From 0dbd4c12488bd365a86e4726b2ae689b2da86a7c Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Sat, 3 Dec 2022 09:50:12 +0100 Subject: frontend: fix /mnt/cgitize being inaccessible to nginx I've had problems with doing "FROM nginx" instead of "FROM alpine" in the past, but hopefully fixing a version is enough to prevent them. --- docker/entrypoint.sh | 5 +++++ docker/frontend/Dockerfile | 4 ++-- docker/frontend/etc/nginx/conf.d/default.conf | 20 ++++++++++++++++++++ docker/frontend/etc/nginx/http.d/default.conf | 20 -------------------- 4 files changed, 27 insertions(+), 22 deletions(-) create mode 100644 docker/frontend/etc/nginx/conf.d/default.conf delete mode 100644 docker/frontend/etc/nginx/http.d/default.conf diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 61ecd1e..4ca1304 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -14,6 +14,11 @@ secure_repo_dir() { local dir dir="$( /get_output_dir.py -- "$cfg_path" )" chmod -- o-rwx "$dir" + + # This is required so that nginx can access the directory. + # nginx uses a fixed UID: + # https://github.com/nginxinc/docker-nginx/blob/4785a604aa40e0b0a69047a61e28781a2b0c2069/mainline/alpine-slim/Dockerfile#L16 + chown -- :101 "$dir" } schedule_to_cron() { diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile index 38e5382..7254115 100644 --- a/docker/frontend/Dockerfile +++ b/docker/frontend/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.17 AS base +FROM nginx:1.23-alpine AS base FROM base AS builder @@ -22,7 +22,7 @@ RUN apk add --no-cache py3-pip && \ FROM base -RUN apk add --no-cache cgit dash fcgiwrap nginx python3 spawn-fcgi tini && \ +RUN apk add --no-cache cgit dash fcgiwrap python3 spawn-fcgi tini && \ # Replace the theme with the one I like better: grep -q -F -- "style='pastie'" /usr/lib/cgit/filters/syntax-highlighting.py && \ sed -i -e "s/style='pastie'/style='vs'/" -- /usr/lib/cgit/filters/syntax-highlighting.py diff --git a/docker/frontend/etc/nginx/conf.d/default.conf b/docker/frontend/etc/nginx/conf.d/default.conf new file mode 100644 index 0000000..dc27e85 --- /dev/null +++ b/docker/frontend/etc/nginx/conf.d/default.conf @@ -0,0 +1,20 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + + location / { + include fastcgi_params; + fastcgi_pass unix:/run/fcgiwrap.sock; + + fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi; + + # This looks stupid. Can I substitute any variable for $fastcgi_path_info? + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + + location /cgit/ { + alias /usr/share/webapps/cgit/; + } +} diff --git a/docker/frontend/etc/nginx/http.d/default.conf b/docker/frontend/etc/nginx/http.d/default.conf deleted file mode 100644 index dc27e85..0000000 --- a/docker/frontend/etc/nginx/http.d/default.conf +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - - location / { - include fastcgi_params; - fastcgi_pass unix:/run/fcgiwrap.sock; - - fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi; - - # This looks stupid. Can I substitute any variable for $fastcgi_path_info? - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - - location /cgit/ { - alias /usr/share/webapps/cgit/; - } -} -- cgit v1.2.3