From 652e665726ef7263b6689db07f3d90e2e97cfb73 Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Thu, 24 Oct 2024 16:22:27 +0200 Subject: [PATCH 1/7] fix(docker): reduce Docker size + improve security --- app.dockerfile | 39 ++++++++++++++++++++++++++++--------- backend.dockerfile | 47 ++++++++++++++++++++++++++++++++++++--------- docker-compose.yaml | 4 ++-- 3 files changed, 70 insertions(+), 20 deletions(-) diff --git a/app.dockerfile b/app.dockerfile index ff1824db..f19ec4a6 100644 --- a/app.dockerfile +++ b/app.dockerfile @@ -1,15 +1,36 @@ -FROM node:alpine +############################# +# Build stage +############################# -ARG NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001 -ARG NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api -ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL} -ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} +FROM node:22-alpine AS builder -WORKDIR /home/perplexica +WORKDIR /app -COPY ui /home/perplexica/ +# Copy package.json and yarn.lock +COPY ui/package.json ui/yarn.lock ./ -RUN yarn install --frozen-lockfile -RUN yarn build +# Copy the rest of the application code +COPY ui . +# Install dependencies & build the application +RUN yarn install --frozen-lockfile && yarn build + +############################# +# Production stage +############################# + +FROM node:22-alpine + +WORKDIR /app + +# Copy built assets from the builder stage +COPY --from=builder /app/.next ./.next +COPY --from=builder /app/node_modules ./node_modules +COPY --from=builder /app/package.json ./package.json +COPY --from=builder /app/public ./public + +# Run the Docker image as node instead of root +USER node + +# Start the application CMD ["yarn", "start"] \ No newline at end of file diff --git a/backend.dockerfile b/backend.dockerfile index 87cd21c6..36b23b7b 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -1,16 +1,45 @@ +############################# +# Build stage +############################# + +FROM node:18-slim AS builder + +WORKDIR /app + +# Copy package.json and yarn.lock +COPY package.json yarn.lock ./ + +# Copy the rest of the application code +COPY tsconfig.json drizzle.config.ts ./ +COPY src ./src + +# Install dependencies & build the application +RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build + +############################# +# Production stage +############################# + FROM node:18-slim -WORKDIR /home/perplexica +WORKDIR /app + +# Copy built assets and necessary files from the builder stage +COPY --chown=node:node --from=builder /app/dist ./dist +COPY --chown=node:node --from=builder /app/node_modules ./node_modules -COPY src /home/perplexica/src -COPY tsconfig.json /home/perplexica/ -COPY drizzle.config.ts /home/perplexica/ -COPY package.json /home/perplexica/ -COPY yarn.lock /home/perplexica/ +# Copy the rest of the application code +COPY --chown=node:node ./drizzle.config.ts ./ +COPY --chown=node:node ./tsconfig.json ./ +COPY --chown=node:node ./src/db/schema.ts ./src/db/schema.ts +COPY --chown=node:node ./package.json ./package.json -RUN mkdir /home/perplexica/data +# Create data directory & set permissions to node user +RUN mkdir /app/data && \ + chown -R node:node /app/data -RUN yarn install --frozen-lockfile --network-timeout 600000 -RUN yarn build +# Run the Docker image as node instead of root +USER node +# Start the application CMD ["yarn", "start"] \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 46d82c60..25d6ec2a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -21,8 +21,8 @@ services: ports: - 3001:3001 volumes: - - backend-dbstore:/home/perplexica/data - - ./config.toml:/home/perplexica/config.toml + - backend-dbstore:/app/data:rw + - ./config.toml:/app/config.toml:rw extra_hosts: - 'host.docker.internal:host-gateway' networks: From f9f7dc9b1c1012fb0a3f9b1a9f91c9b472049e1b Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Thu, 24 Oct 2024 16:49:24 +0200 Subject: [PATCH 2/7] fix(docker): update the Frontend docker to with the node user perms --- app.dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app.dockerfile b/app.dockerfile index f19ec4a6..6878528b 100644 --- a/app.dockerfile +++ b/app.dockerfile @@ -24,10 +24,10 @@ FROM node:22-alpine WORKDIR /app # Copy built assets from the builder stage -COPY --from=builder /app/.next ./.next -COPY --from=builder /app/node_modules ./node_modules -COPY --from=builder /app/package.json ./package.json -COPY --from=builder /app/public ./public +COPY --chown=node:node --from=builder /app/.next ./.next +COPY --chown=node:node --from=builder /app/node_modules ./node_modules +COPY --chown=node:node --from=builder /app/package.json ./package.json +COPY --chown=node:node --from=builder /app/public ./public # Run the Docker image as node instead of root USER node From 0c5280e05d9a6aa77bdfbadac5b13976d468dcbe Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Tue, 29 Oct 2024 21:44:06 +0100 Subject: [PATCH 3/7] fix(docker): fix the Docker copy commands + change the source image to node:18-alpine --- backend.dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend.dockerfile b/backend.dockerfile index 36b23b7b..9ac1c4c9 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -2,7 +2,7 @@ # Build stage ############################# -FROM node:18-slim AS builder +FROM node:18-alpine AS builder WORKDIR /app @@ -20,7 +20,7 @@ RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build # Production stage ############################# -FROM node:18-slim +FROM node:18-alpine WORKDIR /app @@ -29,10 +29,10 @@ COPY --chown=node:node --from=builder /app/dist ./dist COPY --chown=node:node --from=builder /app/node_modules ./node_modules # Copy the rest of the application code -COPY --chown=node:node ./drizzle.config.ts ./ -COPY --chown=node:node ./tsconfig.json ./ -COPY --chown=node:node ./src/db/schema.ts ./src/db/schema.ts -COPY --chown=node:node ./package.json ./package.json +COPY --chown=node:node drizzle.config.ts ./ +COPY --chown=node:node tsconfig.json ./ +COPY --chown=node:node src/db/schema.ts ./src/db/schema.ts +COPY --chown=node:node package.json ./package.json # Create data directory & set permissions to node user RUN mkdir /app/data && \ From 68b649cff8a6c0de521648c479945c1528aa9fc2 Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Thu, 14 Nov 2024 16:59:22 +0100 Subject: [PATCH 4/7] fix(docker): fix missing ENV variables & files --- app.dockerfile | 3 +++ backend.dockerfile | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app.dockerfile b/app.dockerfile index 6878528b..8c425f30 100644 --- a/app.dockerfile +++ b/app.dockerfile @@ -21,6 +21,9 @@ RUN yarn install --frozen-lockfile && yarn build FROM node:22-alpine +ENV NEXT_PUBLIC_WS_URL=ws://localhost:3001 +ENV NEXT_PUBLIC_API_URL=http://localhost:3001/api + WORKDIR /app # Copy built assets from the builder stage diff --git a/backend.dockerfile b/backend.dockerfile index 9ac1c4c9..deed1de3 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -29,9 +29,9 @@ COPY --chown=node:node --from=builder /app/dist ./dist COPY --chown=node:node --from=builder /app/node_modules ./node_modules # Copy the rest of the application code +COPY --chown=node:node src ./src COPY --chown=node:node drizzle.config.ts ./ COPY --chown=node:node tsconfig.json ./ -COPY --chown=node:node src/db/schema.ts ./src/db/schema.ts COPY --chown=node:node package.json ./package.json # Create data directory & set permissions to node user From eda2c3975adbf14371498d0182842f28e9621582 Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Thu, 14 Nov 2024 20:38:54 +0100 Subject: [PATCH 5/7] fix(docker): fix Docker compose to use .env files --- .env.example | 3 +++ README.md | 22 +++++++++++++++++----- docker-compose.yaml | 9 ++++----- ui/.env.example | 3 ++- 4 files changed, 26 insertions(+), 11 deletions(-) create mode 100644 .env.example diff --git a/.env.example b/.env.example new file mode 100644 index 00000000..75ef6116 --- /dev/null +++ b/.env.example @@ -0,0 +1,3 @@ +NEXT_PUBLIC_WS_URL=ws://localhost:3001 +NEXT_PUBLIC_API_URL=http://localhost:3001/api +SEARXNG_API_URL=http://searxng:8080 \ No newline at end of file diff --git a/README.md b/README.md index 4aa17cb4..8e3cf424 100644 --- a/README.md +++ b/README.md @@ -77,13 +77,25 @@ There are mainly 2 ways of installing Perplexica - With Docker, Without Docker. - `SIMILARITY_MEASURE`: The similarity measure to use (This is filled by default; you can leave it as is if you are unsure about it.) -5. Ensure you are in the directory containing the `docker-compose.yaml` file and execute: +5. Rename the `.env.example` file to `.env` and fill in all necessary fields. - ```bash - docker compose up -d - ``` + ```bash + mv .env.example .env + ``` + +6. Rename the `./ui/.env.example` file to `./ui/.env` and fill in all necessary fields. + + ```bash + mv ./ui/.env.example ./ui/.env + ``` + +7. Ensure you are in the directory containing the `docker-compose.yaml` file and execute: + + ```bash + docker compose up -d + ``` -6. Wait a few minutes for the setup to complete. You can access Perplexica at http://localhost:3000 in your web browser. +8. Wait a few minutes for the setup to