search

strapi-community / strapi-tool-dockerize

Easy add support for docker to your strapi project
MIT License
504 stars 34 forks source link

Changed the order of the scripts to avoid 'permission denied' when running on the server #90

Closed ainusdev closed 11 months ago

ainusdev commented 11 months ago

Changed the order of the scripts to avoid 'permission denied' when running on the server

Eventyret commented 11 months ago

Don't think we need to change DB to -db Also removing volumes will cause other issues.

ainusdev commented 11 months ago

Don't think we need to change DB to -db Also removing volumes will cause other issues.

Hello. Thank you for reviewing. But the important things are the first and second. 2 items will eliminate the stress of beginners using this repository.

Eventyret commented 11 months ago

So your suggesting building as root and then run as a user?

ainusdev commented 11 months ago

So your suggesting building as root and then run as a user?

안녕하세요. 저는 영어가 익숙하지 않아서 한글로 적은 다음에 번역기를 통해서 영어로 작성할게요. 누군가 더 좋은 영어를 적을 수 있다면 보완해주기를 바랍니다.

이 문제는 다음과 같은 이유에서 발생합니다. 원본 기준입니다.

  1. 서버를 특별히 프로덕션을 위해서 사용자를 체계적으로 설정하지 않는 이상은 대부분 "root"로 작업하는 경우가 많습니다.
  2. Dockerfile을 통해 빌드 된 이미지를 만들었지만, docker-compose.yml 에서 사용자의 볼륨을 바인딩 함으로써 이미지 내 node는 .env에 접근할 수가 없게 됩니다.
  3. 바인딩 된 볼륨은 root 혹은 다른 사용자의 것인데 node는 node:node 이기에 그로인해 시작을 할 수가 없습니다.
  4. 그래서 저는 docker-compose.yml에서 볼륨 바인딩을 삭제했습니다.

설명을 작성하다보니 오직 docker-compose.yml만 수정해서 Pull Request를 하는게 옳았네요.

읽어주셔서 감사합니다.

Hello there. I've written in Korean as I'm not very familiar with English, and I'll now translate it using a translator. If anyone can provide better English, please feel free to enhance it.

This issue arises for the following reasons, based on the original context:

  1. Unless the server is systematically configured for users specifically for production, it's common for most operations to be done as "root."
  2. While creating an image through a Dockerfile, binding a user's volume in the docker-compose.yml prevents the node inside the image from accessing .env.
  3. The bound volume belongs to root or another user, but since the node is set as node:node, it can't start due to this conflict.
  4. Therefore, I removed the volume binding from the docker-compose.yml.

As I was explaining, it turns out that modifying only the docker-compose.yml and submitting a Pull Request was the right solution.

Thank you for reading.

Eventyret commented 11 months ago

Thank you for explaining this. Running it as root is very bad practice hence the user. Running a server as root and container is not secure. So I would either suggest a fork or a different implementation we could suggest running as root and let the user choose this but overall you want to secure your server.

So I will close this issue as we won't accept this pr