From edf57d2ebcb4eeac5d56daa61a07fdb2c8c5823b Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Thu, 24 Mar 2022 10:48:46 +0000 Subject: [PATCH 1/8] chore(nginx): Use unpriviledged docker images --- nginx/Dockerfile | 7 +++++-- nginx/README.md | 2 +- nginx/docker-compose.yml | 2 +- nginx/tests/404.bats | 2 +- nginx/tests/default-404-2.bats | 2 +- nginx/tests/default-404.bats | 2 +- nginx/tests/envsub.bats | 2 +- nginx/tests/skip-envsub.bats | 2 +- nginx/tests/volume.bats | 2 +- nginx4spa/Dockerfile | 7 +++++-- nginx4spa/docker-compose.yml | 2 +- nginx4spa/tests/envsub.bats | 2 +- nginx4spa/tests/skip-envsub.bats | 2 +- nginx4spa/tests/volume.bats | 2 +- 14 files changed, 22 insertions(+), 16 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 994bacb56..8612e413b 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.21-alpine +FROM nginxinc/nginx-unprivileged:1.21-alpine COPY ./nginx.conf /etc/nginx/nginx.conf COPY ./entrypoint.sh /entrypoint.sh @@ -6,6 +6,7 @@ COPY ./envsub.sh /envsub.sh COPY ./404.html /usr/share/nginx/errors/ ## adjust permissions +USER root RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html && \ chown -R nginx:nginx /var/cache/nginx && \ chown -R nginx:nginx /var/log/nginx && \ @@ -13,5 +14,7 @@ RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/ RUN touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid - + +USER $UID + ENTRYPOINT ["/entrypoint.sh"] diff --git a/nginx/README.md b/nginx/README.md index 2ddc9cd1f..479a0552e 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -38,7 +38,7 @@ VERSION=x.y.z Notes: -- `PORT` is optional and default to `80` +- `PORT` is optional and default to `8080` To override default configuration, make a local copy of `nginx.conf` and add it to docker build: diff --git a/nginx/docker-compose.yml b/nginx/docker-compose.yml index 6cf8f9298..4fd85a007 100644 --- a/nginx/docker-compose.yml +++ b/nginx/docker-compose.yml @@ -3,7 +3,7 @@ services: build: context: . ports: - - target: 80 + - target: 8080 published: 8888 # diff --git a/nginx/tests/404.bats b/nginx/tests/404.bats index f2005ffea..684ececcd 100644 --- a/nginx/tests/404.bats +++ b/nginx/tests/404.bats @@ -5,7 +5,7 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - --publish 8889:80 \ + --publish 8889:8080 \ --rm \ --volume ${BATS_TEST_DIRNAME}/fixtures:/usr/share/nginx/html \ alpine diff --git a/nginx/tests/default-404-2.bats b/nginx/tests/default-404-2.bats index c92e32442..daaca948a 100644 --- a/nginx/tests/default-404-2.bats +++ b/nginx/tests/default-404-2.bats @@ -5,7 +5,7 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_TEST_DIRNAME}/fixtures-404:/usr/share/nginx/html \ alpine diff --git a/nginx/tests/default-404.bats b/nginx/tests/default-404.bats index a25979959..8c1660bc4 100644 --- a/nginx/tests/default-404.bats +++ b/nginx/tests/default-404.bats @@ -5,7 +5,7 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_TEST_DIRNAME}/fixtures-simple:/usr/share/nginx/html \ alpine diff --git a/nginx/tests/envsub.bats b/nginx/tests/envsub.bats index b274a79ac..370d18867 100644 --- a/nginx/tests/envsub.bats +++ b/nginx/tests/envsub.bats @@ -8,7 +8,7 @@ setup_file() { docker-compose run \ --detach \ -e VERSION=x.y.z \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_RUN_TMPDIR}/www:/usr/share/nginx/html \ alpine diff --git a/nginx/tests/skip-envsub.bats b/nginx/tests/skip-envsub.bats index ecebc0f2b..8c4682179 100644 --- a/nginx/tests/skip-envsub.bats +++ b/nginx/tests/skip-envsub.bats @@ -9,7 +9,7 @@ setup_file() { --detach \ -e VERSION=x.y.z \ -e SKIP_ENVSUBST=true \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_RUN_TMPDIR}/www2:/usr/share/nginx/html \ alpine diff --git a/nginx/tests/volume.bats b/nginx/tests/volume.bats index 59956baf4..c5edf27e0 100644 --- a/nginx/tests/volume.bats +++ b/nginx/tests/volume.bats @@ -5,7 +5,7 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_TEST_DIRNAME}/fixtures:/usr/share/nginx/html \ alpine diff --git a/nginx4spa/Dockerfile b/nginx4spa/Dockerfile index 548cc0cc9..9fb1994a3 100644 --- a/nginx4spa/Dockerfile +++ b/nginx4spa/Dockerfile @@ -1,10 +1,11 @@ -FROM nginx:1.21-alpine +FROM nginxinc/nginx-unprivileged:1.21-alpine COPY ./nginx.conf /etc/nginx/nginx.conf COPY ./entrypoint.sh /entrypoint.sh COPY ./envsub.sh /envsub.sh ## adjust permissions +USER root RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html && \ chown -R nginx:nginx /var/cache/nginx && \ chown -R nginx:nginx /var/log/nginx && \ @@ -12,5 +13,7 @@ RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/ RUN touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid - + +USER $uid + ENTRYPOINT ["/entrypoint.sh"] diff --git a/nginx4spa/docker-compose.yml b/nginx4spa/docker-compose.yml index 6cf8f9298..4fd85a007 100644 --- a/nginx4spa/docker-compose.yml +++ b/nginx4spa/docker-compose.yml @@ -3,7 +3,7 @@ services: build: context: . ports: - - target: 80 + - target: 8080 published: 8888 # diff --git a/nginx4spa/tests/envsub.bats b/nginx4spa/tests/envsub.bats index 364e3c557..ec292cf98 100644 --- a/nginx4spa/tests/envsub.bats +++ b/nginx4spa/tests/envsub.bats @@ -8,7 +8,7 @@ setup_file() { docker-compose run \ --detach \ -e VERSION=x.y.z \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_RUN_TMPDIR}/www:/usr/share/nginx/html \ alpine diff --git a/nginx4spa/tests/skip-envsub.bats b/nginx4spa/tests/skip-envsub.bats index ba104be37..3d8f22ca6 100644 --- a/nginx4spa/tests/skip-envsub.bats +++ b/nginx4spa/tests/skip-envsub.bats @@ -9,7 +9,7 @@ setup_file() { --detach \ -e VERSION=x.y.z \ -e SKIP_ENVSUBST=true \ - --publish 8889:80 \ + --publish 8889:8080 \ --rm \ --volume ${BATS_RUN_TMPDIR}/www2:/usr/share/nginx/html \ alpine diff --git a/nginx4spa/tests/volume.bats b/nginx4spa/tests/volume.bats index a2a422a71..717813172 100644 --- a/nginx4spa/tests/volume.bats +++ b/nginx4spa/tests/volume.bats @@ -5,7 +5,7 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - --publish 8888:80 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_TEST_DIRNAME}/fixtures:/usr/share/nginx/html \ alpine From 146560d83cfd2432fddaeab3eda4543ac75cfa92 Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Thu, 24 Mar 2022 15:50:50 +0100 Subject: [PATCH 2/8] fix: Use 8080 instead of 80 as default port --- nginx/envsub.sh | 2 +- nginx/tests/port.bats | 4 ++-- nginx4spa/envsub.sh | 2 +- nginx4spa/tests/port.bats | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nginx/envsub.sh b/nginx/envsub.sh index 2e914041d..5a30c5ac3 100755 --- a/nginx/envsub.sh +++ b/nginx/envsub.sh @@ -16,7 +16,7 @@ DELIMITER=${DELIMITER:="%%"} printenv > /tmp/env-vars # Add default nginx port -echo "PORT=${PORT:="80"}" >> /tmp/env-vars +echo "PORT=${PORT:="8080"}" >> /tmp/env-vars while IFS='=' read -r KEY VALUE do diff --git a/nginx/tests/port.bats b/nginx/tests/port.bats index 4fde7b313..78dbf5194 100644 --- a/nginx/tests/port.bats +++ b/nginx/tests/port.bats @@ -5,8 +5,8 