You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by ri...@apache.org on 2023/02/23 11:42:18 UTC
[streampipes] 02/02: Use non-root Dockerfile for nginx (#1207)(#454)
This is an automated email from the ASF dual-hosted git repository.
riemer pushed a commit to branch 1207-improve-helm-charts
in repository https://gitbox.apache.org/repos/asf/streampipes.git
commit 3e95faa039600f80008f47574e13707e1755eafc
Author: Dominik Riemer <do...@gmail.com>
AuthorDate: Thu Feb 23 12:41:58 2023 +0100
Use non-root Dockerfile for nginx (#1207)(#454)
---
docker-compose.yml | 2 +-
.../cli/deploy/standalone/ui/docker-compose.yml | 2 +-
installer/compose/docker-compose.full.yml | 2 +-
installer/compose/docker-compose.nats.yml | 2 +-
installer/compose/docker-compose.yml | 2 +-
ui/Dockerfile | 12 +++++++++--
ui/nginx_config/default.conf | 23 +---------------------
ui/nginx_config/ssl.conf | 2 +-
8 files changed, 17 insertions(+), 30 deletions(-)
diff --git a/docker-compose.yml b/docker-compose.yml
index bdf4d4e30..5570b5f3d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,7 +55,7 @@ services:
dockerfile: Dockerfile
image: streampipes_ui:release-validation
ports:
- - "80:80"
+ - "80:8088"
depends_on:
- couchdb
- consul
diff --git a/installer/cli/deploy/standalone/ui/docker-compose.yml b/installer/cli/deploy/standalone/ui/docker-compose.yml
index c52698d01..bd88b873d 100644
--- a/installer/cli/deploy/standalone/ui/docker-compose.yml
+++ b/installer/cli/deploy/standalone/ui/docker-compose.yml
@@ -18,7 +18,7 @@ services:
ui:
image: ${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}
ports:
- - "80:80"
+ - "80:8088"
depends_on:
- couchdb
- consul
diff --git a/installer/compose/docker-compose.full.yml b/installer/compose/docker-compose.full.yml
index af8efbe18..3dae15baa 100644
--- a/installer/compose/docker-compose.full.yml
+++ b/installer/compose/docker-compose.full.yml
@@ -69,7 +69,7 @@ services:
ui:
image: "${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}"
ports:
- - "80:80"
+ - "80:8088"
depends_on:
- couchdb
- consul
diff --git a/installer/compose/docker-compose.nats.yml b/installer/compose/docker-compose.nats.yml
index 10e30d6c2..210532139 100644
--- a/installer/compose/docker-compose.nats.yml
+++ b/installer/compose/docker-compose.nats.yml
@@ -42,7 +42,7 @@ services:
ui:
image: "${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}"
ports:
- - "80:80"
+ - "80:8088"
depends_on:
- couchdb
- consul
diff --git a/installer/compose/docker-compose.yml b/installer/compose/docker-compose.yml
index 2bc0469df..102fd87cc 100644
--- a/installer/compose/docker-compose.yml
+++ b/installer/compose/docker-compose.yml
@@ -41,7 +41,7 @@ services:
ui:
image: "${SP_DOCKER_REGISTRY}/ui:${SP_VERSION}"
ports:
- - "80:80"
+ - "80:8088"
depends_on:
- couchdb
- consul
diff --git a/ui/Dockerfile b/ui/Dockerfile
index e89d89332..0bbc4af52 100644
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -17,13 +17,21 @@ FROM nginx
COPY dist/streampipes/ui/ /usr/share/nginx/html/
+
+RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html && \
+ chown -R nginx:nginx /var/cache/nginx && \
+ chown -R nginx:nginx /var/log/nginx && \
+ chown -R nginx:nginx /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid && \
+ chown -R nginx:nginx /var/run/nginx.pid
+
+USER nginx
+
COPY nginx_config/nginx.conf /etc/nginx/nginx.conf
COPY nginx_config/default.conf /etc/nginx/conf.d/default.conf
COPY nginx_config/ssl.conf /app/nginx-confs/ssl.conf
COPY docker-entrypoint.sh /
-RUN chown -R nginx:nginx /usr/share/nginx/html/
-
ENTRYPOINT ["sh", "/docker-entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]
diff --git a/ui/nginx_config/default.conf b/ui/nginx_config/default.conf
index 90002a6fe..5dd4447c2 100644
--- a/ui/nginx_config/default.conf
+++ b/ui/nginx_config/default.conf
@@ -14,7 +14,7 @@
# limitations under the License.
server {
- listen 80 default_server;
+ listen 8088 default_server;
resolver 127.0.0.11;
root /usr/share/nginx/html;
@@ -43,17 +43,6 @@ server {
proxy_redirect off;
}
- location /streampipes-connect/ {
- set $upstream backend:8030;
-
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-NginX-Proxy true;
- proxy_pass http://$upstream;
- proxy_ssl_session_reuse off;
- proxy_set_header Host $http_host;
- }
-
location ~/endpoints/(?<endpointName>.*)$ {
set $upstream connect-adapters-iiot:8001/api/v1/worker/live/$endpointName;
@@ -64,14 +53,4 @@ server {
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
}
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- #error_page 500 502 503 504 /50x.html;
- #location = /50x.html {
- # root /usr/share/nginx/html;
- #}
-
}
diff --git a/ui/nginx_config/ssl.conf b/ui/nginx_config/ssl.conf
index 8279fa586..c3a5fc133 100644
--- a/ui/nginx_config/ssl.conf
+++ b/ui/nginx_config/ssl.conf
@@ -14,7 +14,7 @@
# limitations under the License.
server {
- listen 80;
+ listen 8088;
return 301 https://$host$request_uri;
}