From 652e665726ef7263b6689db07f3d90e2e97cfb73 Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Thu, 24 Oct 2024 16:22:27 +0200
Subject: [PATCH 1/7] fix(docker): reduce Docker size + improve security
---
app.dockerfile | 39 ++++++++++++++++++++++++++++---------
backend.dockerfile | 47 ++++++++++++++++++++++++++++++++++++---------
docker-compose.yaml | 4 ++--
3 files changed, 70 insertions(+), 20 deletions(-)
diff --git a/app.dockerfile b/app.dockerfile
index ff1824d..f19ec4a 100644
--- a/app.dockerfile
+++ b/app.dockerfile
@@ -1,15 +1,36 @@
-FROM node:alpine
+#############################
+# Build stage
+#############################
-ARG NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
-ARG NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
-ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL}
-ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}
+FROM node:22-alpine AS builder
-WORKDIR /home/perplexica
+WORKDIR /app
-COPY ui /home/perplexica/
+# Copy package.json and yarn.lock
+COPY ui/package.json ui/yarn.lock ./
-RUN yarn install --frozen-lockfile
-RUN yarn build
+# Copy the rest of the application code
+COPY ui .
+# Install dependencies & build the application
+RUN yarn install --frozen-lockfile && yarn build
+
+#############################
+# Production stage
+#############################
+
+FROM node:22-alpine
+
+WORKDIR /app
+
+# Copy built assets from the builder stage
+COPY --from=builder /app/.next ./.next
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/package.json ./package.json
+COPY --from=builder /app/public ./public
+
+# Run the Docker image as node instead of root
+USER node
+
+# Start the application
CMD ["yarn", "start"]
\ No newline at end of file
diff --git a/backend.dockerfile b/backend.dockerfile
index 87cd21c..36b23b7 100644
--- a/backend.dockerfile
+++ b/backend.dockerfile
@@ -1,16 +1,45 @@
+#############################
+# Build stage
+#############################
+
+FROM node:18-slim AS builder
+
+WORKDIR /app
+
+# Copy package.json and yarn.lock
+COPY package.json yarn.lock ./
+
+# Copy the rest of the application code
+COPY tsconfig.json drizzle.config.ts ./
+COPY src ./src
+
+# Install dependencies & build the application
+RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build
+
+#############################
+# Production stage
+#############################
+
FROM node:18-slim
-WORKDIR /home/perplexica
+WORKDIR /app
-COPY src /home/perplexica/src
-COPY tsconfig.json /home/perplexica/
-COPY drizzle.config.ts /home/perplexica/
-COPY package.json /home/perplexica/
-COPY yarn.lock /home/perplexica/
+# Copy built assets and necessary files from the builder stage
+COPY --chown=node:node --from=builder /app/dist ./dist
+COPY --chown=node:node --from=builder /app/node_modules ./node_modules
-RUN mkdir /home/perplexica/data
+# Copy the rest of the application code
+COPY --chown=node:node ./drizzle.config.ts ./
+COPY --chown=node:node ./tsconfig.json ./
+COPY --chown=node:node ./src/db/schema.ts ./src/db/schema.ts
+COPY --chown=node:node ./package.json ./package.json
-RUN yarn install --frozen-lockfile --network-timeout 600000
-RUN yarn build
+# Create data directory & set permissions to node user
+RUN mkdir /app/data && \
+ chown -R node:node /app/data
+# Run the Docker image as node instead of root
+USER node
+
+# Start the application
CMD ["yarn", "start"]
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 46d82c6..25d6ec2 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -21,8 +21,8 @@ services:
ports:
- 3001:3001
volumes:
- - backend-dbstore:/home/perplexica/data
- - ./config.toml:/home/perplexica/config.toml
+ - backend-dbstore:/app/data:rw
+ - ./config.toml:/app/config.toml:rw
extra_hosts:
- 'host.docker.internal:host-gateway'
networks:
From f9f7dc9b1c1012fb0a3f9b1a9f91c9b472049e1b Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Thu, 24 Oct 2024 16:49:24 +0200
Subject: [PATCH 2/7] fix(docker): update the Frontend docker to with the node
user perms
---
app.dockerfile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/app.dockerfile b/app.dockerfile
index f19ec4a..6878528 100644
--- a/app.dockerfile
+++ b/app.dockerfile
@@ -24,10 +24,10 @@ FROM node:22-alpine
WORKDIR /app
# Copy built assets from the builder stage
-COPY --from=builder /app/.next ./.next
-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/package.json ./package.json
-COPY --from=builder /app/public ./public
+COPY --chown=node:node --from=builder /app/.next ./.next
+COPY --chown=node:node --from=builder /app/node_modules ./node_modules
+COPY --chown=node:node --from=builder /app/package.json ./package.json