complete. You can access Perplexica at http://localhost:3000 in your web browser. **Note**: After the containers are built, you can start Perplexica directly from Docker without having to open a terminal. diff --git a/docker-compose.yaml b/docker-compose.yaml index 25d6ec2a..35b9320c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -14,8 +14,6 @@ services: context: . dockerfile: backend.dockerfile image: itzcrazykns1337/perplexica-backend:main - environment: - - SEARXNG_API_URL=http://searxng:8080 depends_on: - searxng ports: @@ -27,15 +25,14 @@ services: - 'host.docker.internal:host-gateway' networks: - perplexica-network + env_file: + - ./.env restart: unless-stopped perplexica-frontend: build: context: . dockerfile: app.dockerfile - args: - - NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api - - NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001 image: itzcrazykns1337/perplexica-frontend:main depends_on: - perplexica-backend @@ -43,6 +40,8 @@ services: - 3000:3000 networks: - perplexica-network + env_file: + - ./.env restart: unless-stopped networks: diff --git a/ui/.env.example b/ui/.env.example index 57a3ed98..75ef6116 100644 --- a/ui/.env.example +++ b/ui/.env.example @@ -1,2 +1,3 @@ NEXT_PUBLIC_WS_URL=ws://localhost:3001 -NEXT_PUBLIC_API_URL=http://localhost:3001/api \ No newline at end of file +NEXT_PUBLIC_API_URL=http://localhost:3001/api +SEARXNG_API_URL=http://searxng:8080 \ No newline at end of file From 2351c5c1256b50dfdf14a4d98b3895584242c1b9 Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Thu, 14 Nov 2024 23:02:53 +0100 Subject: [PATCH 6/7] fix(docker): fix the permissions issue when running Docker Compose Docker Compose mount the volumes as root by default and the node user can't access the SQLite DB (read-only) --- backend.dockerfile | 15 +++++++++------ docker-compose.yaml | 2 ++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/backend.dockerfile b/backend.dockerfile index deed1de3..87dc9dd5 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -2,7 +2,7 @@ # Build stage ############################# -FROM node:18-alpine AS builder +FROM node:22-alpine AS builder WORKDIR /app @@ -20,7 +20,9 @@ RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build # Production stage ############################# -FROM node:18-alpine +FROM node:22-alpine + +ARG USER=node WORKDIR /app @@ -29,17 +31,18 @@ COPY --chown=node:node --from=builder /app/dist ./dist COPY --chown=node:node --from=builder /app/node_modules ./node_modules # Copy the rest of the application code -COPY --chown=node:node src ./src COPY --chown=node:node drizzle.config.ts ./ COPY --chown=node:node tsconfig.json ./ +COPY --chown=node:node src/db/schema.ts ./src/db/schema.ts COPY --chown=node:node package.json ./package.json # Create data directory & set permissions to node user RUN mkdir /app/data && \ - chown -R node:node /app/data + chown -R node:node /app/data && \ + chmod -R 755 /app/data -# Run the Docker image as node instead of root -USER node +# Run the Docker image as node or root if Docker Compose du to volume permissions +USER ${USER} # Start the application CMD ["yarn", "start"] \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 35b9320c..36c065c0 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -12,6 +12,8 @@ services: perplexica-backend: build: context: . + args: + - USER=root dockerfile: backend.dockerfile image: itzcrazykns1337/perplexica-backend:main depends_on: From 003fb68d8c2ba069e04d7f6907862e99b2ca5136 Mon Sep 17 00:00:00 2001 From: Damien Laureaux Date: Fri, 15 Nov 2024 20:05:22 +0100 Subject: [PATCH 7/7] fix(docker): fix the env.example files to be in sync with the `docs/installation/NETWORKING.md` file --- .env.example | 4 ++-- ui/.env.example | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.env.example b/.env.example index 75ef6116..f23835c8 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,3 @@ -NEXT_PUBLIC_WS_URL=ws://localhost:3001 -NEXT_PUBLIC_API_URL=http://localhost:3001/api +NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001 +NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api SEARXNG_API_URL=http://searxng:8080 \ No newline at end of file diff --git a/ui/.env.example b/ui/.env.example index 75ef6116..f23835c8 100644 --- a/ui/.env.example +++ b/ui/.env.example @@ -1,3 +1,3 @@ -NEXT_PUBLIC_WS_URL=ws://localhost:3001 -NEXT_PUBLIC_API_URL=http://localhost:3001/api +NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001 +NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api SEARXNG_API_URL=http://searxng:8080 \ No newline at end of file