Use nginxproxymanager/nginx-full image base

which has been updated with bookworm, python 3.8, certbot 2.8.0 and node 20

Moved rootfs scripts as /bin is a symlink in bookworm
This commit is contained in:
Jamie Curnow 2024-01-10 09:32:12 +10:00
parent be39253a6f
commit e69684919c
No known key found for this signature in database
GPG Key ID: FFBB624C43388E9E
17 changed files with 665 additions and 431 deletions

4
Jenkinsfile vendored
View File

@ -240,12 +240,12 @@ pipeline {
sh 'figlet "SUCCESS"' sh 'figlet "SUCCESS"'
} }
failure { failure {
archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true) archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
juxtapose event: 'failure' juxtapose event: 'failure'
sh 'figlet "FAILURE"' sh 'figlet "FAILURE"'
} }
unstable { unstable {
archiveArtifacts(artifacts: 'debug/**.*', allowEmptyArchive: true) archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
juxtapose event: 'unstable' juxtapose event: 'unstable'
sh 'figlet "UNSTABLE"' sh 'figlet "UNSTABLE"'
} }

View File

@ -225,7 +225,7 @@ const internalProxyHost = {
.query() .query()
.where('is_deleted', 0) .where('is_deleted', 0)
.andWhere('id', data.id) .andWhere('id', data.id)
.allowGraph('[owner,access_list,access_list.[clients,items],certificate]') .allowGraph('[owner,access_list.[clients,items],certificate]')
.first(); .first();
if (access_data.permission_visibility !== 'all') { if (access_data.permission_visibility !== 'all') {

View File

@ -3,7 +3,7 @@
# This file assumes that the frontend has been built using ./scripts/frontend-build # This file assumes that the frontend has been built using ./scripts/frontend-build
FROM jc21/nginx-full:certbot-node FROM nginxproxymanager/nginx-full:certbot-node
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILD_VERSION ARG BUILD_VERSION
@ -20,7 +20,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
NODE_ENV=production \ NODE_ENV=production \
NPM_BUILD_VERSION="${BUILD_VERSION}" \ NPM_BUILD_VERSION="${BUILD_VERSION}" \
NPM_BUILD_COMMIT="${BUILD_COMMIT}" \ NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
NPM_BUILD_DATE="${BUILD_DATE}" NPM_BUILD_DATE="${BUILD_DATE}" \
NODE_OPTIONS="--openssl-legacy-provider"
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \ && apt-get update \
@ -47,9 +48,7 @@ COPY docker/rootfs /
# Remove frontend service not required for prod, dev nginx config as well # Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \ RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
&& chmod 644 /etc/logrotate.d/nginx-proxy-manager \ && chmod 644 /etc/logrotate.d/nginx-proxy-manager
&& pip uninstall --yes setuptools \
&& pip install --no-cache-dir "setuptools==58.0.0"
VOLUME [ "/data", "/etc/letsencrypt" ] VOLUME [ "/data", "/etc/letsencrypt" ]
ENTRYPOINT [ "/init" ] ENTRYPOINT [ "/init" ]

View File

@ -1,4 +1,4 @@
FROM jc21/nginx-full:certbot-node FROM nginxproxymanager/nginx-full:certbot-node
LABEL maintainer="Jamie Curnow <jc@jc21.com>" LABEL maintainer="Jamie Curnow <jc@jc21.com>"
# See: https://github.com/just-containers/s6-overlay/blob/master/README.md # See: https://github.com/just-containers/s6-overlay/blob/master/README.md
@ -7,7 +7,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
S6_FIX_ATTRS_HIDDEN=1 \ S6_FIX_ATTRS_HIDDEN=1 \
S6_KILL_FINISH_MAXTIME=10000 \ S6_KILL_FINISH_MAXTIME=10000 \
S6_VERBOSITY=2 S6_VERBOSITY=2 \
NODE_OPTIONS="--openssl-legacy-provider"
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \ && apt-get update \

View File

@ -22,7 +22,7 @@ services:
depends_on: depends_on:
- db - db
healthcheck: healthcheck:
test: ["CMD", "/bin/check-health"] test: ["CMD", "/usr/bin/check-health"]
interval: 10s interval: 10s
timeout: 3s timeout: 3s
@ -43,7 +43,7 @@ services:
- 80 - 80
- 443 - 443
healthcheck: healthcheck:
test: ["CMD", "/bin/check-health"] test: ["CMD", "/usr/bin/check-health"]
interval: 10s interval: 10s
timeout: 3s timeout: 3s

View File

@ -3,7 +3,7 @@
set -e set -e
. /bin/common.sh . /usr/bin/common.sh
cd /app || exit 1 cd /app || exit 1

View File

@ -6,7 +6,7 @@ set -e
# This service is DEVELOPMENT only. # This service is DEVELOPMENT only.
if [ "$DEVELOPMENT" = 'true' ]; then if [ "$DEVELOPMENT" = 'true' ]; then
. /bin/common.sh . /usr/bin/common.sh
cd /app/frontend || exit 1 cd /app/frontend || exit 1
HOME=$NPMHOME HOME=$NPMHOME
export HOME export HOME

View File

@ -3,7 +3,7 @@
set -e set -e
. /bin/common.sh . /usr/bin/common.sh
log_info 'Starting nginx ...' log_info 'Starting nginx ...'
exec s6-setuidgid "$PUID:$PGID" nginx exec s6-setuidgid "$PUID:$PGID" nginx

View File

@ -3,7 +3,7 @@
set -e set -e
. /bin/common.sh . /usr/bin/common.sh
if [ "$(id -u)" != "0" ]; then if [ "$(id -u)" != "0" ]; then
log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization." log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization."

