Merge pull request #355 from weni-ai/feat/new-dockerfile

New dockerfile for enhanced security

Dockerfile

@@ -1,48 +1,25 @@
 FROM node:14.17.4-alpine3.14 as builder
 
-ENV WORKDIR /app
-WORKDIR $WORKDIR
+WORKDIR /app
 
-RUN apk update && apk add git yarn
-
-COPY package.json .
-COPY yarn.lock .
+RUN apk add --no-cache git
 
+COPY package.json yarn.lock ./
 RUN yarn install
 
-COPY . .
-
-ARG VUE_APP_API_BASE_URL
-ARG VUE_APP_USE_SENTRY
-ARG VUE_APP_SENTRY_DSN
-ARG VUE_APP_FACEBOOK_APP_ID
-ARG VUE_APP_WHATSAPP_FACEBOOK_APP_ID
-ARG VUE_APP_LOGROCKET_ID
-ARG VUE_APP_PARENT_IFRAME_DOMAIN
-ARG VUE_APP_HELPHERO_ID
-ARG VUE_APP_FLOWS_IFRAME_URL
-
-ENV VUE_APP_API_BASE_URL $VUE_APP_API_BASE_URL
-ENV VUE_APP_USE_SENTRY $VUE_APP_USE_SENTRY
-ENV VUE_APP_SENTRY_DSN $VUE_APP_SENTRY_DSN
-ENV VUE_APP_FACEBOOK_APP_ID $VUE_APP_FACEBOOK_APP_ID
-ENV VUE_APP_WHATSAPP_FACEBOOK_APP_ID $VUE_APP_WHATSAPP_FACEBOOK_APP_ID
-ENV VUE_APP_LOGROCKET_ID $VUE_APP_LOGROCKET_ID
-ENV VUE_APP_PARENT_IFRAME_DOMAIN $VUE_APP_PARENT_IFRAME_DOMAIN
-ENV VUE_APP_HELPHERO_ID $VUE_APP_HELPHERO_ID
-ENV VUE_APP_FLOWS_IFRAME_URL $VUE_APP_FLOWS_IFRAME_URL
+COPY . ./
 
 RUN yarn build
 
-FROM nginx
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY --from=builder /app/dist /usr/share/nginx/html/integrations
-
-COPY docker-entrypoint.sh /usr/share/nginx/
-
-RUN chmod +x /usr/share/nginx/docker-entrypoint.sh
+FROM nginxinc/nginx-unprivileged:1.25
 
-ENTRYPOINT ["/usr/share/nginx/docker-entrypoint.sh"]
+COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
+COPY --from=builder --chown=nginx:nginx /app/dist /usr/share/nginx/html/integrations/
+COPY docker-entrypoint.sh /
+RUN mv /usr/share/nginx/html/integrations/index.html /usr/share/nginx/html/integrations/index.html.tmpl \
+    && cd /usr/share/nginx/html/integrations/ \
+    && ln -s /tmp/index.html
 
-CMD ["nginx", "-g", "daemon off;"]
+EXPOSE 8080
+ENTRYPOINT ["bash","/docker-entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]

docker-entrypoint.sh

@@ -10,6 +10,6 @@ export JSON_STRING='window.configs = { \
   "VUE_APP_HELPHERO_ID":"'${VUE_APP_HELPHERO_ID}'", \
   "VUE_APP_FLOWS_IFRAME_URL":"'${VUE_APP_FLOWS_IFRAME_URL}'", \
 }'
-sed -i "s|//CONFIGURATIONS_PLACEHOLDER|${JSON_STRING}|" /usr/share/nginx/html/integrations/index.html
+sed "s|//CONFIGURATIONS_PLACEHOLDER|${JSON_STRING}|" /usr/share/nginx/html/integrations/index.html.tmpl > /tmp/index.html
 
 exec "$@"

nginx.conf

@@ -1,25 +1,31 @@
 user                            nginx;
 worker_processes                1;
 
-error_log                       /var/log/nginx/error.log warn;
-pid                             /var/run/nginx.pid;
+error_log                       /dev/stdout warn;
+pid                             /tmp/nginx.pid;
 
 events {
   worker_connections            1024;
 }
 
 http {
+  proxy_temp_path /tmp/proxy_temp;
+  client_body_temp_path /tmp/client_temp;
+  fastcgi_temp_path /tmp/fastcgi_temp;
+  uwsgi_temp_path /tmp/uwsgi_temp;
+  scgi_temp_path /tmp/scgi_temp;
+
   include                       /etc/nginx/mime.types;
   default_type                  application/octet-stream;
   charset                       UTF-8;
   sendfile                      on;
   log_format                    main '$remote_addr - $remote_user [$time_local] "$request" '
                                      '$status $body_bytes_sent "$http_referer" '
                                      '"$http_user_agent" "$http_x_forwarded_for"';
-  access_log                    /var/log/nginx/access.log main;
+  access_log                    /dev/stdout main;
 
   server {
-    listen                      80;
+    listen                      8080;
     server_name                 localhost;
     client_max_body_size        32m;