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - -e PORT=90 \ - --publish 8888:90 \ + -e PORT=9000 \ + --publish 8888:9000 \ --rm \ alpine } diff --git a/nginx4spa/envsub.sh b/nginx4spa/envsub.sh index 2e914041d..5a30c5ac3 100755 --- a/nginx4spa/envsub.sh +++ b/nginx4spa/envsub.sh @@ -16,7 +16,7 @@ DELIMITER=${DELIMITER:="%%"} printenv > /tmp/env-vars # Add default nginx port -echo "PORT=${PORT:="80"}" >> /tmp/env-vars +echo "PORT=${PORT:="8080"}" >> /tmp/env-vars while IFS='=' read -r KEY VALUE do diff --git a/nginx4spa/tests/port.bats b/nginx4spa/tests/port.bats index e34de1032..3c917f05b 100644 --- a/nginx4spa/tests/port.bats +++ b/nginx4spa/tests/port.bats @@ -5,8 +5,8 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - -e PORT=90 \ - --publish 8888:90 \ + -e PORT=9000 \ + --publish 8888:9000 \ --rm \ alpine } From b72679a546915e228874bfeb88b7a7f910847ff0 Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Thu, 24 Mar 2022 16:42:00 +0100 Subject: [PATCH 3/8] fix: Fix variable --- nginx4spa/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx4spa/Dockerfile b/nginx4spa/Dockerfile index 9fb1994a3..32f5e2224 100644 --- a/nginx4spa/Dockerfile +++ b/nginx4spa/Dockerfile @@ -14,6 +14,6 @@ RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/ RUN touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid -USER $uid +USER $UID ENTRYPOINT ["/entrypoint.sh"] From b4aa630b1dc0641a450bd57541e73f1c3075235d Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Thu, 24 Mar 2022 17:37:28 +0100 Subject: [PATCH 4/8] fix: Use raw UID values as ARG are not available from parent --- nginx/Dockerfile | 2 +- nginx4spa/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 8612e413b..42a23aab5 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -15,6 +15,6 @@ RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/ RUN touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid -USER $UID +USER 101 ENTRYPOINT ["/entrypoint.sh"] diff --git a/nginx4spa/Dockerfile b/nginx4spa/Dockerfile index 32f5e2224..2d7f6badf 100644 --- a/nginx4spa/Dockerfile +++ b/nginx4spa/Dockerfile @@ -14,6 +14,6 @@ RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/ RUN touch /var/run/nginx.pid && \ chown -R nginx:nginx /var/run/nginx.pid -USER $UID +USER 101 ENTRYPOINT ["/entrypoint.sh"] From b9ddd406ab58cb780b7d1d861ed05c7dd0b25212 Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Fri, 25 Mar 2022 11:42:54 +0100 Subject: [PATCH 5/8] chore: Remove envsubst --- nginx/Dockerfile | 1 - nginx/README.md | 22 ----------- nginx/entrypoint.sh | 2 - nginx/envsub.sh | 31 ---------------- nginx/nginx.conf | 2 +- nginx/tests/envsub.bats | 37 ------------------- nginx/tests/fixtures-envsubst/404.html | 1 - nginx/tests/fixtures-envsubst/foo/bar/bar.js | 1 - nginx/tests/fixtures-envsubst/foo/bar/bar.png | 1 - nginx/tests/fixtures-envsubst/index.html | 1 - nginx/tests/port.bats | 22 ----------- nginx/tests/skip-envsub.bats | 34 ----------------- 12 files changed, 1 insertion(+), 154 deletions(-) delete mode 100755 nginx/envsub.sh delete mode 100644 nginx/tests/envsub.bats delete mode 100644 nginx/tests/fixtures-envsubst/404.html delete mode 100644 nginx/tests/fixtures-envsubst/foo/bar/bar.js delete mode 100644 nginx/tests/fixtures-envsubst/foo/bar/bar.png delete mode 100644 nginx/tests/fixtures-envsubst/index.html delete mode 100644 nginx/tests/port.bats delete mode 100644 nginx/tests/skip-envsub.bats diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 