+COPY --chown=node:node --from=builder /app/public ./public
# Run the Docker image as node instead of root
USER node
From 0c5280e05d9a6aa77bdfbadac5b13976d468dcbe Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Tue, 29 Oct 2024 21:44:06 +0100
Subject: [PATCH 3/7] fix(docker): fix the Docker copy commands + change the
source image to node:18-alpine
---
backend.dockerfile | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/backend.dockerfile b/backend.dockerfile
index 36b23b7..9ac1c4c 100644
--- a/backend.dockerfile
+++ b/backend.dockerfile
@@ -2,7 +2,7 @@
# Build stage
#############################
-FROM node:18-slim AS builder
+FROM node:18-alpine AS builder
WORKDIR /app
@@ -20,7 +20,7 @@ RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build
# Production stage
#############################
-FROM node:18-slim
+FROM node:18-alpine
WORKDIR /app
@@ -29,10 +29,10 @@ COPY --chown=node:node --from=builder /app/dist ./dist
COPY --chown=node:node --from=builder /app/node_modules ./node_modules
# Copy the rest of the application code
-COPY --chown=node:node ./drizzle.config.ts ./
-COPY --chown=node:node ./tsconfig.json ./
-COPY --chown=node:node ./src/db/schema.ts ./src/db/schema.ts
-COPY --chown=node:node ./package.json ./package.json
+COPY --chown=node:node drizzle.config.ts ./
+COPY --chown=node:node tsconfig.json ./
+COPY --chown=node:node src/db/schema.ts ./src/db/schema.ts
+COPY --chown=node:node package.json ./package.json
# Create data directory & set permissions to node user
RUN mkdir /app/data && \
From 68b649cff8a6c0de521648c479945c1528aa9fc2 Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Thu, 14 Nov 2024 16:59:22 +0100
Subject: [PATCH 4/7] fix(docker): fix missing ENV variables & files
---
app.dockerfile | 3 +++
backend.dockerfile | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/app.dockerfile b/app.dockerfile
index 6878528..8c425f3 100644
--- a/app.dockerfile
+++ b/app.dockerfile
@@ -21,6 +21,9 @@ RUN yarn install --frozen-lockfile && yarn build
FROM node:22-alpine
+ENV NEXT_PUBLIC_WS_URL=ws://localhost:3001
+ENV NEXT_PUBLIC_API_URL=http://localhost:3001/api
+
WORKDIR /app
# Copy built assets from the builder stage
diff --git a/backend.dockerfile b/backend.dockerfile
index 9ac1c4c..deed1de 100644
--- a/backend.dockerfile
+++ b/backend.dockerfile
@@ -29,9 +29,9 @@ COPY --chown=node:node --from=builder /app/dist ./dist
COPY --chown=node:node --from=builder /app/node_modules ./node_modules
# Copy the rest of the application code
+COPY --chown=node:node src ./src
COPY --chown=node:node drizzle.config.ts ./
COPY --chown=node:node tsconfig.json ./
-COPY --chown=node:node src/db/schema.ts ./src/db/schema.ts
COPY --chown=node:node package.json ./package.json
# Create data directory & set permissions to node user
From eda2c3975adbf14371498d0182842f28e9621582 Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Thu, 14 Nov 2024 20:38:54 +0100
Subject: [PATCH 5/7] fix(docker): fix Docker compose to use .env files
---
.env.example | 3 +++
README.md | 22 +++++++++++++++++-----
docker-compose.yaml | 9 ++++-----
ui/.env.example | 3 ++-
4 files changed, 26 insertions(+), 11 deletions(-)
create mode 100644 .env.example
diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..75ef611
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,3 @@
+NEXT_PUBLIC_WS_URL=ws://localhost:3001
+NEXT_PUBLIC_API_URL=http://localhost:3001/api
+SEARXNG_API_URL=http://searxng:8080
\ No newline at end of file
diff --git a/README.md b/README.md
index 4aa17cb..8e3cf42 100644
--- a/README.md
+++ b/README.md
@@ -77,13 +77,25 @@ There are mainly 2 ways of installing Perplexica - With Docker, Without Docker.
- `SIMILARITY_MEASURE`: The similarity measure to use (This is filled by default; you can leave it as is if you are unsure about it.)
-5. Ensure you are in the directory containing the `docker-compose.yaml` file and execute:
+5. Rename the `.env.example` file to `.env` and fill in all necessary fields.
- ```bash
- docker compose up -d
- ```
+ ```bash
+ mv .env.example .env
+ ```
-6. Wait a few minutes for the setup to complete. You can access Perplexica at http://localhost:3000 in your web browser.
+6. Rename the `./ui/.env.example` file to `./ui/.env` and fill in all necessary fields.
+
+ ```bash
+ mv ./ui/.env.example ./ui/.env
+ ```
+
+7. Ensure you are in the directory containing the `docker-compose.yaml` file and execute:
+
+ ```bash
+ docker compose up -d
+ ```
+
+8. Wait a few minutes for the setup to complete. You can access Perplexica at http://localhost:3000 in your web browser.
