Merge pull request #997 from vector-im/hughns/docker-unprivileged

This commit is contained in:
Hugh Nimmo-Smith 2023-01-20 17:55:54 +00:00 committed by GitHub
commit bd6ab1d5de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 5 deletions

View File

@ -10,10 +10,17 @@ RUN yarn install
COPY . /app
RUN yarn build
FROM --platform=${BUILDPLATFORM} docker.io/nginx:alpine
# Because we will be running as an unprivileged user, we need to make sure that the config file is writable
# So, we will copy the default config to the /tmp folder that will be writable at runtime
RUN mv -f target/config.json /config.json.bundled \
&& ln -sf /tmp/config.json target/config.json
FROM --platform=${BUILDPLATFORM} docker.io/nginxinc/nginx-unprivileged:alpine
# Copy the dynamic config script
COPY ./docker/dynamic-config.sh /docker-entrypoint.d/99-dynamic-config.sh
# And the bundled config file
COPY --from=builder /config.json.bundled /config.json.bundled
# Copy the built app from the first build stage
COPY --from=builder /app/target /usr/share/nginx/html

View File

@ -55,16 +55,18 @@ Then, start up a container from that image:
```
docker run \
--name hydrogen \
--publish 80:80 \
--publish 8080:8080 \
hydrogen
```
n.b. the image is now based on the unprivileged nginx base, so the port is now `8080` instead of `80` and you need a writable `/tmp` volume.
You can override the default `config.json` using the `CONFIG_OVERRIDE` environment variable. For example to specify a different Homeserver and :
```
docker run \
--name hydrogen \
--publish 80:80 \
--publish 8080:8080 \
--env CONFIG_OVERRIDE='{
"push": {
"appId": "io.element.hydrogen.web",

View File

@ -2,7 +2,10 @@
set -eux
# Use config override environment variable if set
if [ -n "${CONFIG_OVERRIDE:-}" ]; then
echo "$CONFIG_OVERRIDE" > /usr/share/nginx/html/config.json
# Use config override environment variable if set
echo "$CONFIG_OVERRIDE" > /tmp/config.json
else
# Otherwise, use the default config that was bundled in the image
cp /config.json.bundled /tmp/config.json
fi