MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor(front/Docker): cleanup nginx-based container

This commit is contained in:
JuniorJPDJ 2022-07-20 01:31:28 +02:00
parent 3f04429993
commit 6df36f519a
4 changed files with 31 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changes/changelog.d/front-docker-cleanup.enhancement Normal file
View File

@ -0,0 +1 @@
Cleaned up frontend docker container

9
front/Dockerfile
View File

@ -15,20 +15,15 @@ RUN yarn build:deployment
FROM nginx:1.23.1-alpine as final
COPY --from=builder /app/dist /usr/share/nginx/html
COPY docker/funkwhale.template /etc/nginx/conf.d/funkwhale.template
COPY docker/funkwhale.conf.template /etc/nginx/templates/default.conf.template
COPY docker/funkwhale_proxy.conf /etc/nginx/funkwhale_proxy.conf
COPY docker/entrypoint.sh /docker-entrypoint.d/99-funkwhale.sh
# Allow running as non-root for custom setups
RUN mkdir -p /var/log/nginx /var/cache/nginx /var/run/nginx && \
chown -R nginx:nginx /var/log/nginx /var/run/nginx /var/cache/nginx /etc/nginx && \
sed -e 's#/var/run/nginx.pid#/var/run/nginx/nginx.pid#' -i /etc/nginx/nginx.conf
CMD ["sh", "-c", "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\" \
< /etc/nginx/conf.d/funkwhale.template \
> /etc/nginx/conf.d/default.conf \
&& cat /etc/nginx/conf.d/default.conf \
&& nginx -g 'daemon off;'"]
ENV FUNKWHALE_API_HOST=api
ENV FUNKWHALE_API_PORT=5000
ENV AWS_S3_ENDPOINT_URL=

8
front/docker/entrypoint.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
if [ -n "$AWS_S3_ENDPOINT_URL" ]; then
# uncomment S3 section in media location and comment NON-S3 section
sed -i '/# NON-S3/s/^/#/g;/# S3/s/^#//g' /etc/nginx/conf.d/default.conf
fi
cat /etc/nginx/conf.d/default.conf

51
front/docker/funkwhale.template → front/docker/funkwhale.conf.template
View File

@ -3,7 +3,7 @@ upstream funkwhale-api {
}
# required for websocket support
# Required for websocket support.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
@ -13,17 +13,10 @@ server {
listen 80;
server_name ${FUNKWHALE_HOSTNAME};
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommended)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
root /usr/share/nginx/html;
# If you are using S3 to host your files, remember to add your S3 URL to the
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:).
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' ${AWS_S3_ENDPOINT_URL} data:; font-src 'self' data:; object-src 'none'; media-src ${AWS_S3_ENDPOINT_URL} 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
@ -31,7 +24,7 @@ server {
location / {
include /etc/nginx/funkwhale_proxy.conf;
# this is needed if you have file import via upload enabled
# This is needed if you have file import via upload enabled.
client_max_body_size ${NGINX_MAX_BODY_SIZE};
proxy_pass http://funkwhale-api/;
}
@ -47,7 +40,7 @@ server {
}
location = /front/embed.html {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' ${AWS_S3_ENDPOINT_URL} data:; font-src 'self' data:; object-src 'none'; media-src ${AWS_S3_ENDPOINT_URL} 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "" always;
@ -62,7 +55,7 @@ server {
proxy_pass http://funkwhale-api/federation/;
}
# You can comment this if you do not plan to use the Subsonic API
# You can comment this if you do not plan to use the Subsonic API.
location /rest/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/api/subsonic/rest/;
@ -77,34 +70,30 @@ server {
alias ${MEDIA_ROOT}/;
}
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
location /_protected/media/ {
# This is an internal location that is used to serve
# media (uploaded) files once correct permission / authentication
# has been checked on API side.
# Comment the "NON-S3" commented lines and uncomment "S3" commented lines
# if you're storing media files in a S3 bucket.
location /_protected/media/(.+) {
internal;
alias ${MEDIA_ROOT}/;
alias ${MEDIA_ROOT}/; # NON-S3
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
# proxy_set_header Authorization ""; # S3
# proxy_pass $1; # S3
}
# Comment the previous location and uncomment this one if you're storing
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
# internal;
# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
# proxy_set_header Authorization "";
# proxy_pass $1;
# }
location /_protected/music/ {
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
# This is an internal location that is used to serve
# local music files once correct permission / authentication
# has been checked on API side.
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting.
internal;
alias ${MUSIC_DIRECTORY_PATH}/;
}
location /staticfiles/ {
# django static files
# Django static files
alias ${STATIC_ROOT}/;
}
}