breaking(setup): use non-root image for immich-proxy (#651)

* feat(nginx): use non-root container for immich-proxy Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com> * re-add test env * feat(nginx): add correct port for staging * add the new port to the default docker-compose.yml Signed-off-by: PixelJonas <5434875+PixelJonas@users.noreply.github.com>
2025-10-29 17:40:28 +00:00 · 2022-09-14 04:50:10 +02:00
parent ccf792f9d3
commit 1a6c16d8ea
6 changed files with 83 additions and 72 deletions
--- a/docker/.env.test
+++ b/docker/.env.test
@@ -19,4 +19,4 @@ ENABLE_MAPBOX=false

 # WEB
 MAPBOX_KEY=
-VITE_SERVER_ENDPOINT=http://localhost:2283/api
+VITE_SERVER_ENDPOINT=http://localhost:2283/api
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -102,8 +102,7 @@ services:
      context: ../nginx
      dockerfile: Dockerfile
    ports:
-      - 2283:80
-      - 2284:443
+      - 2283:8080
    logging:
      driver: none
    depends_on:
--- a/docker/docker-compose.staging.yml
+++ b/docker/docker-compose.staging.yml
@@ -72,8 +72,7 @@ services:
    container_name: immich_proxy
    image: altran1502/immich-proxy:staging
    ports:
-      - 2283:80
-      - 2284:443
+      - 2283:8080
    logging:
      driver: none
    depends_on:
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -74,7 +74,7 @@ services:
    container_name: immich_proxy
    image: altran1502/immich-proxy:release
    ports:
-      - 2283:80
+      - 2283:8080
    logging:
      driver: none
    depends_on:
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,6 +1,5 @@
-FROM nginx:latest
+FROM registry.access.redhat.com/ubi9/nginx-120:latest

-COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY nginx.conf "${NGINX_CONF_PATH}"

-EXPOSE 80
-EXPOSE 443
+CMD nginx -g "daemon off;"
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,73 +1,87 @@

-map $http_upgrade $connection_upgrade {
-  default upgrade;
-  '' close;
+
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
 }

-# events {
-#   worker_connections 1000;
-# }
-
-server {
-
-  gzip on;
-  gzip_min_length 1000;
-  gunzip on;
-
-  client_max_body_size 50000M;
-
-  listen 80;
-  access_log off;
-
-  location /api {
-
-    # Compression
-    gzip_static on;
-    gzip_min_length 1000;
-    gzip_comp_level 2;
-
-    proxy_buffering off;
-    proxy_buffer_size 16k;
-    proxy_busy_buffers_size 24k;
-    proxy_buffers 64 4k;
-    proxy_force_ranges on;
-
-    proxy_http_version 1.1;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_set_header Host $host;
-
-    rewrite /api/(.*) /$1 break;
-
-    proxy_pass http://immich-server:3001;
+http {
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
  }

-  location / {
+  # events {
+  #   worker_connections 1000;
+  # }

-    # Compression
-    gzip_static on;
+  server {
+
+    gzip on;
    gzip_min_length 1000;
-    gzip_comp_level 2;
+    gunzip on;

-    proxy_buffering off;
-    proxy_buffer_size 16k;
-    proxy_busy_buffers_size 24k;
-    proxy_buffers 64 4k;
-    proxy_force_ranges on;
+    client_max_body_size 50000M;

-    proxy_http_version 1.1;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_set_header Host $host;
+    listen 8080;
+    access_log off;

-    proxy_pass http://immich-web:3000;
+    location /api {
+
+      # Compression
+      gzip_static on;
+      gzip_min_length 1000;
+      gzip_comp_level 2;
+
+      proxy_buffering off;
+      proxy_buffer_size 16k;
+      proxy_busy_buffers_size 24k;
+      proxy_buffers 64 4k;
+      proxy_force_ranges on;
+
+      proxy_http_version 1.1;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $host;
+
+      rewrite /api/(.*) /$1 break;
+
+      proxy_pass http://immich-server:3001;
+    }
+
+    location / {
+
+      # Compression
+      gzip_static on;
+      gzip_min_length 1000;
+      gzip_comp_level 2;
+
+      proxy_buffering off;
+      proxy_buffer_size 16k;
+      proxy_busy_buffers_size 24k;
+      proxy_buffers 64 4k;
+      proxy_force_ranges on;
+
+      proxy_http_version 1.1;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $host;
+
+      proxy_pass http://immich-web:3000;
+    }
  }
-}
+}