From 4a6b246f0f0e3bbbd3b9bd93cedc3b54655713aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Barrag=C3=A1n=20Merino?= Date: Fri, 20 Sep 2024 13:34:48 +0200 Subject: [PATCH 1/3] :sparkles: Add commands to build the docker images individually --- manage.sh | 58 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 14 deletions(-) diff --git a/manage.sh b/manage.sh index aa1580d483..165ffb613b 100755 --- a/manage.sh +++ b/manage.sh @@ -178,17 +178,24 @@ function build-exporter-bundle { echo ">> bundle exporter end"; } -function build-docker-images { +function build-frontend-docker-images { rsync -avr --delete ./bundles/frontend/ ./docker/images/bundle-frontend/; - rsync -avr --delete ./bundles/backend/ ./docker/images/bundle-backend/; - rsync -avr --delete ./bundles/exporter/ ./docker/images/bundle-exporter/; - pushd ./docker/images; - docker build -t penpotapp/frontend:$CURRENT_BRANCH -t penpotapp/frontend:latest -f Dockerfile.frontend .; - docker build -t penpotapp/backend:$CURRENT_BRANCH -t penpotapp/backend:latest -f Dockerfile.backend .; - docker build -t penpotapp/exporter:$CURRENT_BRANCH -t penpotapp/exporter:latest -f Dockerfile.exporter .; + popd; +} +function build-backend-docker-images { + rsync -avr --delete ./bundles/backend/ ./docker/images/bundle-backend/; + pushd ./docker/images; + docker build -t penpotapp/backend:$CURRENT_BRANCH -t penpotapp/backend:latest -f Dockerfile.backend .; + popd; +} + +function build-exporter-docker-images { + rsync -avr --delete ./bundles/exporter/ ./docker/images/bundle-exporter/; + pushd ./docker/images; + docker build -t penpotapp/exporter:$CURRENT_BRANCH -t penpotapp/exporter:latest -f Dockerfile.exporter .; popd; } @@ -198,12 +205,26 @@ function usage { echo "Options:" echo "- pull-devenv Pulls docker development oriented image" echo "- build-devenv Build docker development oriented image" + echo "- build-devenv-local Build a local docker development oriented image" echo "- create-devenv Create the development oriented docker compose service." echo "- start-devenv Start the development oriented docker compose service." echo "- stop-devenv Stops the development oriented docker compose service." echo "- drop-devenv Remove the development oriented docker compose containers, volumes and clean images." echo "- run-devenv Attaches to the running devenv container and starts development environment" + echo "- run-devenv-shell Attaches to the running devenv container and starts a bash shell." + echo "- log-devenv Show logs of the running devenv docker compose service." echo "" + echo "- build-bundle Build all bundles (frontend, backend and exporter)." + echo "- build-frontend-bundle Build frontend bundle" + echo "- build-backend-bundle Build backend bundle." + echo "- build-exporter-bundle Build exporter bundle." + echo "" + echo "- build-docker-images Build all docker images (frontend, backend and exporter)." + echo "- build-frontend-docker-images Build frontend docker images." + echo "- build-backend-docker-images Build backend docker images." + echo "- build-exporter-docker-images Build exporter docker images." + echo "" + echo "- version Show penpot's version." } case $1 in @@ -224,10 +245,6 @@ case $1 in build-devenv-local ${@:2} ;; - push-devenv) - push-devenv ${@:2} - ;; - create-devenv) create-devenv ${@:2} ;; @@ -251,7 +268,7 @@ case $1 in log-devenv ${@:2} ;; - # production builds + ## production builds build-bundle) build-frontend-bundle; build-backend-bundle; @@ -271,10 +288,23 @@ case $1 in ;; build-docker-images) - build-docker-images + build-frontend-docker-images + build-backend-docker-images + build-exporter-docker-images + ;; + + build-frontend-docker-images) + build-frontend-docker-images + ;; + + build-backend-docker-images) + build-backend-docker-images + ;; + + build-exporter-docker-images) + build-exporter-docker-images ;; - # Docker Image Tasks *) usage ;; From e64c956693ae78e7fedd8aa921e3f003ef681f64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Barrag=C3=A1n=20Merino?