You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by ri...@apache.org on 2023/02/23 11:42:18 UTC

[streampipes] 02/02: Use non-root Dockerfile for nginx (#1207)(#454)

This is an automated email from the ASF dual-hosted git repository.

riemer pushed a commit to branch 1207-improve-helm-charts
in repository https://gitbox.apache.org/repos/asf/streampipes.git

commit 3e95faa039600f80008f47574e13707e1755eafc
Author: Dominik Riemer <do...@gmail.com>
AuthorDate: Thu Feb 23 12:41:58 2023 +0100

    Use non-root Dockerfile for nginx (#1207)(#454)
---
 docker-compose.yml                                 |  2 +-
 .../cli/deploy/standalone/ui/docker-compose.yml    |  2 +-
 installer/compose/docker-compose.full.yml          |  2 +-
 installer/compose/docker-compose.nats.yml          |  2 +-
 installer/compose/docker-compose.yml               |  2 +-
 ui/Dockerfile                                      | 12 +++++++++--
 ui/nginx_config/default.conf                       | 23 +---------------------
 ui/nginx_config/ssl.conf                           |  2 +-
 8 files changed, 17 insertions(+), 30 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index bdf4d4e30..5570b5f3d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,7 +55,7 @@ services:
       dockerfile: Dockerfile
     image: streampipes_ui:release-validation
     ports:
-      - "80:80"
+      - "80:8088"
     depends_on:
       - couchdb
       - consul
diff --git a/installer/cli/deploy/standalone/ui/docker-compose.yml b/installer/cli/deploy/standalone/ui/docker-compose.yml
index c52698d01..bd88b873d 100644
--- a/installer/cli/deploy/standalone/ui/docker-compose.yml
+++ b/installer/cli/deploy/standalone/ui/docker-compose.yml
@@ -18,7 +18,7 @@ services:
   ui:
     image: ${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}
     ports:
-      - "80:80"
+      - "80:8088"
     depends_on:
       - couchdb
       - consul
diff --git a/installer/compose/docker-compose.full.yml b/installer/compose/docker-compose.full.yml
index af8efbe18..3dae15baa 100644
--- a/installer/compose/docker-compose.full.yml
+++ b/installer/compose/docker-compose.full.yml
@@ -69,7 +69,7 @@ services:
   ui:
     image: "${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}"
     ports:
-      - "80:80"
+      - "80:8088"
     depends_on:
       - couchdb
       - consul
diff --git a/installer/compose/docker-compose.nats.yml b/installer/compose/docker-compose.nats.yml
index 10e30d6c2..210532139 100644
--- a/installer/compose/docker-compose.nats.yml
+++ b/installer/compose/docker-compose.nats.yml
@@ -42,7 +42,7 @@ services:
   ui:
     image: "${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}"
     ports:
-      - "80:80"
+      - "80:8088"
     depends_on:
       - couchdb
       - consul
diff --git a/installer/compose/docker-compose.yml b/installer/compose/docker-compose.yml
index 2bc0469df..102fd87cc 100644
--- a/installer/compose/docker-compose.yml
+++ b/installer/compose/docker-compose.yml
@@ -41,7 +41,7 @@ services:
   ui:
     image: "${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}"
     ports:
-      - "80:80"
+      - "80:8088"
     depends_on:
       - couchdb
       - consul
diff --git a/ui/Dockerfile b/ui/Dockerfile
index e89d89332..0bbc4af52 100644
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -17,13 +17,21 @@ FROM nginx
 
 COPY dist/streampipes/ui/ /usr/share/nginx/html/
 
+
+RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html && \
+        chown -R nginx:nginx /var/cache/nginx && \
+        chown -R nginx:nginx /var/log/nginx && \
+        chown -R nginx:nginx /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid && \
+        chown -R nginx:nginx /var/run/nginx.pid
+
+USER nginx
+
 COPY nginx_config/nginx.conf /etc/nginx/nginx.conf
 COPY nginx_config/default.conf /etc/nginx/conf.d/default.conf
 COPY nginx_config/ssl.conf /app/nginx-confs/ssl.conf
 
 COPY docker-entrypoint.sh /
 
-RUN chown -R nginx:nginx /usr/share/nginx/html/
-
 ENTRYPOINT ["sh", "/docker-entrypoint.sh"]
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/ui/nginx_config/default.conf b/ui/nginx_config/default.conf
index 90002a6fe..5dd4447c2 100644
--- a/ui/nginx_config/default.conf
+++ b/ui/nginx_config/default.conf
@@ -14,7 +14,7 @@
 # limitations under the License.
 
 server {
-  listen       80 default_server;
+  listen       8088 default_server;
   resolver 127.0.0.11;
 
   root /usr/share/nginx/html;
@@ -43,17 +43,6 @@ server {
     proxy_redirect off;
   }
 
-  location /streampipes-connect/ {
-    set $upstream backend:8030;
-
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-NginX-Proxy true;
-    proxy_pass http://$upstream;
-    proxy_ssl_session_reuse off;
-    proxy_set_header Host $http_host;
-  }
-  
   location ~/endpoints/(?<endpointName>.*)$ {
     set $upstream connect-adapters-iiot:8001/api/v1/worker/live/$endpointName;
 
@@ -64,14 +53,4 @@ server {
     proxy_ssl_session_reuse off;
     proxy_set_header Host $http_host;
   }
-  
-  #error_page  404              /404.html;
-
-  # redirect server error pages to the static page /50x.html
-  #
-  #error_page   500 502 503 504  /50x.html;
-  #location = /50x.html {
-  #    root   /usr/share/nginx/html;
-  #}
-
 }
diff --git a/ui/nginx_config/ssl.conf b/ui/nginx_config/ssl.conf
index 8279fa586..c3a5fc133 100644
--- a/ui/nginx_config/ssl.conf
+++ b/ui/nginx_config/ssl.conf
@@ -14,7 +14,7 @@
 # limitations under the License.
 
 server {
-  listen 80;
+  listen 8088;
   return 301 https://$host$request_uri;
 }