diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile index 574e3334c..2c2bc5c27 100644 --- a/deploy/docker/Dockerfile +++ b/deploy/docker/Dockerfile @@ -33,6 +33,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends gosu \ && addgroup --system --gid 9001 lowcoder \ && adduser --system --disabled-password --no-create-home --uid 9001 --gid 9001 lowcoder + # Copy lowcoder server configuration COPY --chown=lowcoder:lowcoder --from=build-api-service /lowcoder/api-service /lowcoder/api-service @@ -145,7 +146,7 @@ RUN yarn build ## To create a separate image out of it, build it with: ## DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t lowcoderorg/lowcoder-ce-frontend --target lowcoder-ce-frontend . ## -FROM nginx:1.25.1 AS lowcoder-ce-frontend +FROM nginx:1.27.1 AS lowcoder-ce-frontend LABEL maintainer="lowcoder" # Change default nginx user into lowcoder user and remove default nginx config @@ -186,27 +187,29 @@ EXPOSE 3443 ## ## Build Lowcoder all-in-one image ## -FROM lowcoder-ce-frontend +FROM ubuntu:jammy LABEL maintainer="lowcoder" -RUN apt-get update && apt-get upgrade -y \ - && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates gnupg \ +# Install essential tools +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates gnupg bash lsb-release \ && rm -rf /var/cache/apt/lists /var/lib/apt/lists/* /var/log/dpkg.log \ && apt-get clean -# Add nodejs repo and keys -RUN mkdir -p /etc/apt/keyrings \ - && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \ - && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list +# Add required apt repositories and signing keys +RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/nodesource-keyring.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \ + && curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb `lsb_release -cs` main" | tee /etc/apt/sources.list.d/redis.list \ + && curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/ubuntu `lsb_release -cs`/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list \ + && curl -fsSL https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list # Install required packages -RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y bash gnupg curl lsb-release \ - && curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \ - && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb bookworm main" | tee /etc/apt/sources.list.d/redis.list \ - && curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg \ - && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list \ - && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends -y \ +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends -y \ + nginx=1.27.1-1~jammy \ mongodb-org \ redis \ supervisor \ @@ -215,10 +218,39 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-instal openjdk-17-jdk-headless \ && npm install -g yarn \ && rm -rf /var/cache/apt/lists /var/lib/apt/lists/* /var/log/dpkg.log \ - && mkdir -p /lowcoder/assets \ && apt-get clean \ && rm -rf /tmp/* +# Use configuration setup from official nginx image +RUN rm -rf /etc/nginx/nginx.conf +COPY --from=nginx:1.27.1 /docker-entrypoint.d /docker-entrypoint.d +COPY --from=nginx:1.27.1 /docker-entrypoint.sh /docker-entrypoint.sh + +# Add lowcoder user +RUN usermod --login lowcoder --uid 9001 nginx \ + && groupmod --new-name lowcoder --gid 9001 nginx + +# Copy additional nginx init scripts and configs +COPY --chmod=0755 deploy/docker/frontend/00-change-nginx-user.sh /docker-entrypoint.d/00-change-nginx-user.sh +COPY --chmod=0755 deploy/docker/frontend/01-update-nginx-conf.sh /docker-entrypoint.d/01-update-nginx-conf.sh +COPY deploy/docker/frontend/server.conf /etc/nginx/server.conf +COPY deploy/docker/frontend/nginx-http.conf /etc/nginx/nginx-http.conf +COPY deploy/docker/frontend/nginx-https.conf /etc/nginx/nginx-https.conf +COPY deploy/docker/frontend/ssl-certificate.conf /etc/nginx/ssl-certificate.conf +COPY deploy/docker/frontend/ssl-params.conf /etc/nginx/ssl-params.conf + + +# Add lowcoder frontend +# copy lowcoder client +COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder/build/ /lowcoder/client +# copy lowcoder components +COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder-comps/lowcoder-comps /lowcoder/client-comps +# copy lowcoder SDK +COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder-sdk /lowcoder/client-sdk +# copy lowcoder SDK webpack bundle +COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder-sdk-webpack-bundle/dist /lowcoder/client-embed +RUN mkdir -p /lowcoder/assets/ && chown lowcoder:lowcoder /lowcoder/assets/ + # Add lowcoder api-service COPY --chown=lowcoder:lowcoder --from=lowcoder-ce-api-service /lowcoder/api-service /lowcoder/api-service RUN mkdir -p /lowcoder/plugins/ && chown lowcoder:lowcoder /lowcoder/plugins/ diff --git a/deploy/docker/README.md b/deploy/docker/README.md index 607aa7fbb..16986c25d 100644 --- a/deploy/docker/README.md +++ b/deploy/docker/README.md @@ -51,8 +51,8 @@ Image can be configured by setting environment variables. | `LOWCODER_EMAIL_SIGNUP_ENABLED` | Control if users create their own Workspace automatic when Sign Up | `true` | | `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up | `true` | | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` | -| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` | -| `LOWCODER_SUPERUSER_PASSWORD` | Control