= Date: Wed, 18 Sep 2024 19:21:40 +0200 Subject: [PATCH 2/3] :whale: Use nginx-unprivileged as base image --- CHANGES.md | 2 ++ docker/images/Dockerfile.frontend | 12 +++++++++++- docker/images/docker-compose.yaml | 2 +- docker/images/files/nginx.conf | 11 ++++++++--- 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 55a2deb816..4027a9d3c9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,6 +6,8 @@ ### :boom: Breaking changes & Deprecations +- Use [nginx-unprivileged](https://hub.docker.com/r/nginxinc/nginx-unprivileged) as base image for Penpot's frontend docker image. Now all the docker images runs with the same unprivileged user (penpot). Because of that, the default NGINX listen port now is 8080, instead of 80, so you will have to modify your infrastructure to apply this change. + ### :heart: Community contributions (Thank you!) ### :sparkles: New features diff --git a/docker/images/Dockerfile.frontend b/docker/images/Dockerfile.frontend index 0edc1b2d9d..dd6385cec3 100644 --- a/docker/images/Dockerfile.frontend +++ b/docker/images/Dockerfile.frontend @@ -1,6 +1,8 @@ -FROM nginx:1.23 +FROM nginxinc/nginx-unprivileged:1.27.1 LABEL maintainer="Andrey Antukh " +USER root + RUN set -ex; \ useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \ mkdir -p /opt/data/assets; \ @@ -12,5 +14,13 @@ ADD ./files/nginx.conf /etc/nginx/nginx.conf.template ADD ./files/nginx-mime.types /etc/nginx/mime.types ADD ./files/nginx-entrypoint.sh /entrypoint.sh +RUN chown -R 1001:0 /var/cache/nginx; \ + chmod -R g+w /var/cache/nginx; \ + chown -R 1001:0 /etc/nginx; \ + chmod -R g+w /etc/nginx; \ + chown -R 1001:0 /var/www; \ + chmod -R g+w /var/www; + +USER penpot:penpot ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/images/docker-compose.yaml b/docker/images/docker-compose.yaml index d16402ce54..6e0d476526 100644 --- a/docker/images/docker-compose.yaml +++ b/docker/images/docker-compose.yaml @@ -35,7 +35,7 @@ services: image: "penpotapp/frontend:latest" restart: always ports: - - 9001:80 + - 9001:8080 volumes: - penpot_assets:/opt/data/assets diff --git a/docker/images/files/nginx.conf b/docker/images/files/nginx.conf index fee0e3fca6..ee2f641750 100644 --- a/docker/images/files/nginx.conf +++ b/docker/images/files/nginx.conf @@ -1,6 +1,5 @@ -user www-data; worker_processes auto; -pid /run/nginx.pid; +pid /tmp/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { @@ -9,6 +8,12 @@ events { } http { + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + sendfile on; tcp_nopush on; tcp_nodelay on; @@ -56,7 +61,7 @@ http { include /etc/nginx/overrides.d/*.conf; server { - listen 80 default_server; + listen 8080 default_server; server_name _; client_max_body_size 100M; From 14257ae422cdc73686639f19d106a2fe08e4c902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Barrag=C3=A1n=20Merino?= Date: Wed, 9 Oct 2024 12:41:11 +0200 Subject: [PATCH 3/3] :whale: Change maintainer in docker images --- docker/devenv/Dockerfile | 2 +- docker/images/Dockerfile.backend | 2 +- docker/images/Dockerfile.exporter | 2 +- docker/images/Dockerfile.frontend | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/devenv/Dockerfile b/docker/devenv/Dockerfile index 042e16d0ed..3b292c69e4 100644 --- a/docker/devenv/Dockerfile +++ b/docker/devenv/Dockerfile @@ -1,5 +1,5 @@ FROM debian:bookworm -LABEL maintainer="Andrey Antukh " +LABEL maintainer="Penpot " ARG DEBIAN_FRONTEND=noninteractive diff --git a/docker/images/Dockerfile.backend b/docker/images/Dockerfile.backend index db789dfd25..c68e5181c8 100644 --- a/docker/images/Dockerfile.backend +++ b/docker/images/Dockerfile.backend @@ -1,6 +1,6 @@ FROM ubuntu:22.04 +LABEL maintainer="Penpot " -LABEL maintainer="Andrey Antukh " ENV LANG='en_US.UTF-8' \ LC_ALL='en_US.UTF-8' \ JAVA_HOME="/opt/jdk" \ diff --git a/docker/images/Dockerfile.exporter b/docker/images/Dockerfile.exporter index e4fceec85f..3b62176fcd 100644 --- a/docker/images/Dockerfile.exporter +++ b/docker/images/Dockerfile.exporter @@ -1,5 +1,5 @@ FROM ubuntu:22.04 -LABEL maintainer="Andrey Antukh " +LABEL maintainer="Penpot " ENV LANG=en_US.UTF-8 \ LC_ALL=en_US.UTF-8 \ diff --git a/docker/images/Dockerfile.frontend b/docker/images/Dockerfile.frontend index dd6385cec3..25ee128cef 100644 --- a/docker/images/Dockerfile.frontend +++ b/docker/images/Dockerfile.frontend @@ -1,5 +1,5 @@ FROM nginxinc/nginx-unprivileged:1.27.1 -LABEL maintainer="Andrey Antukh " +LABEL maintainer="Penpot " USER root