42a23aab5..a8914b554 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -2,7 +2,6 @@ FROM nginxinc/nginx-unprivileged:1.21-alpine COPY ./nginx.conf /etc/nginx/nginx.conf COPY ./entrypoint.sh /entrypoint.sh -COPY ./envsub.sh /envsub.sh COPY ./404.html /usr/share/nginx/errors/ ## adjust permissions diff --git a/nginx/README.md b/nginx/README.md index 479a0552e..d1c076b26 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -3,7 +3,6 @@ > Nginx image for static web apps - Serve static files from `/usr/share/nginx/html` -- envsubst `%%VARIABLE%%` static files at startup (ex: builds) - Add some security-related headers : ``` @@ -14,27 +13,6 @@ add_header X-Content-Type-Options "nosniff"; > For a single-page-applications nginx image, see [../nginx4spa](../nginx4spa) -## Envsubst on startup - -As default, in every files in the `/usr/share/nginx/html` directory, the [`envsub.sh`](./envsub.sh) script replaces `%%KEY%%` by `VALUE` where `export KEY=VALUE` in the global env var. - -You can disable this by setting the `SKIP_ENVSUBST` environment variable. - -So : - -```sh -$ echo "VERSION=%%VERSION%%" > /www/version.txt -$ docker run \ - --env VERSION=x.y.z \ - --env PORT=4444 \ - --name nginx_test \ - --publish 8888:4444 \ - --rm \ - --volume /www:/usr/share/nginx/html \ - ghcr.io/socialgouv/docker/nginx -$ curl localhost:8888/version.txt -VERSION=x.y.z -``` Notes: diff --git a/nginx/entrypoint.sh b/nginx/entrypoint.sh index 63e212250..2200b24c9 100755 --- a/nginx/entrypoint.sh +++ b/nginx/entrypoint.sh @@ -1,5 +1,3 @@ #!/usr/bin/env sh -source /envsub.sh - exec nginx -g 'daemon off;' diff --git a/nginx/envsub.sh b/nginx/envsub.sh deleted file mode 100755 index 5a30c5ac3..000000000 --- a/nginx/envsub.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env sh - -################################################################################ -# Replace environment values in files # -################################################################################ - -# -# As default, in every files in the "/usr/share/nginx/html" directory, this -# script replaces `%%KEY%%` by `VALUE` where `export KEY=VALUE` in the global env var. -# - -WWW_DIRECTORY=${WWW_DIRECTORY:="/usr/share/nginx/html"} -DELIMITER=${DELIMITER:="%%"} - -# Save env variable in file -printenv > /tmp/env-vars - -# Add default nginx port -echo "PORT=${PORT:="8080"}" >> /tmp/env-vars - -while IFS='=' read -r KEY VALUE -do - # In every files in the dir, replace the environment variables value - [ -z "$SKIP_ENVSUBST" ] && find ${WWW_DIRECTORY} -type f -regex ".*\.\(conf\|txt\|html\|htm\|js\|css\)" -exec \ - sed -i -e "s|${DELIMITER}${KEY}${DELIMITER}|${VALUE}|g" {} \; - # replace in nginx.conf too - sed -i -e "s|${DELIMITER}${KEY}${DELIMITER}|${VALUE}|g" /etc/nginx/nginx.conf - -done < /tmp/env-vars - -rm /tmp/env-vars diff --git a/nginx/nginx.conf b/nginx/nginx.conf index fa2cd5953..5cd42e69a 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -18,7 +18,7 @@ http { sendfile on; server { - listen %%PORT%%; + listen 8080; root /usr/share/nginx/html; index index.html; server_name_in_redirect on; diff --git a/nginx/tests/envsub.bats b/nginx/tests/envsub.bats deleted file mode 100644 index 370d18867..000000000 --- a/nginx/tests/envsub.bats +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bats - -load '../../.bats/common.bats.bash' - -setup_file() { - cp -r ${BATS_TEST_DIRNAME}/fixtures/ ${BATS_RUN_TMPDIR}/www - - docker-compose run \ - --detach \ - -e VERSION=x.y.z \ - --publish 8888:8080 \ - --rm \ - --volume ${BATS_RUN_TMPDIR}/www:/usr/share/nginx/html \ - alpine -} - -teardown_file() { - docker-compose rm -sf -} - -@test "nginx: should replace the VERSION with x.y.z in index.html" { - run wget -qO - localhost:8888 - assert_output "nginx/test/index.html with VERSION=x.y.z" - assert_success -} - -@test "nginx: should replace the VERSION with x.y.z in foo/bar/bar.js" { - run wget -qO - localhost:8888/foo/bar/bar.js - assert_output "// nginx/test/foo/bar/bar.js with VERSION=x.y.z" ] - assert_success -} - -@test "nginx: should not replace the VERSION with x.y.z in foo/bar/bar.png" { - run wget -qO - localhost:8888/foo/bar/bar.png - assert_output "// nginx/test/foo/bar/bar.png with VERSION=%%VERSION%%" ] - assert_success -} diff --git a/nginx/tests/fixtures-envsubst/404.html b/nginx/tests/fixtures-envsubst/404.html deleted file mode 100644 index 591bc567b..000000000 --- a/nginx/tests/fixtures-envsubst/404.html +++ /dev/null @@ -1 +0,0 @@ -CUSTOM 404 PAGE diff --git a/nginx/tests/fixtures-envsubst/foo/bar/bar.js b/nginx/tests/fixtures-envsubst/foo/bar/bar.js deleted file mode 100644 index e754615bc..000000000 --- a/nginx/tests/fixtures-envsubst/foo/bar/bar.js +++ /dev/null @@ -1 +0,0 @@ -// nginx/test/foo/bar/bar.js with VERSION=%%VERSION%% diff --git a/nginx/tests/fixtures-envsubst/foo/bar/bar.png b/nginx/tests/fixtures-envsubst/foo/bar/bar.png deleted file mode 100644 index 135604186..000000000 --- a/nginx/tests/fixtures-envsubst/foo/bar/bar.png +++ /dev/null @@ -1 +0,0 @@ -// nginx/test/foo/bar/bar.png with VERSION=%%VERSION%% diff --git a/nginx/tests/fixtures-envsubst/index.html b/nginx/tests/fixtures-envsubst/index.html deleted file mode 100644 index 7e3a3f746..000000000 --- a/nginx/tests/fixtures-envsubst/index.html +++ /dev/null @@ -1 +0,0 @@ -nginx/test/index.html with VERSION=%%VERSION%% diff --git a/nginx/tests/port.bats b/nginx/tests/port.bats deleted file mode 100644 index 78dbf5194..000000000 --- a/nginx/tests/port.bats +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bats - -load '../../.bats/common.bats.bash' - -setup_file() { - docker-compose run \ - --detach \ - -e PORT=9000 \ - --publish 8888:9000 \ - --rm \ - alpine -} - -teardown_file() { - docker-compose rm -sf -} - -@test "nginx: should be able to change the port" { - run wget -qO - localhost:8888 - assert_line --partial --index 3 "Welcome to nginx!" - assert_success -} diff --git a/nginx/tests/skip-envsub.bats b/nginx/tests/skip-envsub.bats deleted file mode 100644 index 8c4682179..000000000 --- a/nginx/tests/skip-envsub.bats +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bats - -load '../../.bats/common.bats.bash' - -setup_file() { - cp -r ${BATS_TEST_DIRNAME}/fixtures-envsubst/ ${BATS_RUN_TMPDIR}/www2 - - docker-compose run \ - --detach \ - -e VERSION=x.y.z \ - -e SKIP_ENVSUBST=true \ - --publish 8888:8080 \ - --rm \ - --volume ${BATS_RUN_TMPDIR}/www2:/usr/share/nginx/html \ - alpine -} - -teardown_file() { - docker-compose rm -sf -} - -@test "nginx: should NOT replace the VERSION with x.y.z in index.html" { - run wget -qO - localhost:8888 - assert_output "nginx/test/index.html with VERSION=%%VERSION%%" - assert_success -} - -@test "nginx: should NOT replace the VERSION with x.y.z in foo/bar/bar.js" { - run wget -qO - localhost:8888/foo/bar/bar.js - assert_output "// nginx/test/foo/bar/bar.js with VERSION=%%VERSION%%" ] - assert_success -} - - From 24c0fa3cf965edbc5cac809306f62e44581dd41a Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Fri, 25 Mar 2022 11:43:07 +0100 Subject: [PATCH 6/8] chore: Use same port as everywhere else --- nginx/tests/404.