epistemophiliac/frappe_docker
1
0
Fork 0
mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-22 07:45:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

build(docker images): add nginx security headers snippet in production and custom images

Browse source
This commit is contained in:
Rocket-Quack 2026-03-17 15:54:01 +01:00
parent c40113923c
commit 00c3475943
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
images/custom/Containerfile
View file

@ -63,6 +63,7 @@ RUN useradd -ms /bin/bash frappe \
# Clean up # Clean up
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& rm -fr /etc/nginx/sites-enabled/default \ && rm -fr /etc/nginx/sites-enabled/default \
&& mkdir -p /etc/nginx/snippets \
&& pip3 install frappe-bench \ && pip3 install frappe-bench \
# Fixes for non-root nginx and logs to stdout # Fixes for non-root nginx and logs to stdout
&& sed -i '/user www-data/d' /etc/nginx/nginx.conf \ && sed -i '/user www-data/d' /etc/nginx/nginx.conf \
@ -70,12 +71,15 @@ RUN useradd -ms /bin/bash frappe \
&& touch /run/nginx.pid \ && touch /run/nginx.pid \
&& chown -R frappe:frappe /etc/nginx/conf.d \ && chown -R frappe:frappe /etc/nginx/conf.d \
&& chown -R frappe:frappe /etc/nginx/nginx.conf \ && chown -R frappe:frappe /etc/nginx/nginx.conf \
&& chown -R frappe:frappe /etc/nginx/snippets \
&& chown -R frappe:frappe /var/log/nginx \ && chown -R frappe:frappe /var/log/nginx \
&& chown -R frappe:frappe /var/lib/nginx \ && chown -R frappe:frappe /var/lib/nginx \
&& chown -R frappe:frappe /run/nginx.pid \ && chown -R frappe:frappe /run/nginx.pid \
&& chmod 755 /usr/local/bin/nginx-entrypoint.sh \ && chmod 755 /usr/local/bin/nginx-entrypoint.sh \
&& chmod 644 /templates/nginx/frappe.conf.template && chmod 644 /templates/nginx/frappe.conf.template
COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_headers.conf
FROM base AS builder FROM base AS builder
RUN apt-get update \ RUN apt-get update \

3
images/production/Containerfile
View file

@ -60,6 +60,7 @@ RUN useradd -ms /bin/bash frappe \
# Clean up # Clean up
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& rm -fr /etc/nginx/sites-enabled/default \ && rm -fr /etc/nginx/sites-enabled/default \
&& mkdir -p /etc/nginx/snippets \
&& pip3 install frappe-bench \ && pip3 install frappe-bench \
# Fixes for non-root nginx and logs to stdout # Fixes for non-root nginx and logs to stdout
&& sed -i '/user www-data/d' /etc/nginx/nginx.conf \ && sed -i '/user www-data/d' /etc/nginx/nginx.conf \
@ -67,12 +68,14 @@ RUN useradd -ms /bin/bash frappe \
&& touch /run/nginx.pid \ && touch /run/nginx.pid \
&& chown -R frappe:frappe /etc/nginx/conf.d \ && chown -R frappe:frappe /etc/nginx/conf.d \
&& chown -R frappe:frappe /etc/nginx/nginx.conf \ && chown -R frappe:frappe /etc/nginx/nginx.conf \
&& chown -R frappe:frappe /etc/nginx/snippets \
&& chown -R frappe:frappe /var/log/nginx \ && chown -R frappe:frappe /var/log/nginx \
&& chown -R frappe:frappe /var/lib/nginx \ && chown -R frappe:frappe /var/lib/nginx \
&& chown -R frappe:frappe /run/nginx.pid && chown -R frappe:frappe /run/nginx.pid
COPY resources/core/nginx/nginx-template.conf /templates/nginx/frappe.conf.template COPY resources/core/nginx/nginx-template.conf /templates/nginx/frappe.conf.template
COPY resources/core/nginx/nginx-entrypoint.sh /usr/local/bin/nginx-entrypoint.sh COPY resources/core/nginx/nginx-entrypoint.sh /usr/local/bin/nginx-entrypoint.sh
COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_headers.conf
FROM base AS build FROM base AS build