fix: make frontend image self-contained for read-only filesystems (#128)
Revert Dockerfile to use /tmp redirect for envsubst output, so the image works regardless of docker-compose.yml tmpfs configuration. Removes the uid=101,gid=101 requirement from compose that was a breaking change.
This commit is contained in:
Daniel Volz
GitHub
+1
-1
@@ -52,7 +52,7 @@ services:
|
||||
- /tmp:noexec,nosuid,size=64m
|
||||
- /var/cache/nginx:noexec,nosuid,size=64m
|
||||
- /var/run:noexec,nosuid,size=64m
|
||||
- /etc/nginx/conf.d:noexec,nosuid,size=1m,uid=101,gid=101
|
||||
- /etc/nginx/conf.d:noexec,nosuid,size=1m
|
||||
cap_drop:
|
||||
- ALL
|
||||
|
||||
|
||||
@@ -32,6 +32,11 @@ RUN npm run build
|
||||
# -----------------------------------------------------------------------------
|
||||
FROM nginxinc/nginx-unprivileged:1.27-alpine AS runner
|
||||
|
||||
# Redirect envsubst output to /tmp (writable under read_only: true)
|
||||
# and update nginx main config to include from there instead of /etc/nginx/conf.d/
|
||||
ENV NGINX_ENVSUBST_OUTPUT_DIR=/tmp
|
||||
RUN sed -i 's|include /etc/nginx/conf.d/\*.conf;|include /tmp/default.conf;|' /etc/nginx/nginx.conf
|
||||
|
||||
# Copy custom nginx config as template for envsubst processing
|
||||
# nginx-unprivileged automatically substitutes env vars in .template files
|
||||
COPY nginx.conf /etc/nginx/templates/default.conf.template
|
||||
|
||||
Reference in New Issue
Block a user