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nginx/tests/404.bats b/nginx/tests/404.bats index 684ececcd..b7d9df7dd 100644 --- a/nginx/tests/404.bats +++ b/nginx/tests/404.bats @@ -5,7 +5,7 @@ load '../../.bats/common.bats.bash' setup_file() { docker-compose run \ --detach \ - --publish 8889:8080 \ + --publish 8888:8080 \ --rm \ --volume ${BATS_TEST_DIRNAME}/fixtures:/usr/share/nginx/html \ alpine @@ -16,12 +16,12 @@ teardown_file() { } @test "nginx: should return status 404 (not a SPA)" { - run wget --server-response --quiet http://localhost:8889/pouet + run wget --server-response --quiet http://localhost:8888/pouet assert_output --partial "HTTP/1.1 404 Not Found" } @test "nginx: should return custom 404 page (not a SPA)" { - run wget --content-on-error --output-document - http://localhost:8889/pouet + run wget --content-on-error --output-document - http://localhost:8888/pouet assert_output --partial "CUSTOM 404 PAGE" } From 38488e7ed8d25cf5de0baa0758ab0dc0dc2926f9 Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Mon, 28 Mar 2022 17:52:43 +0200 Subject: [PATCH 7/8] chore: Remove envsubst from nginx4spa --- nginx4spa/Dockerfile | 1 - nginx4spa/README.md | 23 ------------ nginx4spa/entrypoint.sh | 2 - nginx4spa/envsub.sh | 31 ---------------- nginx4spa/nginx.conf | 2 +- nginx4spa/tests/envsub.bats | 37 ------------------- .../tests/fixtures-envsubst/foo/bar/bar.js | 1 - .../tests/fixtures-envsubst/foo/bar/bar.png | 1 - nginx4spa/tests/fixtures-envsubst/index.html | 1 - nginx4spa/tests/port.bats | 22 ----------- nginx4spa/tests/skip-envsub.bats | 34 ----------------- 11 files changed, 1 insertion(+), 154 deletions(-) delete mode 100755 nginx4spa/envsub.sh delete mode 100644 nginx4spa/tests/envsub.bats delete mode 100644 nginx4spa/tests/fixtures-envsubst/foo/bar/bar.js delete mode 100644 nginx4spa/tests/fixtures-envsubst/foo/bar/bar.png delete mode 100644 nginx4spa/tests/fixtures-envsubst/index.html delete mode 100644 nginx4spa/tests/port.bats delete mode 100644 nginx4spa/tests/skip-envsub.bats diff --git a/nginx4spa/Dockerfile b/nginx4spa/Dockerfile index 2d7f6badf..101dd7311 100644 --- a/nginx4spa/Dockerfile +++ b/nginx4spa/Dockerfile @@ -2,7 +2,6 @@ FROM nginxinc/nginx-unprivileged:1.21-alpine COPY ./nginx.conf /etc/nginx/nginx.conf COPY ./entrypoint.sh /entrypoint.sh -COPY ./envsub.sh /envsub.sh ## adjust permissions USER root diff --git a/nginx4spa/README.md b/nginx4spa/README.md index 9161c77f8..a356151ba 100644 --- a/nginx4spa/README.md +++ b/nginx4spa/README.md @@ -4,7 +4,6 @@ - Serve static files from `/usr/share/nginx/html` - Catch-all routing to `/index.html` for single-page-applications with client-side routing -- envsubst `%%VARIABLE%%` static files at startup (ex: builds) - Add some security-related headers : ``` @@ -15,28 +14,6 @@ add_header X-Content-Type-Options "nosniff"; > For regular nginx image, see [../nginx](../nginx) -## Envsubst on startup - -As default, in every files in the `/usr/share/nginx/html` directory, the [`envsub.sh`](./envsub.sh) script replaces `%%KEY%%` by `VALUE` where `export KEY=VALUE` in the global env var. - -You can disable this by setting the `SKIP_ENVSUBST` environment variable. - -So : - -```sh -$ echo "VERSION=%%VERSION%%" > /www/version.txt -$ docker run \ - --env VERSION=x.y.z \ - --env PORT=4444 \ - --name nginx4spa_test \ - --publish 8888:4444 \ - --rm \ - --volume /www:/usr/share/nginx/html \ - ghcr.io/socialgouv/docker/nginx4spa -$ curl localhost:8888/version.txt -VERSION=x.y.z -``` - Notes: - `PORT` is optional and default to `80` diff --git a/nginx4spa/entrypoint.sh b/nginx4spa/entrypoint.sh index 63e212250..2200b24c9 100755 --- a/nginx4spa/entrypoint.sh +++ b/nginx4spa/entrypoint.sh @@ -1,5 +1,3 @@ #!/usr/bin/env sh -source /envsub.sh - exec nginx -g 'daemon off;' diff --git a/nginx4spa/envsub.sh b/nginx4spa/envsub.sh deleted file mode 100755 index 5a30c5ac3..000000000 --- a/nginx4spa/envsub.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env sh - -################################################################################ -# Replace environment values in files # -################################################################################ - -# -# As default, in every files in the "/usr/share/nginx/html" directory, this -# script replaces `%%KEY%%` by `VALUE` where `export KEY=VALUE` in the global env var. -# - -WWW_DIRECTORY=${WWW_DIRECTORY:="/usr/share/nginx/html"} -DELIMITER=${DELIMITER:="%%"} - -# Save env variable in file -printenv > /tmp/env-vars - -# Add default nginx port -echo "PORT=${PORT:="8080"}" >> /tmp/env-vars - -while IFS='=' read -r KEY VALUE -do - # In every files in the dir, replace the environment variables value - [ -z "$SKIP_ENVSUBST" ] && find ${WWW_DIRECTORY} -type f -regex ".*\.\(conf\|txt\|html\|htm\|js\|css\)" -exec \ - sed -i -e "s|${DELIMITER}${KEY}${DELIMITER}|${VALUE}|g" {} \; - # replace in nginx.conf too - sed -i -e "s|${DELIMITER}${KEY}${DELIMITER}|${VALUE}|g" /etc/nginx/nginx.conf - -done < /tmp/env-vars - -rm /tmp/env-vars diff --git a/nginx4spa/nginx.conf b/nginx4spa/nginx.conf index 4dbcac3fe..802d0842a 100644 --- a/nginx4spa/nginx.conf +++ b/nginx4spa/nginx.conf @@ -18,7 +18,7 @@ http { sendfile on; server { - listen %%PORT%%; + listen 8080; root /usr/share/nginx/html; index index.html; server_name_in_redirect on; diff --git a/nginx4spa/tests/envsub.bats b/nginx4spa/tests/envsub.bats deleted file mode 100644 index ec292cf98..000000000 --- a/nginx4spa/tests/envsub.bats +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bats - -load '../../.bats/common.bats.bash' - -setup_file() { - cp -r ${BATS_TEST_DIRNAME}/fixtures/ ${BATS_RUN_TMPDIR}/www - - docker-compose run \ - --detach \ - -e VERSION=x.y.z \ - --publish 8888:8080 \ - --rm \ - --volume ${BATS_RUN_TMPDIR}/www:/usr/share/nginx/html \ - alpine -} - -teardown_file() { - docker-compose rm -sf -} - -@test "nginx4spa: should replace the VERSION with x.y.z in index.html" { - run wget -qO - localhost:8888 - assert_output "nginx4spa/test/index.html with VERSION=x.y.z" - assert_success -} - -@test "nginx4spa: should replace the VERSION with x.y.z in foo/bar/bar.js" { - run wget -qO - localhost:8888/foo/bar/bar.js - assert_output "// nginx4spa/test/foo/bar/bar.js with VERSION=x.y.z" ] - assert_success -} - -@test "nginx4spa: should not replace the VERSION with x.y.z in foo/bar/bar.png" { - run wget -qO - localhost:8888/foo/bar/bar.png - assert_output "// nginx4spa/test/foo/bar/bar.png with VERSION=%%VERSION%%" ] - assert_success -} diff --git a/nginx4spa/tests/fixtures-envsubst/foo/bar/bar.js b/nginx4spa/tests/fixtures-envsubst/foo/bar/bar.js deleted file mode 100644 index 