search

redimp / otterwiki

A minimalistic wiki powered by python, markdown and git.
https://otterwiki.com
MIT License
195 stars 22 forks source link

nginx baked into the docker image #121

Open edheliel opened 5 days ago

edheliel commented 5 days ago

Current State

The docker image comes with nginx reverse proxy baked in and opens container port 80.

Issue description

Conclusion

PS: Unless there is some other reason why nginx is inside of the docker image, for me seems reasonable to not ship the container with nginx and rather use smaller more secure container image like alpine or the likes

If this is on your radar I am also happy to help

redimp commented 5 days ago

Hey @edheliel, thank you for bringing this up.

The image has nginx bundled originally out of two reasons:

  1. Serving static files, doing this with flask is highly inefficient and with uwsgi alone I did not manage to find a performant solution, but I have not tried this again and it maybe worth a shot.
  2. For convinience with nginx bundled it's easy to deploy the image standalone. The 10MB of wasted memory are in my opinion bearable.

I agree with the point of running an unpriviliged user and an overall smaller image.

This might cause a problem that I want to avoid: breaking backwards compability. So that An Otterwiki user breaks an existing installation because of a change in ports.

Thinking about it: Maybe an extra released "slim" image, with a matching tag like otterwiki:2.x.y-slim would be a conceivable middle ground?

edheliel commented 1 day ago

Hi @redimp,

Sorry for the late reply, life happened. I agree that maybe going for 2 different versions of the docker image is the way to go so everyone can choose what they feel is the right thing for them.