/; - rsync -avr --delete ./bundles/exporter/ ./docker/images/bundle-exporter/; - pushd ./docker/images; - docker build -t penpotapp/frontend:$CURRENT_BRANCH -t penpotapp/frontend:latest -f Dockerfile.frontend .; - docker build -t penpotapp/backend:$CURRENT_BRANCH -t penpotapp/backend:latest -f Dockerfile.backend .; - docker build -t penpotapp/exporter:$CURRENT_BRANCH -t penpotapp/exporter:latest -f Dockerfile.exporter .; + popd; +} +function build-backend-docker-images { + rsync -avr --delete ./bundles/backend/ ./docker/images/bundle-backend/; + pushd ./docker/images; + docker build -t penpotapp/backend:$CURRENT_BRANCH -t penpotapp/backend:latest -f Dockerfile.backend .; + popd; +} + +function build-exporter-docker-images { + rsync -avr --delete ./bundles/exporter/ ./docker/images/bundle-exporter/; + pushd ./docker/images; + docker build -t penpotapp/exporter:$CURRENT_BRANCH -t penpotapp/exporter:latest -f Dockerfile.exporter .; popd; } @@ -198,12 +205,26 @@ function usage { echo "Options:" echo "- pull-devenv Pulls docker development oriented image" echo "- build-devenv Build docker development oriented image" + echo "- build-devenv-local Build a local docker development oriented image" echo "- create-devenv Create the development oriented docker compose service." echo "- start-devenv Start the development oriented docker compose service." echo "- stop-devenv Stops the development oriented docker compose service." echo "- drop-devenv Remove the development oriented docker compose containers, volumes and clean images." echo "- run-devenv Attaches to the running devenv container and starts development environment" + echo "- run-devenv-shell Attaches to the running devenv container and starts a bash shell." + echo "- log-devenv Show logs of the running devenv docker compose service." echo "" + echo "- build-bundle Build all bundles (frontend, backend and exporter)." + echo "- build-frontend-bundle Build frontend bundle" + echo "- build-backend-bundle Build backend bundle." + echo "- build-exporter-bundle Build exporter bundle." + echo "" + echo "- build-docker-images Build all docker images (frontend, backend and exporter)." + echo "- build-frontend-docker-images Build frontend docker images." + echo "- build-backend-docker-images Build backend docker images." + echo "- build-exporter-docker-images Build exporter docker images." + echo "" + echo "- version Show penpot's version." } case $1 in @@ -224,10 +245,6 @@ case $1 in build-devenv-local ${@:2} ;; - push-devenv) - push-devenv ${@:2} - ;; - create-devenv) create-devenv ${@:2} ;; @@ -251,7 +268,7 @@ case $1 in log-devenv ${@:2} ;; - # production builds + ## production builds build-bundle) build-frontend-bundle; build-backend-bundle; @@ -271,10 +288,23 @@ case $1 in ;; build-docker-images) - build-docker-images + build-frontend-docker-images + build-backend-docker-images + build-exporter-docker-images + ;; + + build-frontend-docker-images) + build-frontend-docker-images + ;; + + build-backend-docker-images) + build-backend-docker-images + ;; + + build-exporter-docker-images) + build-exporter-docker-images ;; - # Docker Image Tasks *) usage ;;