46e8e5053..000000000 --- a/nginx4spa/tests/fixtures-envsubst/foo/bar/bar.js +++ /dev/null @@ -1 +0,0 @@ -// nginx4spa/test/foo/bar/bar.js with VERSION=%%VERSION%% diff --git a/nginx4spa/tests/fixtures-envsubst/foo/bar/bar.png b/nginx4spa/tests/fixtures-envsubst/foo/bar/bar.png deleted file mode 100644 index 66eabfa71..000000000 --- a/nginx4spa/tests/fixtures-envsubst/foo/bar/bar.png +++ /dev/null @@ -1 +0,0 @@ -// nginx4spa/test/foo/bar/bar.png with VERSION=%%VERSION%% diff --git a/nginx4spa/tests/fixtures-envsubst/index.html b/nginx4spa/tests/fixtures-envsubst/index.html deleted file mode 100644 index babd58cf3..000000000 --- a/nginx4spa/tests/fixtures-envsubst/index.html +++ /dev/null @@ -1 +0,0 @@ -nginx4spa/test/index.html with VERSION=%%VERSION%% diff --git a/nginx4spa/tests/port.bats b/nginx4spa/tests/port.bats deleted file mode 100644 index 3c917f05b..000000000 --- a/nginx4spa/tests/port.bats +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bats - -load '../../.bats/common.bats.bash' - -setup_file() { - docker-compose run \ - --detach \ - -e PORT=9000 \ - --publish 8888:9000 \ - --rm \ - alpine -} - -teardown_file() { - docker-compose rm -sf -} - -@test "nginx4spa: should be able to change the port" { - run wget -qO - localhost:8888 - assert_line --partial --index 3 "Welcome to nginx!" - assert_success -} diff --git a/nginx4spa/tests/skip-envsub.bats b/nginx4spa/tests/skip-envsub.bats deleted file mode 100644 index 3d8f22ca6..000000000 --- a/nginx4spa/tests/skip-envsub.bats +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bats - -load '../../.bats/common.bats.bash' - -setup_file() { - cp -r ${BATS_TEST_DIRNAME}/fixtures-envsubst/ ${BATS_RUN_TMPDIR}/www2 - - docker-compose run \ - --detach \ - -e VERSION=x.y.z \ - -e SKIP_ENVSUBST=true \ - --publish 8889:8080 \ - --rm \ - --volume ${BATS_RUN_TMPDIR}/www2:/usr/share/nginx/html \ - alpine -} - -teardown_file() { - docker-compose rm -sf -} - -@test "nginx4spa: should NOT replace the VERSION with x.y.z in index.html" { - run wget -qO - localhost:8889 - assert_output "nginx4spa/test/index.html with VERSION=%%VERSION%%" - assert_success -} - -@test "nginx4spa: should NOT replace the VERSION with x.y.z in foo/bar/bar.js" { - run wget -qO - localhost:8889/foo/bar/bar.js - assert_output "// nginx4spa/test/foo/bar/bar.js with VERSION=%%VERSION%%" ] - assert_success -} - - From b58738a8df2569bc275ad934dddfedfdf4723ad4 Mon Sep 17 00:00:00 2001 From: Adrien Chauve Date: Mon, 28 Mar 2022 18:14:06 +0200 Subject: [PATCH 8/8] feat: USE 8080 port in nginx and nginx4spa images BREAKING CHANGE: port needs to be changed in projects using these images --- nginx/README.md | 2 +- nginx4spa/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/README.md b/nginx/README.md index d1c076b26..9de908601 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -16,7 +16,7 @@ add_header X-Content-Type-Options "nosniff"; Notes: -- `PORT` is optional and default to `8080` +- `PORT` is set to `8080` To override default configuration, make a local copy of `nginx.conf` and add it to docker build: diff --git a/nginx4spa/README.md b/nginx4spa/README.md index a356151ba..c054ca77a 100644 --- a/nginx4spa/README.md +++ b/nginx4spa/README.md @@ -16,7 +16,7 @@ add_header X-Content-Type-Options "nosniff"; Notes: -- `PORT` is optional and default to `80` +- `PORT` is set to `8080`. To override default configuration, make a local copy of `nginx.conf` and add it to docker build: