From 042bd03bebcde43e1e3174b790d3695b81d03a67 Mon Sep 17 00:00:00 2001 From: Yamila Moreno Date: Fri, 26 Sep 2025 10:31:23 +0200 Subject: [PATCH] :whale: Improve Docker nginx --- docker/images/Dockerfile.frontend | 11 +++--- docker/images/files/nginx-entrypoint.sh | 15 ++++---- ...ies.conf => nginx-external-locations.conf} | 0 ...ers.conf => nginx-resolvers.conf.template} | 0 .../files/{nginx.conf => nginx.conf.template} | 35 +++++++++++-------- 5 files changed, 33 insertions(+), 28 deletions(-) rename docker/images/files/{nginx-proxies.conf => nginx-external-locations.conf} (100%) rename docker/images/files/{resolvers.conf => nginx-resolvers.conf.template} (100%) rename docker/images/files/{nginx.conf => nginx.conf.template} (85%) diff --git a/docker/images/Dockerfile.frontend b/docker/images/Dockerfile.frontend index 93dc27cb33..3b5d7db9fc 100644 --- a/docker/images/Dockerfile.frontend +++ b/docker/images/Dockerfile.frontend @@ -6,15 +6,18 @@ USER root RUN set -ex; \ useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \ mkdir -p /opt/data/assets; \ - chown -R penpot:penpot /opt/data; + chown -R penpot:penpot /opt/data; \ + mkdir -p /etc/nginx/overrides/http.d/; \ + mkdir -p /etc/nginx/overrides/server.d/; \ + mkdir -p /etc/nginx/overrides/location.d/; ARG BUNDLE_PATH="./bundle-frontend/" ADD $BUNDLE_PATH /var/www/app/ ADD ./files/config.js /var/www/app/js/config.js -ADD ./files/nginx.conf /etc/nginx/nginx.conf.template -ADD ./files/nginx-proxies.conf /etc/nginx/nginx-proxies.conf -ADD ./files/resolvers.conf /etc/nginx/overrides.d/resolvers.conf.template +ADD ./files/nginx.conf.template /tmp/nginx.conf.template +ADD ./files/nginx-resolvers.conf.template /tmp/resolvers.conf.template ADD ./files/nginx-mime.types /etc/nginx/mime.types +ADD ./files/nginx-external-locations.conf /etc/nginx/overrides/location.d/external-locations.conf ADD ./files/nginx-entrypoint.sh /entrypoint.sh RUN chown -R 1001:0 /var/cache/nginx; \ diff --git a/docker/images/files/nginx-entrypoint.sh b/docker/images/files/nginx-entrypoint.sh index dff065af50..7180b07603 100644 --- a/docker/images/files/nginx-entrypoint.sh +++ b/docker/images/files/nginx-entrypoint.sh @@ -5,10 +5,8 @@ ######################################### if [[ $PENPOT_FLAGS == *"enable-air-gapped-conf"* ]]; then - export INCLUDE_PROXIES="" + rm /etc/nginx/overrides/location.d/external-locations.conf; export PENPOT_FLAGS="$PENPOT_FLAGS disable-google-fonts-provider disable-dashboard-templates-section" -else - export INCLUDE_PROXIES="include /etc/nginx/nginx-proxies.conf;" fi ######################################### @@ -33,14 +31,13 @@ update_flags /var/www/app/js/config.js export PENPOT_BACKEND_URI=${PENPOT_BACKEND_URI:-http://penpot-backend:6060} export PENPOT_EXPORTER_URI=${PENPOT_EXPORTER_URI:-http://penpot-exporter:6061} +export PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE=${PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE:-367001600} # Default to 350MiB +envsubst "\$PENPOT_BACKEND_URI,\$PENPOT_EXPORTER_URI,\$PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE" \ + < /tmp/nginx.conf.template > /etc/nginx/nginx.conf + PENPOT_DEFAULT_INTERNAL_RESOLVER="$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf)" export PENPOT_INTERNAL_RESOLVER=${PENPOT_INTERNAL_RESOLVER:-$PENPOT_DEFAULT_INTERNAL_RESOLVER} -export PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE=${PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE:-367001600} # Default to 350MiB - -envsubst "\$PENPOT_BACKEND_URI,\$PENPOT_EXPORTER_URI,\$PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE,\$INCLUDE_PROXIES" \ - < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf - envsubst "\$PENPOT_INTERNAL_RESOLVER" \ - < /etc/nginx/overrides.d/resolvers.conf.template > /etc/nginx/overrides.d/resolvers.conf + < /tmp/resolvers.conf.template > /etc/nginx/overrides/http.d/resolvers.conf exec "$@"; diff --git a/docker/images/files/nginx-proxies.conf b/docker/images/files/nginx-external-locations.conf similarity index 100% rename from docker/images/files/nginx-proxies.conf rename to docker/images/files/nginx-external-locations.conf diff --git a/docker/images/files/resolvers.conf b/docker/images/files/nginx-resolvers.conf.template similarity index 100% rename from docker/images/files/resolvers.conf rename to docker/images/files/nginx-resolvers.conf.template diff --git a/docker/images/files/nginx.conf b/docker/images/files/nginx.conf.template similarity index 85% rename from docker/images/files/nginx.conf rename to docker/images/files/nginx.conf.template index 053b18144e..8b2d84556d 100644 --- a/docker/images/files/nginx.conf +++ b/docker/images/files/nginx.conf.template @@ -1,10 +1,10 @@ worker_processes auto; pid /tmp/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; +include /etc/nginx/overrides/main.d/*.conf; events { worker_connections 2048; - # multi_accept on; + multi_accept on; } http { @@ -33,6 +33,11 @@ http { error_log /dev/stderr; access_log /dev/stdout; + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + send_timeout 300s; + gzip on; gzip_vary on; gzip_proxied any; @@ -41,7 +46,7 @@ http { gzip_buffers 16 8k; gzip_http_version 1.1; - gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json; + gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json image/svg+xml; proxy_buffer_size 16k; proxy_busy_buffers_size 24k; # essentially, proxy_buffer_size + 2 small buffers of 4k @@ -57,7 +62,14 @@ http { proxy_cache_valid any 48h; proxy_cache_key "$host$request_uri"; - include /etc/nginx/overrides.d/*.conf; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + include /etc/nginx/overrides/http.d/*.conf; server { listen 8080 default_server; @@ -66,13 +78,6 @@ http { client_max_body_size $PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE; charset utf-8; - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - etag off; root /var/www/app/; @@ -119,12 +124,10 @@ http { location /api { proxy_pass $PENPOT_BACKEND_URI/api; + proxy_buffering off; } location /readyz { - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass $PENPOT_BACKEND_URI$request_uri; } @@ -134,8 +137,10 @@ http { proxy_pass $PENPOT_BACKEND_URI/ws/notifications; } + include /etc/nginx/overrides/server.d/*.conf; + location / { - $INCLUDE_PROXIES + include /etc/nginx/overrides/location.d/*.conf; location ~ ^/js/config.js$ { add_header Cache-Control "no-store, no-cache, max-age=0" always;