Cutlery/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-07-09 03:04:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Docker/run as nonroot (#692)" (#724)

Browse Source 
This reverts commit 19aa572bd8a169371103f3b11f28169bfd09cee9.
This commit is contained in:
Hayden 2021-10-06 09:42:37 -08:00 committed by GitHub
parent 9541137ef7
commit 35caef1c39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Caddyfile
View File

@ -2,7 +2,8 @@
auto_https off auto_https off
admin off admin off
} }
:{$APP_PORT} {
:80 {
@proxied path /api/* /docs /openapi.json @proxied path /api/* /docs /openapi.json
@static { @static {

28
Dockerfile
View File

@ -11,7 +11,7 @@ RUN npm run build
############################################### ###############################################
# Base Image # Base Image
############################################### ###############################################
FROM python:3.9.6-slim as python-base FROM python:3.9-slim as python-base
ENV MEALIE_HOME="/app" ENV MEALIE_HOME="/app"
@ -29,12 +29,9 @@ ENV PYTHONUNBUFFERED=1 \
# prepend poetry and venv to path # prepend poetry and venv to path
ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH" ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
ENV PUID=911 \ # create user account
PGID=911 RUN useradd -u 911 -U -d $MEALIE_HOME -s /bin/bash abc \
&& usermod -G users abc \
# create user account with default group
RUN groupadd -g $PGID mealie \
&& useradd -l -u $PUID -g $PGID -d $MEALIE_HOME -s /bin/bash mealie \
&& mkdir $MEALIE_HOME && mkdir $MEALIE_HOME
############################################### ###############################################
@ -59,7 +56,7 @@ RUN apt-get update \
&& pip install -U --no-cache-dir pip && pip install -U --no-cache-dir pip
# install poetry - respects $POETRY_VERSION & $POETRY_HOME # install poetry - respects $POETRY_VERSION & $POETRY_HOME
ENV POETRY_VERSION=1.1.7 ENV POETRY_VERSION=1.1.6
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python - RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python -
# copy project requirement files here to ensure they will be cached. # copy project requirement files here to ensure they will be cached.
@ -99,7 +96,6 @@ ENTRYPOINT $MEALIE_HOME/mealie/run.sh "reload"
############################################### ###############################################
FROM python-base as production FROM python-base as production
ENV PRODUCTION=true ENV PRODUCTION=true
ARG DEBIAN_FRONTEND=noninteractive
# curl for used by healthcheck # curl for used by healthcheck
RUN apt-get update \ RUN apt-get update \
@ -133,20 +129,12 @@ COPY --from=frontend-build /app/dist $MEALIE_HOME/dist
COPY ./dev/data/templates $MEALIE_HOME/data/templates COPY ./dev/data/templates $MEALIE_HOME/data/templates
COPY ./Caddyfile $MEALIE_HOME COPY ./Caddyfile $MEALIE_HOME
RUN mkdir $MEALIE_HOME/temp \
&& id -u mealie | xargs -I{} chown -R {}:{} $MEALIE_HOME
USER $PUID:$PGID
VOLUME [ "$MEALIE_HOME/data/" ] VOLUME [ "$MEALIE_HOME/data/" ]
ENV APP_PORT=80
RUN chmod 755 "$MEALIE_HOME/data/" \
&& chmod g+s "$MEALIE_HOME/data/"
WORKDIR /app
ENV APP_PORT=9080
EXPOSE ${APP_PORT} EXPOSE ${APP_PORT}
HEALTHCHECK CMD curl -fs http://localhost:${APP_PORT} || exit 1 HEALTHCHECK CMD curl -fs http://localhost:${APP_PORT} || exit 1
RUN chmod +x mealie/run.sh RUN chmod +x $MEALIE_HOME/mealie/run.sh
ENTRYPOINT mealie/run.sh ENTRYPOINT $MEALIE_HOME/mealie/run.sh

2
docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
depends_on: depends_on:
- "postgres" - "postgres"
ports: ports:
- 9090:9080 - 9090:80
environment: environment:
DB_ENGINE: postgres # Optional: 'sqlite', 'postgres' DB_ENGINE: postgres # Optional: 'sqlite', 'postgres'
POSTGRES_USER: mealie POSTGRES_USER: mealie