View File

@ -24,4 +24,4 @@ chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
chown -R "$PUID:$PGID" /etc/nginx/conf.d chown -R "$PUID:$PGID" /etc/nginx/conf.d
# Prevents errors when installing python certbot plugins when non-root # Prevents errors when installing python certbot plugins when non-root
chown -R "$PUID:$PGID" /opt/certbot/lib/python3.7/site-packages chown -R "$PUID:$PGID" /opt/certbot/lib/python*/site-packages

View File

@ -76,7 +76,7 @@ feature by adding the following to the service in your `docker-compose.yml` file
```yml ```yml
healthcheck: healthcheck:
test: ["CMD", "/bin/check-health"] test: ["CMD", "/usr/bin/check-health"]
interval: 10s interval: 10s
timeout: 3s timeout: 3s
``` ```

View File

@ -27,10 +27,10 @@
"messageformat-loader": "^0.8.1", "messageformat-loader": "^0.8.1",
"mini-css-extract-plugin": "^0.9.0", "mini-css-extract-plugin": "^0.9.0",
"moment": "^2.29.4", "moment": "^2.29.4",
"node-sass": "^6.0.1", "node-sass": "^9.0.0",
"nodemon": "^2.0.2", "nodemon": "^2.0.2",
"numeral": "^2.0.6", "numeral": "^2.0.6",
"sass-loader": "10.2.0", "sass-loader": "^10.0.0",
"style-loader": "^1.1.3", "style-loader": "^1.1.3",
"tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813", "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
"underscore": "^1.12.1", "underscore": "^1.12.1",

File diff suppressed because it is too large Load Diff

View File

@ -3,14 +3,22 @@
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
. "$DIR/../.common.sh" . "$DIR/../.common.sh"
DOCKER_IMAGE=jc21/nginx-full:certbot-node DOCKER_IMAGE=nginxproxymanager/nginx-full:certbot-node
# Ensure docker exists # Ensure docker exists
if hash docker 2>/dev/null; then if hash docker 2>/dev/null; then
docker pull "${DOCKER_IMAGE}" docker pull "${DOCKER_IMAGE}"
cd "${DIR}/../.." cd "${DIR}/../.."
echo -e "${BLUE} ${CYAN}Building Frontend ...${RESET}" echo -e "${BLUE} ${CYAN}Building Frontend ...${RESET}"
docker run --rm -e CI=true -v "$(pwd)/frontend:/app/frontend" -v "$(pwd)/global:/app/global" -w /app/frontend "$DOCKER_IMAGE" sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
docker run --rm \
-e CI=true \
-e NODE_OPTIONS=--openssl-legacy-provider \
-v "$(pwd)/frontend:/app/frontend" \
-v "$(pwd)/global:/app/global" \
-w /app/frontend "$DOCKER_IMAGE" \
sh -c "yarn install && yarn build && yarn build && chown -R $(id -u):$(id -g) /app/frontend"
echo -e "${BLUE} ${GREEN}Building Frontend Complete${RESET}" echo -e "${BLUE} ${GREEN}Building Frontend Complete${RESET}"
else else
echo -e "${RED} docker command is not available${RESET}" echo -e "${RED} docker command is not available${RESET}"

View File

@ -1,23 +1,31 @@
#!/bin/bash -e #!/bin/bash -e
DOCKER_IMAGE=jc21/nginx-full:certbot-node DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
. "$DIR/../.common.sh"
DOCKER_IMAGE=nginxproxymanager/nginx-full:certbot-node
docker pull "${DOCKER_IMAGE}" docker pull "${DOCKER_IMAGE}"
# Test # Test
echo -e "${BLUE} ${CYAN}Testing backend ...${RESET}"
docker run --rm \ docker run --rm \
-v "$(pwd)/backend:/app" \ -v "$(pwd)/backend:/app" \
-v "$(pwd)/global:/app/global" \ -v "$(pwd)/global:/app/global" \
-w /app \ -w /app \
"${DOCKER_IMAGE}" \ "${DOCKER_IMAGE}" \
sh -c 'yarn install && yarn eslint . && rm -rf node_modules' sh -c 'yarn install && yarn eslint . && rm -rf node_modules'
echo -e "${BLUE} ${GREEN}Testing Complete${RESET}"
# Build # Build
docker build --pull --no-cache --squash --compress \ echo -e "${BLUE} ${CYAN}Building ...${RESET}"
docker build --pull --no-cache --compress \
-t "${IMAGE}:ci-${BUILD_NUMBER}" \ -t "${IMAGE}:ci-${BUILD_NUMBER}" \
-f docker/Dockerfile \ -f docker/Dockerfile \
--progress=plain \
--build-arg TARGETPLATFORM=linux/amd64 \ --build-arg TARGETPLATFORM=linux/amd64 \
--build-arg BUILDPLATFORM=linux/amd64 \ --build-arg BUILDPLATFORM=linux/amd64 \
--build-arg BUILD_VERSION="${BUILD_VERSION}" \ --build-arg BUILD_VERSION="${BUILD_VERSION}" \
--build-arg BUILD_COMMIT="${BUILD_COMMIT}" \ --build-arg BUILD_COMMIT="${BUILD_COMMIT}" \
--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
. .
echo -e "${BLUE} ${GREEN}Building Complete${RESET}"