Docker updates

deploy/docker/Dockerfile

@@ -33,6 +33,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends gosu \
   && addgroup --system --gid 9001 lowcoder \
   && adduser --system --disabled-password --no-create-home --uid 9001 --gid 9001 lowcoder
 
+
 # Copy lowcoder server configuration
 COPY --chown=lowcoder:lowcoder --from=build-api-service /lowcoder/api-service /lowcoder/api-service
 
@@ -145,7 +146,7 @@ RUN yarn build
 ## To create a separate image out of it, build it with:
 ##   DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t lowcoderorg/lowcoder-ce-frontend --target lowcoder-ce-frontend .
 ##
-FROM nginx:1.25.1 AS lowcoder-ce-frontend
+FROM nginx:1.27.1 AS lowcoder-ce-frontend
 LABEL maintainer="lowcoder"
 
 # Change default nginx user into lowcoder user and remove default nginx config
@@ -186,27 +187,29 @@ EXPOSE 3443
 ##
 ## Build Lowcoder all-in-one image
 ##
-FROM lowcoder-ce-frontend
+FROM ubuntu:jammy
 LABEL maintainer="lowcoder"
 
-RUN apt-get update && apt-get upgrade -y \
-  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates gnupg \
+# Install essential tools
+RUN apt-get update \
+  && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates gnupg bash lsb-release \
   && rm -rf /var/cache/apt/lists /var/lib/apt/lists/* /var/log/dpkg.log \
   && apt-get clean
 
-# Add nodejs repo and keys
-RUN mkdir -p /etc/apt/keyrings \
-  && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
-  && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+# Add required apt repositories and signing keys
+RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource-keyring.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/nodesource-keyring.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
+  && curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb `lsb_release -cs` main" | tee /etc/apt/sources.list.d/redis.list \
+  && curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/ubuntu `lsb_release -cs`/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list \
+  && curl -fsSL https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
 
 
 # Install required packages
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y bash gnupg curl lsb-release \
-  && curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \
-  && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb bookworm main" | tee /etc/apt/sources.list.d/redis.list \
-  && curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg \
-  && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list \
-  && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends -y \
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends -y \
+      nginx=1.27.1-1~jammy \
       mongodb-org \
       redis \
       supervisor \
@@ -215,10 +218,39 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-instal
       openjdk-17-jdk-headless \
   && npm install -g yarn \
   && rm -rf /var/cache/apt/lists /var/lib/apt/lists/* /var/log/dpkg.log \
-  && mkdir -p /lowcoder/assets \
   && apt-get clean \
   && rm -rf /tmp/*
 
+# Use configuration setup from official nginx image
+RUN rm -rf /etc/nginx/nginx.conf
+COPY --from=nginx:1.27.1 /docker-entrypoint.d /docker-entrypoint.d
+COPY --from=nginx:1.27.1 /docker-entrypoint.sh /docker-entrypoint.sh
+
+# Add lowcoder user
+RUN usermod --login lowcoder --uid 9001 nginx \
+  && groupmod --new-name lowcoder --gid 9001 nginx
+
+# Copy additional nginx init scripts and configs
+COPY --chmod=0755 deploy/docker/frontend/00-change-nginx-user.sh /docker-entrypoint.d/00-change-nginx-user.sh
+COPY --chmod=0755 deploy/docker/frontend/01-update-nginx-conf.sh /docker-entrypoint.d/01-update-nginx-conf.sh
+COPY deploy/docker/frontend/server.conf /etc/nginx/server.conf
+COPY deploy/docker/frontend/nginx-http.conf /etc/nginx/nginx-http.conf
+COPY deploy/docker/frontend/nginx-https.conf /etc/nginx/nginx-https.conf
+COPY deploy/docker/frontend/ssl-certificate.conf /etc/nginx/ssl-certificate.conf
+COPY deploy/docker/frontend/ssl-params.conf /etc/nginx/ssl-params.conf
+
+
+# Add lowcoder frontend
+#    copy lowcoder client
+COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder/build/ /lowcoder/client
+#    copy lowcoder components
+COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder-comps/lowcoder-comps /lowcoder/client-comps
+#    copy lowcoder SDK
+COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder-sdk /lowcoder/client-sdk
+#    copy lowcoder SDK webpack bundle
+COPY --chown=lowcoder:lowcoder --from=build-client /lowcoder-client/packages/lowcoder-sdk-webpack-bundle/dist /lowcoder/client-embed
+RUN mkdir -p /lowcoder/assets/ && chown lowcoder:lowcoder /lowcoder/assets/
+
 # Add lowcoder api-service
 COPY --chown=lowcoder:lowcoder --from=lowcoder-ce-api-service /lowcoder/api-service /lowcoder/api-service
 RUN mkdir -p /lowcoder/plugins/ && chown lowcoder:lowcoder /lowcoder/plugins/

deploy/docker/README.md

@@ -51,8 +51,8 @@ Image can be configured by setting environment variables.
 | `LOWCODER_EMAIL_SIGNUP_ENABLED`     | Control if users create their own Workspace automatic when Sign Up      | `true`                                                |
 | `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up   | `true`               |
 | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true`                                                |
-| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost`                                                |
-| `LOWCODER_SUPERUSER_PASSWORD` | Control if not to show Apps on the local Marketplace to anonymous users |                                                 |
+| `LOWCODER_SUPERUSER_USERNAME`       | Username of the Super-User of an Lowcoder Installation | `admin@localhost`                                                      |
+| `LOWCODER_SUPERUSER_PASSWORD`       | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file                |
 
 
 Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
@@ -115,8 +115,8 @@ Image can be configured by setting environment variables.
 | `LOWCODER_EMAIL_SIGNUP_ENABLED` | Control is users can create their own Workspace when Sign Up        | `true`                                                |
 | `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up   | `true`               |
 | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true`                                                |
-| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost`                                                |
-| `LOWCODER_SUPERUSER_PASSWORD` | Control if not to show Apps on the local Marketplace to anonymous users |                                                 |
+| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost`                                                    |
+| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file              |
 
 Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
 On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256

deploy/docker/docker-compose-multi.yaml

@@ -5,20 +5,20 @@ services:
   ## Start services required for Lowcoder (MongoDB and Redis)
   ##
   mongodb:
-    image: "mongo:4.4"
+    image: "mongo:7.0"
     container_name: mongodb
     environment:
       MONGO_INITDB_DATABASE: lowcoder
       MONGO_INITDB_ROOT_USERNAME: lowcoder
       MONGO_INITDB_ROOT_PASSWORD: secret123
-    # Uncomment to save database data into local 'mongodata' folder
-    # volumes:
-    #   - ./mongodata:/data/db
+    volumes:
+      - ./lowcoder-stacks/data/mongodb:/data/db
     restart: unless-stopped
 
   redis:
     image: redis:7-alpine
     container_name: redis
+    restart: unless-stopped
 
 
   ##
@@ -31,12 +31,14 @@ services:
     # ports:
     #   - "8080:8080"
     environment:
+      LOWCODER_PUBLIC_URL: "http://localhost:3000/"
       LOWCODER_PUID: "9001"
       LOWCODER_PGID: "9001"
       LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
       LOWCODER_REDIS_URL: "redis://redis:6379"
       LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
       LOWCODER_MAX_QUERY_TIMEOUT: 120
+      LOWCODER_MAX_REQUEST_SIZE: 20m
       LOWCODER_EMAIL_AUTH_ENABLED: "true"
       LOWCODER_EMAIL_SIGNUP_ENABLED: "true"
       LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true"
@@ -59,22 +61,33 @@ services:
       #    - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
       #
       LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
+      LOWCODER_PLUGINS_DIR: "../plugins"
+      LOWCODER_API_RATE_LIMIT: 50
       LOWCODER_WORKSPACE_MODE: SAAS
+      LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
       # Lowcoder notification emails setup
       LOWCODER_ADMIN_SMTP_HOST: smtp.gmail.com
       LOWCODER_ADMIN_SMTP_PORT: 587
       LOWCODER_ADMIN_SMTP_USERNAME:
       LOWCODER_ADMIN_SMTP_PASSWORD:
-      LOWCODER_ADMIN_SMTP_AUTH: true
-      LOWCODER_ADMIN_SMTP_SSL_ENABLED: false
-      LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: true
-      LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: true
+      LOWCODER_ADMIN_SMTP_AUTH: "true"
+      LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false"
+      LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true"
+      LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
       # Email used as sender in lost password email
       LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
+      # Lowcoder superuser details
+      LOWCODER_SUPERUSER_USERNAME: admin@localhost
+      # If left blank, a password will be generated and written into api-service log
+      LOWCODER_SUPERUSER_PASSWORD:
     restart: unless-stopped
     depends_on:
       - mongodb
       - redis
+    volumes:
+      - ./lowcoder-stacks:/lowcoder-stacks
+      - ./lowcoder-stacks/assets:/lowcoder/assets
+
 
   lowcoder-node-service:
     image: lowcoderorg/lowcoder-ce-node-service:latest
@@ -109,7 +122,6 @@ services:
     depends_on:
       - lowcoder-node-service
       - lowcoder-api-service
-    # Uncomment to serve local files as static assets
-    # volumes:
-    #   - ./static-assets:/lowcoder/assets
+    volumes:
+      - ./lowcoder-stacks/assets:/lowcoder/assets
 

deploy/docker/docker-compose.yaml

@@ -26,6 +26,7 @@ services:
       LOWCODER_NODE_SERVICE_ENABLED: "true"
       LOWCODER_FRONTEND_ENABLED: "true"
       # generic parameters
+      # Effective user and group IDs
       LOWCODER_PUID: "1000"
       LOWCODER_PGID: "1000"
       # api-service parameters
@@ -55,12 +56,15 @@ services:
       #
       LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
       # api and node service parameters
+      LOWCODER_PLUGINS_DIR: "../plugins"
+      LOWCODER_API_RATE_LIMIT: 50
       LOWCODER_API_SERVICE_URL: "http://localhost:8080"
       LOWCODER_NODE_SERVICE_URL: "http://localhost:6060"
       # frontend parameters
       LOWCODER_MAX_REQUEST_SIZE: 20m
       LOWCODER_MAX_QUERY_TIMEOUT: 120
       LOWCODER_WORKSPACE_MODE: SAAS
+      LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
       # Lowcoder notification emails setup
       LOWCODER_ADMIN_SMTP_HOST: localhost
       LOWCODER_ADMIN_SMTP_PORT: 587
@@ -72,6 +76,10 @@ services:
       LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
       # Email used as sender in lost password email
       LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
+      # Lowcoder superuser details
+      LOWCODER_SUPERUSER_USERNAME: admin@localhost
+      # If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log)
+      LOWCODER_SUPERUSER_PASSWORD: 
     volumes:
       - ./lowcoder-stacks:/lowcoder-stacks
       - ./lowcoder-stacks/assets:/lowcoder/assets