11
docs/docs/documentation/getting-started/install.md
View File

@ -2,9 +2,6 @@
To deploy mealie on your local network it is highly recommended to use docker to deploy the image straight from dockerhub. Using the docker-compose below you should be able to get a stack up and running easily by changing a few default values and deploying. You can deploy with either SQLite (default) or Postgres. SQLite is sufficient for most use cases. Additionally, with mealies automated backup and restore functionality, you can easily move between SQLite and Postgres as you wish. To deploy mealie on your local network it is highly recommended to use docker to deploy the image straight from dockerhub. Using the docker-compose below you should be able to get a stack up and running easily by changing a few default values and deploying. You can deploy with either SQLite (default) or Postgres. SQLite is sufficient for most use cases. Additionally, with mealies automated backup and restore functionality, you can easily move between SQLite and Postgres as you wish.
**Latest release has changed container port binding from port 80 to 9080, for existing container based installations, please change exposed port or service binindg accordingly**
[Get Docker](https://docs.docker.com/get-docker/) [Get Docker](https://docs.docker.com/get-docker/)
[Mealie on Dockerhub](https://hub.docker.com/r/hkotel/mealie) [Mealie on Dockerhub](https://hub.docker.com/r/hkotel/mealie)
@ -119,10 +116,8 @@ services:
| Variables | Default | Description | | Variables | Default | Description |
| ----------------------- | --------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | ----------------------- | --------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| APP_PORT | Default: 80 | Web app port binding/listening. **For Docker this is set to 9080 (Binding without elevated permissions)**. | | PUID | 911 | UserID permissions between host OS and container |
| API_PORT | 9000 | The port exposed by backend API. **Do not change this if you're running in Docker** | | PGID | 911 | GroupID permissions between host OS and container |
| PUID | 911 | UserID permissions between host OS and container. **This ensures cotnainer will run as non-root** |
| PGID | 911 | GroupID permissions between host OS and container. **This ensures cotnainer will run as non-root** |
| DEFAULT_GROUP | Home | The default group for users | | DEFAULT_GROUP | Home | The default group for users |
| DEFAULT_EMAIL | changeme@email.com | The default username for the superuser | | DEFAULT_EMAIL | changeme@email.com | The default username for the superuser |
| BASE_URL | http://localhost:8080 | Used for Notifications | | BASE_URL | http://localhost:8080 | Used for Notifications |
@ -139,12 +134,14 @@ services:
| RECIPE_LANDSCAPE_VIEW | True | Default Recipe Settings - Set Landscape View | | RECIPE_LANDSCAPE_VIEW | True | Default Recipe Settings - Set Landscape View |
| RECIPE_DISABLE_COMMENTS | False | Default Recipe Settings - Disable Comments | | RECIPE_DISABLE_COMMENTS | False | Default Recipe Settings - Disable Comments |
| RECIPE_DISABLE_AMOUNT | False | Default Recipe Settings - Disable Amount | | RECIPE_DISABLE_AMOUNT | False | Default Recipe Settings - Disable Amount |
| API_PORT | 9000 | The port exposed by backend API. **Do not change this if you're running in Docker** |
| API_DOCS | True | Turns on/off access to the API documentation locally. | | API_DOCS | True | Turns on/off access to the API documentation locally. |
| TZ | UTC | Must be set to get correct date/time on the server | | TZ | UTC | Must be set to get correct date/time on the server |
| WORKERS_PER_CORE | 1 | Set the number of workers to the number of CPU cores multiplied by this value (Value \* CPUs). More info [here][workers_per_core] | | WORKERS_PER_CORE | 1 | Set the number of workers to the number of CPU cores multiplied by this value (Value \* CPUs). More info [here][workers_per_core] |
| MAX_WORKERS | | Set the maximum number of workers to use. Default is not set meaning unlimited. More info [here][max_workers] | | MAX_WORKERS | | Set the maximum number of workers to use. Default is not set meaning unlimited. More info [here][max_workers] |
| WEB_CONCURRENCY | 2 | Override the automatic definition of number of workers. More info [here][web_concurrency] | | WEB_CONCURRENCY | 2 | Override the automatic definition of number of workers. More info [here][web_concurrency] |
## Raspberry Pi 4 ## Raspberry Pi 4
!!! tip "Fatal Python error: init_interp_main: can't initialize time" !!! tip "Fatal Python error: init_interp_main: can't initialize time"

