diff --git a/Dockerfile b/Dockerfile index 0f4ecfd36..0d5951dee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN yarn install COPY --from=builder /app/out/full/ . COPY turbo.json turbo.json COPY replace-env-vars.sh /usr/local/bin/ -USER root + RUN chmod +x /usr/local/bin/replace-env-vars.sh RUN yarn turbo run build @@ -89,21 +89,17 @@ RUN chmod -R 777 /code WORKDIR /app -# Don't run production as root -RUN addgroup --system --gid 1001 plane -RUN adduser --system --uid 1001 captain - COPY --from=installer /app/apps/app/next.config.js . COPY --from=installer /app/apps/app/package.json . COPY --from=installer /app/apps/space/next.config.js . COPY --from=installer /app/apps/space/package.json . -COPY --from=installer --chown=captain:plane /app/apps/app/.next/standalone ./ +COPY --from=installer /app/apps/app/.next/standalone ./ -COPY --from=installer --chown=captain:plane /app/apps/app/.next/static ./apps/app/.next/static +COPY --from=installer /app/apps/app/.next/static ./apps/app/.next/static -COPY --from=installer --chown=captain:plane /app/apps/space/.next/standalone ./ -COPY --from=installer --chown=captain:plane /app/apps/space/.next ./apps/space/.next +COPY --from=installer /app/apps/space/.next/standalone ./ +COPY --from=installer /app/apps/space/.next ./apps/space/.next ENV NEXT_TELEMETRY_DISABLED 1 @@ -118,7 +114,6 @@ ARG NEXT_PUBLIC_API_BASE_URL=http://localhost:8000 ENV NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \ BUILT_NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL -USER root COPY replace-env-vars.sh /usr/local/bin/ COPY start.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/replace-env-vars.sh diff --git a/apiserver/Dockerfile.api b/apiserver/Dockerfile.api index 34a50334a..31124c8f5 100644 --- a/apiserver/Dockerfile.api +++ b/apiserver/Dockerfile.api @@ -32,28 +32,18 @@ RUN apk add --no-cache --virtual .build-deps \ apk del .build-deps -RUN addgroup -S plane && \ - adduser -S captain -G plane - -RUN chown captain.plane /code - -USER captain - # Add in Django deps and generate Django's static files COPY manage.py manage.py COPY plane plane/ COPY templates templates/ COPY package.json package.json -USER root + RUN apk --no-cache add "bash~=5.2" COPY ./bin ./bin/ RUN mkdir -p /code/plane/logs RUN chmod +x ./bin/takeoff ./bin/worker ./bin/beat RUN chmod -R 777 /code -RUN chown -R captain:plane /code - -USER captain # Expose container port and run entry point script EXPOSE 8000 diff --git a/apiserver/Dockerfile.dev b/apiserver/Dockerfile.dev index 06f15231c..6a225fec3 100644 --- a/apiserver/Dockerfile.dev +++ b/apiserver/Dockerfile.dev @@ -30,17 +30,13 @@ ADD requirements ./requirements # Install the local development settings RUN pip install -r requirements/local.txt --compile --no-cache-dir -RUN addgroup -S plane && \ - adduser -S captain -G plane COPY . . RUN mkdir -p /code/plane/logs -RUN chown -R captain.plane /code RUN chmod -R +x /code/bin RUN chmod -R 777 /code -USER captain # Expose container port and run entry point script EXPOSE 8000 diff --git a/apiserver/plane/settings/production.py b/apiserver/plane/settings/production.py index caf6804a3..c56222c67 100644 --- a/apiserver/plane/settings/production.py +++ b/apiserver/plane/settings/production.py @@ -6,7 +6,7 @@ from .common import * # noqa # SECURITY WARNING: don't run with debug turned on in production! DEBUG = int(os.environ.get("DEBUG", 0)) == 1 -DEBUG = True + # Honor the 'X-Forwarded-Proto' header for request.is_secure() SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") @@ -25,7 +25,7 @@ LOG_DIR = os.path.join(BASE_DIR, "logs") # noqa if not os.path.exists(LOG_DIR): os.makedirs(LOG_DIR) - +# Logging configuration LOGGING = { "version": 1, "disable_existing_loggers": False, diff --git a/space/Dockerfile.space b/space/Dockerfile.space index 12c309134..6e2bfd065 100644 --- a/space/Dockerfile.space +++ b/space/Dockerfile.space @@ -19,7 +19,6 @@ RUN yarn install --network-timeout 500000 COPY --from=builder /app/out/full/ . COPY turbo.json turbo.json -USER root ARG NEXT_PUBLIC_API_BASE_URL="" ARG NEXT_PUBLIC_DEPLOY_WITH_NGINX=1 @@ -32,17 +31,13 @@ RUN yarn turbo run build --filter=space FROM node:18-alpine AS runner WORKDIR /app -RUN addgroup --system --gid 1001 plane -RUN adduser --system --uid 1001 captain -USER captain - COPY --from=installer /app/space/next.config.js . COPY --from=installer /app/space/package.json . -COPY --from=installer --chown=captain:plane /app/space/.next/standalone ./ +COPY --from=installer /app/space/.next/standalone ./ -COPY --from=installer --chown=captain:plane /app/space/.next ./space/.next -COPY --from=installer --chown=captain:plane /app/space/public ./space/public +COPY --from=installer /app/space/.next ./space/.next +COPY --from=installer /app/space/public ./space/public ARG NEXT_PUBLIC_API_BASE_URL="" ARG NEXT_PUBLIC_DEPLOY_WITH_NGINX=1 @@ -50,11 +45,9 @@ ARG NEXT_PUBLIC_DEPLOY_WITH_NGINX=1 ENV NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL ENV NEXT_PUBLIC_DEPLOY_WITH_NGINX=$NEXT_PUBLIC_DEPLOY_WITH_NGINX -USER root COPY start.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/start.sh -USER captain ENV NEXT_TELEMETRY_DISABLED 1 diff --git a/web/Dockerfile.web b/web/Dockerfile.web index e0d525c2c..5490fb0da 100644 --- a/web/Dockerfile.web +++ b/web/Dockerfile.web @@ -32,7 +32,7 @@ RUN yarn install --network-timeout 500000 # Build the project COPY --from=builder /app/out/full/ . COPY turbo.json turbo.json -USER root + ENV NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL ENV NEXT_PUBLIC_DEPLOY_URL=$NEXT_PUBLIC_DEPLOY_URL @@ -46,31 +46,23 @@ RUN yarn turbo run build --filter=web FROM node:18-alpine AS runner WORKDIR /app -# Don't run production as root -RUN addgroup --system --gid 1001 plane -RUN adduser --system --uid 1001 captain -USER captain - COPY --from=installer /app/web/next.config.js . COPY --from=installer /app/web/package.json . # Automatically leverage output traces to reduce image size # https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --from=installer --chown=captain:plane /app/web/.next/standalone ./ -COPY --from=installer --chown=captain:plane /app/web/.next ./web/.next -COPY --from=installer --chown=captain:plane /app/web/public ./web/public +COPY --from=installer /app/web/.next/standalone ./ +COPY --from=installer /app/web/.next ./web/.next +COPY --from=installer /app/web/public ./web/public ARG NEXT_PUBLIC_API_BASE_URL="" ARG NEXT_PUBLIC_DEPLOY_URL="" ENV NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL ENV NEXT_PUBLIC_DEPLOY_URL=$NEXT_PUBLIC_DEPLOY_URL -USER root COPY start.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/start.sh -USER captain - ENV NEXT_TELEMETRY_DISABLED 1 EXPOSE 3000