fullheart commented 2 years ago

Steps To Reproduce

Steps to reproduce:

Setup Penpot with Docker (By this instructions)
Start Penpot with docker-compose -p penpot up -d
Run curl -I http://localhost:9001/js/config.js?ts=1664890619766 in console

Expected behavior

Statuscode 200 OK - expected CURL output:

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 19:48:45 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 96
Last-Modified: Fri, 07 Oct 2022 19:48:43 GMT
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=86400
Accept-Ranges: bytes

Actual behavior

Statuscode 403 Forbidden - current CURL output:

HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 07 Oct 2022 18:31:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 146
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=86400

Screenshots or video

See failed load in Firefox console:

Desktop (please complete the following information)

All Operating-System's & Browsers

Smartphone (please complete the following information)

All Devices & Operating-System's

Environment (please complete the following information)

Host: local instance
OS: Ubuntu 18.04.6 LTS
Docker version: Docker version 20.10.7, build 20.10.7-0ubuntu5~18.04.3
Docker-Compose version: docker-compose version 1.25.5, build 8a1c60f6
Docker Image: (latest) https://hub.docker.com/r/penpotapp/frontend
Docker Command: docker-compose -p penpot up -d
File docker-compose.yml:
```
---
version: "3.5"
```

networks: penpot:

services: penpot-frontend: image: "penpotapp/frontend:latest" ports:

9001:80

volumes:
./data:/opt/data

env_file:
config.env

depends_on:
penpot-backend
penpot-exporter

networks:
penpot

penpot-backend: image: "penpotapp/backend:latest" volumes:
./data:/opt/data

depends_on:
penpot-postgres
penpot-redis

env_file:
config.env

networks:
penpot

penpot-exporter: image: "penpotapp/exporter:latest" env_file:
config.env environment:
Don't touch it; this uses internal docker network to

communicate with the frontend.
PENPOT_PUBLIC_URI=http://penpot-frontend networks:
penpot

penpot-postgres: image: "postgres:13" restart: always stop_signal: SIGINT

environment:
POSTGRES_INITDB_ARGS=--data-checksums
POSTGRES_DB=*****
POSTGRES_USER=*****
POSTGRES_PASSWORD=*****

volumes:
./data/postgres:/var/lib/postgresql/data

networks:
penpot

penpot-redis: image: redis:6 restart: always networks:

penpot


- File `config.env`
```env
## Should be set to the public domain where penpot is going to be served.
##
## NOTE: If you are going to serve it under different domain than
## 'localhost' without HTTPS, consider setting the
## `disable-secure-session-cookies' flag on the 'PENPOT_FLAGS'
## setting.

PENPOT_PUBLIC_URI=***** PENPOT_TENANT=pro

Feature flags.

PENPOT_FLAGS=disable-login enable-login-with-oidc enable-smtp

Define NO domain for registration as workaround, because PENPOT_FLAG 'disable-registration' crash the OpenID login

See open Issue:

https://github.com/penpot/penpot/issues/2393#issuecomment-1265478901 PENPOT_REGISTRATION_DOMAIN_WHITELIST=""

Temporal workaround because of bad builtin default

PENPOT_HTTP_SERVER_HOST=0.0.0.0

Standard database connection parameters (only postgresql is supported):

PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot PENPOT_DATABASE_USERNAME= PENPOT_DATABASE_PASSWORD=

Redis is used for the websockets notifications.

PENPOT_REDIS_URI=redis://penpot-redis/0

By default, files uploaded by users are stored in local

filesystem. But it can be configured to store in AWS S3.

PENPOT_ASSETS_STORAGE_BACKEND=assets-fs PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets

Telemetry. When enabled, a periodical process will send anonymous

data about this instance. Telemetry data will enable us to learn on

how the application is used, based on real scenarios. If you want

to help us, please leave it enabled.

PENPOT_TELEMETRY_ENABLED=false

Email sending configuration. By default, emails are printed in the

console, but for production usage is recommended to setup a real

SMTP provider. Emails are used to confirm user registrations.

PENPOT_SMTP_ENABLED= PENPOT_SMTP_DEFAULT_FROM= PENPOT_SMTP_DEFAULT_REPLY_TO= PENPOT_SMTP_HOST= PENPOT_SMTP_PORT= PENPOT_SMTP_USERNAME= PENPOT_SMTP_PASSWORD= PENPOT_SMTP_TLS= PENPOT_SMTP_SSL=*****

Comma separated list of allowed domains to register. Empty to allow

all.

PENPOT_REGISTRATION_DOMAIN_WHITELIST=""

Authentication providers

Google

PENPOT_GOOGLE_CLIENT_ID=

PENPOT_GOOGLE_CLIENT_SECRET=

GitHub

PENPOT_GITHUB_CLIENT_ID=

PENPOT_GITHUB_CLIENT_SECRET=

GitLab

PENPOT_GITLAB_BASE_URI=https://gitlab.com

PENPOT_GITLAB_CLIENT_ID=

PENPOT_GITLAB_CLIENT_SECRET=

OpenID Connect (since 1.5.0)

PENPOT_OIDC_BASE_URI= PENPOT_OIDC_CLIENT_ID= PENPOT_OIDC_CLIENT_SECRET= PENPOT_OIDC_SCOPES=

PENPOT_OIDC_NAME_ATTR=*****

PENPOT_OIDC_EMAIL_ATTR=*****

LDAP

NOTE: to enable ldap, you will need to put 'enable-login-with-ldap'

on the 'PENPOT_FLAGS' environment variable.

PENPOT_LDAP_HOST=ldap

PENPOT_LDAP_PORT=10389

PENPOT_LDAP_SSL=false

PENPOT_LDAP_STARTTLS=false

PENPOT_LDAP_BASE_DN=ou=people,dc=planetexpress,dc=com

PENPOT_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com

PENPOT_LDAP_BIND_PASSWORD=GoodNewsEveryone

PENPOT_LDAP_ATTRS_USERNAME=uid

PENPOT_LDAP_ATTRS_EMAIL=mail

PENPOT_LDAP_ATTRS_FULLNAME=cn


### Frontend Stack Trace

```console
2022/10/07 20:13:29 [error] 13#13: *7 open() "/var/www/app/js/config.js" failed (13: Permission denied), client: 192.168.144.1, server: _, request: "HEAD /js/config.js?ts=1664890619766 HTTP/1.1", host: "localhost:9001"
192.168.144.1 - - [07/Oct/2022:20:13:29 +0000] "HEAD /js/config.js?ts=1664890619766 HTTP/1.1" 403 0 "-" "curl/7.58.0