5
mealie/core/config.py
View File

@ -59,7 +59,6 @@ class AppDirectories:
self.USER_DIR: Path = data_dir.joinpath("users") self.USER_DIR: Path = data_dir.joinpath("users")
self.RECIPE_DATA_DIR: Path = data_dir.joinpath("recipes") self.RECIPE_DATA_DIR: Path = data_dir.joinpath("recipes")
self.TEMP_DIR: Path = data_dir.joinpath(".temp") self.TEMP_DIR: Path = data_dir.joinpath(".temp")
self.SCHEDULER_DIR: Path = Path("/app/temp")
self.ensure_directories() self.ensure_directories()
@ -96,7 +95,7 @@ def determine_sqlite_path(path=False, suffix=DB_VERSION) -> str:
class AppSettings(BaseSettings): class AppSettings(BaseSettings):
global DATA_DIR global DATA_DIR
PRODUCTION: bool = Field(True, env="PRODUCTION") PRODUCTION: bool = Field(True, env="PRODUCTION")
BASE_URL: str = "http://localhost:{}".format(os.getenv("APP_PORT")) BASE_URL: str = "http://localhost:8080"
IS_DEMO: bool = False IS_DEMO: bool = False
API_PORT: int = 9000 API_PORT: int = 9000
API_DOCS: bool = True API_DOCS: bool = True
@ -152,7 +151,7 @@ class AppSettings(BaseSettings):
DEFAULT_EMAIL: str = "changeme@email.com" DEFAULT_EMAIL: str = "changeme@email.com"
DEFAULT_PASSWORD: str = "MyPassword" DEFAULT_PASSWORD: str = "MyPassword"
SCHEDULER_DATABASE = f"sqlite:///{app_dirs.SCHEDULER_DIR.joinpath('scheduler.db')}" SCHEDULER_DATABASE = f"sqlite:///{app_dirs.DATA_DIR.joinpath('scheduler.db')}"
TOKEN_TIME: int = 2 # Time in Hours TOKEN_TIME: int = 2 # Time in Hours

23
mealie/run.sh
View File

@ -5,6 +5,21 @@ set -e
# Get Reload Arg `run.sh reload` for dev server # Get Reload Arg `run.sh reload` for dev server
ARG1=${1:-production} ARG1=${1:-production}
# Get PUID/PGID
PUID=${PUID:-911}
PGID=${PGID:-911}
add_user() {
groupmod -o -g "$PGID" abc
usermod -o -u "$PUID" abc
echo "
User uid: $(id -u abc)
User gid: $(id -g abc)
"
chown -R abc:abc /app
}
init() { init() {
# $MEALIE_HOME directory # $MEALIE_HOME directory
cd /app cd /app
@ -29,11 +44,11 @@ if [ "$ARG1" == "reload" ]; then
# Start API # Start API
python /app/mealie/app.py python /app/mealie/app.py
else else
if [[ -z "$APP_PORT" ]];then echo "Production"
export APP_PORT=80
fi add_user
echo "Running in Production env as $(whoami) with id $(id -u) on port $APP_PORT"
init init
# Web Server # Web Server
caddy start --config /app/Caddyfile caddy start --config /app/Caddyfile

6
pyproject.toml
View File

@ -13,8 +13,8 @@ python = "^3.9"
aiofiles = "0.5.0" aiofiles = "0.5.0"
aniso8601 = "7.0.0" aniso8601 = "7.0.0"
appdirs = "1.4.4" appdirs = "1.4.4"
fastapi = "^0.65.2" fastapi = "^0.63.0"
uvicorn = {extras = ["standard"], version = "^0.15.0"} uvicorn = {extras = ["standard"], version = "^0.13.0"}
APScheduler = "^3.6.3" APScheduler = "^3.6.3"
SQLAlchemy = "^1.3.22" SQLAlchemy = "^1.3.22"
Jinja2 = "^2.11.2" Jinja2 = "^2.11.2"
@ -29,7 +29,7 @@ fastapi-camelcase = "^1.0.2"
bcrypt = "^3.2.0" bcrypt = "^3.2.0"
python-jose = "^3.3.0" python-jose = "^3.3.0"
passlib = "^1.7.4" passlib = "^1.7.4"
lxml = "4.6.3" lxml = "4.6.2"
Pillow = "^8.2.0" Pillow = "^8.2.0"
pathvalidate = "^2.4.1" pathvalidate = "^2.4.1"
apprise = "0.9.3" apprise = "0.9.3"