if not to show Apps on the local Marketplace to anonymous users | | +| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` | +| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file | Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on) @@ -115,8 +115,8 @@ Image can be configured by setting environment variables. | `LOWCODER_EMAIL_SIGNUP_ENABLED` | Control is users can create their own Workspace when Sign Up | `true` | | `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up | `true` | | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` | -| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` | -| `LOWCODER_SUPERUSER_PASSWORD` | Control if not to show Apps on the local Marketplace to anonymous users | | +| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` | +| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file | Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on) On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml index b3bb6b929..6e79ebea3 100644 --- a/deploy/docker/docker-compose-multi.yaml +++ b/deploy/docker/docker-compose-multi.yaml @@ -5,20 +5,20 @@ services: ## Start services required for Lowcoder (MongoDB and Redis) ## mongodb: - image: "mongo:4.4" + image: "mongo:7.0" container_name: mongodb environment: MONGO_INITDB_DATABASE: lowcoder MONGO_INITDB_ROOT_USERNAME: lowcoder MONGO_INITDB_ROOT_PASSWORD: secret123 - # Uncomment to save database data into local 'mongodata' folder - # volumes: - # - ./mongodata:/data/db + volumes: + - ./lowcoder-stacks/data/mongodb:/data/db restart: unless-stopped redis: image: redis:7-alpine container_name: redis + restart: unless-stopped ## @@ -31,12 +31,14 @@ services: # ports: # - "8080:8080" environment: + LOWCODER_PUBLIC_URL: "http://localhost:3000/" LOWCODER_PUID: "9001" LOWCODER_PGID: "9001" LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin" LOWCODER_REDIS_URL: "redis://redis:6379" LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060" LOWCODER_MAX_QUERY_TIMEOUT: 120 + LOWCODER_MAX_REQUEST_SIZE: 20m LOWCODER_EMAIL_AUTH_ENABLED: "true" LOWCODER_EMAIL_SIGNUP_ENABLED: "true" LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true" @@ -59,22 +61,33 @@ services: # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 # LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" + LOWCODER_PLUGINS_DIR: "../plugins" + LOWCODER_API_RATE_LIMIT: 50 LOWCODER_WORKSPACE_MODE: SAAS + LOWCODER_MARKETPLACE_PRIVATE_MODE: "true" # Lowcoder notification emails setup LOWCODER_ADMIN_SMTP_HOST: smtp.gmail.com LOWCODER_ADMIN_SMTP_PORT: 587 LOWCODER_ADMIN_SMTP_USERNAME: LOWCODER_ADMIN_SMTP_PASSWORD: - LOWCODER_ADMIN_SMTP_AUTH: true - LOWCODER_ADMIN_SMTP_SSL_ENABLED: false - LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: true - LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: true + LOWCODER_ADMIN_SMTP_AUTH: "true" + LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false" + LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true" + LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true" # Email used as sender in lost password email LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost + # Lowcoder superuser details + LOWCODER_SUPERUSER_USERNAME: admin@localhost + # If left blank, a password will be generated and written into api-service log + LOWCODER_SUPERUSER_PASSWORD: restart: unless-stopped depends_on: - mongodb - redis + volumes: + - ./lowcoder-stacks:/lowcoder-stacks + - ./lowcoder-stacks/assets:/lowcoder/assets + lowcoder-node-service: image: lowcoderorg/lowcoder-ce-node-service:latest @@ -109,7 +122,6 @@ services: depends_on: - lowcoder-node-service - lowcoder-api-service - # Uncomment to serve local files as static assets - # volumes: - # - ./static-assets:/lowcoder/assets + volumes: + - ./lowcoder-stacks/assets:/lowcoder/assets diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml index 4dc50803c..0ca430655 100644 --- a/deploy/docker/docker-compose.yaml +++ b/deploy/docker/docker-compose.yaml @@ -26,6 +26,7 @@ services: LOWCODER_NODE_SERVICE_ENABLED: "true" LOWCODER_FRONTEND_ENABLED: "true" # generic parameters + # Effective user and group IDs LOWCODER_PUID: "1000" LOWCODER_PGID: "1000" # api-service parameters @@ -55,12 +56,15 @@ services: # LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" # api and node service parameters + LOWCODER_PLUGINS_DIR: "../plugins" + LOWCODER_API_RATE_LIMIT: 50 LOWCODER_API_SERVICE_URL: "http://localhost:8080" LOWCODER_NODE_SERVICE_URL: "http://localhost:6060" # frontend parameters LOWCODER_MAX_REQUEST_SIZE: 20m LOWCODER_MAX_QUERY_TIMEOUT: 120 LOWCODER_WORKSPACE_MODE: SAAS + LOWCODER_MARKETPLACE_PRIVATE_MODE: "true" # Lowcoder notification emails setup LOWCODER_ADMIN_SMTP_HOST: localhost LOWCODER_ADMIN_SMTP_PORT: 587 @@ -72,6 +76,10 @@ services: LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true" # Email used as sender in lost password email LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost + # Lowcoder superuser details + LOWCODER_SUPERUSER_USERNAME: admin@localhost + # If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log) + LOWCODER_SUPERUSER_PASSWORD: volumes: - ./lowcoder-stacks:/lowcoder-stacks - ./lowcoder-stacks/assets:/lowcoder/assets