**Note**: After the containers are built, you can start Perplexica directly from Docker without having to open a terminal.
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 25d6ec2..35b9320 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -14,8 +14,6 @@ services:
context: .
dockerfile: backend.dockerfile
image: itzcrazykns1337/perplexica-backend:main
- environment:
- - SEARXNG_API_URL=http://searxng:8080
depends_on:
- searxng
ports:
@@ -27,15 +25,14 @@ services:
- 'host.docker.internal:host-gateway'
networks:
- perplexica-network
+ env_file:
+ - ./.env
restart: unless-stopped
perplexica-frontend:
build:
context: .
dockerfile: app.dockerfile
- args:
- - NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
- - NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
image: itzcrazykns1337/perplexica-frontend:main
depends_on:
- perplexica-backend
@@ -43,6 +40,8 @@ services:
- 3000:3000
networks:
- perplexica-network
+ env_file:
+ - ./.env
restart: unless-stopped
networks:
diff --git a/ui/.env.example b/ui/.env.example
index 57a3ed9..75ef611 100644
--- a/ui/.env.example
+++ b/ui/.env.example
@@ -1,2 +1,3 @@
NEXT_PUBLIC_WS_URL=ws://localhost:3001
-NEXT_PUBLIC_API_URL=http://localhost:3001/api
\ No newline at end of file
+NEXT_PUBLIC_API_URL=http://localhost:3001/api
+SEARXNG_API_URL=http://searxng:8080
\ No newline at end of file
From 2351c5c1256b50dfdf14a4d98b3895584242c1b9 Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Thu, 14 Nov 2024 23:02:53 +0100
Subject: [PATCH 6/7] fix(docker): fix the permissions issue when running
Docker Compose
Docker Compose mount the volumes as root by default and the node user can't access the SQLite DB (read-only)
---
backend.dockerfile | 15 +++++++++------
docker-compose.yaml | 2 ++
2 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/backend.dockerfile b/backend.dockerfile
index deed1de..87dc9dd 100644
--- a/backend.dockerfile
+++ b/backend.dockerfile
@@ -2,7 +2,7 @@
# Build stage
#############################
-FROM node:18-alpine AS builder
+FROM node:22-alpine AS builder
WORKDIR /app
@@ -20,7 +20,9 @@ RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build
# Production stage
#############################
-FROM node:18-alpine
+FROM node:22-alpine
+
+ARG USER=node
WORKDIR /app
@@ -29,17 +31,18 @@ COPY --chown=node:node --from=builder /app/dist ./dist
COPY --chown=node:node --from=builder /app/node_modules ./node_modules
# Copy the rest of the application code
-COPY --chown=node:node src ./src
COPY --chown=node:node drizzle.config.ts ./
COPY --chown=node:node tsconfig.json ./
+COPY --chown=node:node src/db/schema.ts ./src/db/schema.ts
COPY --chown=node:node package.json ./package.json
# Create data directory & set permissions to node user
RUN mkdir /app/data && \
- chown -R node:node /app/data
+ chown -R node:node /app/data && \
+ chmod -R 755 /app/data
-# Run the Docker image as node instead of root
-USER node
+# Run the Docker image as node or root if Docker Compose du to volume permissions
+USER ${USER}
# Start the application
CMD ["yarn", "start"]
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 35b9320..36c065c 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -12,6 +12,8 @@ services:
perplexica-backend:
build:
context: .
+ args:
+ - USER=root
dockerfile: backend.dockerfile
image: itzcrazykns1337/perplexica-backend:main
depends_on:
From 003fb68d8c2ba069e04d7f6907862e99b2ca5136 Mon Sep 17 00:00:00 2001
From: Damien Laureaux <d.laureaux@timoa.com>
Date: Fri, 15 Nov 2024 20:05:22 +0100
Subject: [PATCH 7/7] fix(docker): fix the env.example files to be in sync with
the `docs/installation/NETWORKING.md` file
---
.env.example | 4 ++--
ui/.env.example | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.env.example b/.env.example
index 75ef611..f23835c 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,3 @@
-NEXT_PUBLIC_WS_URL=ws://localhost:3001
-NEXT_PUBLIC_API_URL=http://localhost:3001/api
+NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
+NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
SEARXNG_API_URL=http://searxng:8080
\ No newline at end of file
diff --git a/ui/.env.example b/ui/.env.example
index 75ef611..f23835c 100644
--- a/ui/.env.example
+++ b/ui/.env.example
@@ -1,3 +1,3 @@
-NEXT_PUBLIC_WS_URL=ws://localhost:3001
-NEXT_PUBLIC_API_URL=http://localhost:3001/api
+NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
+NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
SEARXNG_API_URL=http://searxng:8080
\ No newline at end of file