blabla1337
commented
3 years ago Hi @namloc2001 no I wasn't aware 👍 Could you give it a try?
Closed namloc2001 closed 2 years ago
blabla1337
commented
3 years ago Hi @namloc2001 no I wasn't aware 👍 Could you give it a try?
namloc2001
commented
3 years ago Hi @blabla1337 happy to have a look, however I cannot clone the repo to my Windows laptop. I believe the naming of this file is problematic for me:
Due to the ':' in the name, likewise for some of the other files. Is there any chance they can be renamed?
namloc2001
commented
3 years ago @blabla1337 I've downloaded the repo as a ZIP and so was able to work on the Dockerfile in isolation. Here is the updated Dockerfile that builds the container so that nginx-unprivileged is used as the base:
#############
### build ###
#############
# base image
FROM node:12-alpine AS builder
LABEL maintainer="glenn.ten.cate@owasp.org"
WORKDIR /home/user_angular/Angular2
COPY ./Angular2 ./
COPY ./Docker/alpine-cloud/angular/site.conf.template /home/user_angular/site.conf.template
# Optimize vendor.bundle.js
RUN npm --loglevel=error install &&\
npm run build --prod
############
### run ###
############
## base image
## nginx-unprivileged uses UID=101 and GID=101 (user and group = nginx)
FROM nginxinc/nginx-unprivileged:1.18.0-alpine as run
## Set ARG for use in later RUN command
ARG GID=0
## Set user for installation steps
USER 0
## Remove default nginx website
RUN rm -rf /usr/share/nginx/html/*
## From builder stage copy over the artifacts in dist folder to default nginx public folder
COPY --from=builder /home/user_angular/Angular2/dist/Angular2 /usr/share/nginx/html
## Copy our default nginx config
COPY --from=builder /home/user_angular/site.conf.template /home/user_angular/site.conf.template
COPY ./Docker/alpine-cloud/angular/entrypoint.sh /home/user_angular/entrypoint.sh
## Apply ownership and permission changes to function with nginx user, that will also work with OpenShift restricted SCC
RUN chown -R nginx:${GID} /home/user_angular/ &&\
chmod -R g=u /home/user_angular/ &&\
chown -R nginx:${GID} /usr/share/nginx/html &&\
chmod -R g=u /usr/share/nginx/html &&\
chown -R nginx:${GID} /var/log/nginx &&\
chmod -R g=u /var/log/nginx &&\
chmod +x /home/user_angular/entrypoint.sh
# nginx-unprivileged container binds on port 8080. Need to decide whether this is kept or deleted.
#RUN rm -f /etc/nginx/conf.d/default.conf
EXPOSE 8788
# Specify the user by number (nginx=101) to permit this to work with OpenShift "mustRunAsNonRoot" SCC permission as well as standard K8s deployments
USER 101
CMD ["/home/user_angular/entrypoint.sh","/home/user_angular/site.conf.template"]
#First go to the main skf-flask folder and from there build the image
#docker build -f Docker/alpine-cloud/angular/Dockerfile . -t skf-angular --no-cache
#docker run -ti -p 127.0.0.1:8788:8788 skf-angular
#docker buildx build -f Docker/alpine-cloud/angular/Dockerfile --platform linux/amd64,linux/arm/v7 -t blabla1337/skf-angular:dev --push .Note: This needs to be addressed, as I'm not sure if you wished to remove it or not, now that 8080 is used as default in base image, rather than tcp/80.
# nginx-unprivileged container binds on port 8080. Need to decide whether this is kept or deleted.
#RUN rm -f /etc/nginx/conf.d/default.confI've then run the container with: docker run -it skf-angular:latest and I see:
+ ORIGIN=http://127.0.0.1:8888
+ SKIP=skfprovider
+ echo 'angular will try to contact the api at: http://127.0.0.1:8888/api'
angular will try to contact the api at: http://127.0.0.1:8888/api
+ find /usr/share/nginx/html -type f -exec sed -i -e s,http://127.0.0.1:8888,http://127.0.0.1:8888,g '{}' ';'
+ cp /home/user_angular/site.conf.template /etc/nginx/conf.d/site.conf
+ cat /etc/nginx/conf.d/site.conf
# Default server configuration
#
server {
listen 8788 default_server;
root /usr/share/nginx/html;
charset utf-8;
server_tokens off;
server_name _; #by default localhost
location / {
try_files $uri $uri/ /index.html =404;
proxy_http_version 1.1;
}
}
+ find /usr/share/nginx/html -type f -exec sed -i -e s,skfprovider,skfprovider,g '{}' ';'
+ exec nginx -g 'daemon off;'So I believe that is working ok?
I've also run the container via: docker run -it --entrypoint=/bin/sh skf-angular:latest and can see:
id
uid=101(nginx) gid=101(nginx) groups=101(nginx)ls -la /home/user_angular/
total 24
drwxrwxr-x 1 nginx root 4096 Jan 6 11:48 .
drwxr-xr-x 1 root root 4096 Jan 6 11:48 ..
-rwxrwxr-x 1 nginx root 440 Jan 6 11:42 entrypoint.sh
-rwxrwxr-x 1 nginx root 269 Jan 6 11:42 site.conf.templatels -la /usr/share/nginx/html
total 35800
drwxrwxr-x 1 nginx root 12288 Jan 6 11:48 .
drwxr-xr-x 1 root root 4096 Dec 18 15:13 ..
drwxrwxr-x 1 nginx root 4096 Jan 6 11:48 assets
-rw-rw-r-- 1 nginx root 5736 Jan 6 11:46 category-category-module-es2015.js
-rw-rw-r-- 1 nginx root 2041 Jan 6 11:46 category-category-module-es2015.js.map
-rw-rw-r-- 1 nginx root 6486 Jan 6 11:46 category-category-module-es5.js
-rw-rw-r-- 1 nginx root 2369 Jan 6 11:46 category-category-module-es5.js.map
(etc etc)ls -la /var/log/nginx
total 16
drwxrwxr-x 1 nginx root 4096 Dec 18 15:13 .
drwxr-xr-x 1 root root 4096 Dec 18 15:13 ..
lrwxrwxrwx 1 nginx root 11 Dec 18 15:13 access.log -> /dev/stdout
lrwxrwxrwx 1 nginx root 11 Dec 18 15:13 error.log -> /dev/stderrls -la /home/user_angular/entrypoint.sh
-rwxrwxr-x 1 nginx root 440 Jan 6 11:42 /home/user_angular/entrypoint.shAre you please able to implement these changes on a branch, test them and merge them on my behalf?
Hi, would you consider/is there any reason not to replace nginx
FROM nginx:1.14.1-alpineto the unprivileged equivalent, which I think would be this one?