beenull/immich
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

breaking(setup): use non-root image for immich-proxy (#651)

Browse source 
* feat(nginx): use non-root container for immich-proxy

Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com>

* re-add test env

* feat(nginx): add correct port for staging

* add the new port to the default docker-compose.yml

Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com>
This commit is contained in:
Jonas Janz 2022-09-14 04:50:10 +02:00 committed by GitHub
parent ccf792f9d3
commit 1a6c16d8ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 83 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docker/.env.test
View file

@ -19,4 +19,4 @@ ENABLE_MAPBOX=false
# WEB
MAPBOX_KEY=
VITE_SERVER_ENDPOINT=http://localhost:2283/api
VITE_SERVER_ENDPOINT=http://localhost:2283/api

3
docker/docker-compose.dev.yml
View file

@ -102,8 +102,7 @@ services:
context: ../nginx
dockerfile: Dockerfile
ports:
- 2283:80
- 2284:443
- 2283:8080
logging:
driver: none
depends_on:

3
docker/docker-compose.staging.yml
View file

@ -72,8 +72,7 @@ services:
container_name: immich_proxy
image: altran1502/immich-proxy:staging
ports:
- 2283:80
- 2284:443
- 2283:8080
logging:
driver: none
depends_on:

2
docker/docker-compose.yml
View file

@ -74,7 +74,7 @@ services:
container_name: immich_proxy
image: altran1502/immich-proxy:release
ports:
- 2283:80
- 2283:8080
logging:
driver: none
depends_on:

7
nginx/Dockerfile
View file

@ -1,6 +1,5 @@
FROM nginx:latest
FROM registry.access.redhat.com/ubi9/nginx-120:latest
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY nginx.conf "${NGINX_CONF_PATH}"
EXPOSE 80
EXPOSE 443
CMD nginx -g "daemon off;"

138
nginx/nginx.conf
View file

@ -1,73 +1,87 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
# events {
# worker_connections 1000;
# }
server {
gzip on;
gzip_min_length 1000;
gunzip on;
client_max_body_size 50000M;
listen 80;
access_log off;
location /api {
# Compression
gzip_static on;
gzip_min_length 1000;
gzip_comp_level 2;
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
rewrite /api/(.*) /$1 break;
proxy_pass http://immich-server:3001;
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
location / {
# events {
# worker_connections 1000;
# }
# Compression
gzip_static on;
server {
gzip on;
gzip_min_length 1000;
gzip_comp_level 2;
gunzip on;
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
client_max_body_size 50000M;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
listen 8080;
access_log off;
proxy_pass http://immich-web:3000;
location /api {
# Compression
gzip_static on;
gzip_min_length 1000;
gzip_comp_level 2;
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
rewrite /api/(.*) /$1 break;
proxy_pass http://immich-server:3001;
}
location / {
# Compression
gzip_static on;
gzip_min_length 1000;
gzip_comp_level 2;
proxy_buffering off;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_buffers 64 4k;
proxy_force_ranges on;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://immich-web:3000;
}
}
}
}