Spaces:
Running
Running
| FROM nocodb/nocodb:latest | |
| ARG NC_S3_REGION | |
| ARG NC_S3_ENDPOINT | |
| ARG NC_S3_ACCESS_KEY | |
| # 创建数据目录、设置权限并安装 PostgreSQL 和 Redis | |
| RUN adduser -D -u 1000 nocodb && \ | |
| mkdir -p /usr/app/data /run/postgresql /var/log/redis /var/log/postgresql /var/run/redis && \ | |
| chown -R nocodb:nocodb /usr/app /usr/src/app /usr /run/postgresql /var/log/redis /var/log/postgresql /var/log && \ | |
| apk add --no-cache postgresql postgresql-contrib redis && \ | |
| echo "nocodb:nocodb_password" | chpasswd && \ | |
| chown nocodb:nocodb /run/postgresql && \ | |
| su - nocodb -c "initdb -D /usr/app/data/pgdata" && \ | |
| echo "host all all 0.0.0.0/0 md5" >> /usr/app/data/pgdata/pg_hba.conf && \ | |
| echo "listen_addresses='*'" >> /usr/app/data/pgdata/postgresql.conf && \ | |
| sed -i 's/# requirepass foobared/requirepass redis_password/' /etc/redis.conf && \ | |
| sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis.conf && \ | |
| sed -i 's/dir .\//dir \/usr\/app\/data\//' /etc/redis.conf && \ | |
| sed -i 's/logfile ""/logfile "\/var\/log\/redis\/redis.log"/' /etc/redis.conf && \ | |
| sed -i 's/# unixsocket/unixsocket/' /etc/redis.conf && \ | |
| sed -i 's/# unixsocketperm 700/unixsocketperm 777/' /etc/redis.conf && \ | |
| echo "pidfile /var/run/redis/redis.pid" >> /etc/redis.conf && \ | |
| chmod 644 /etc/redis.conf && \ | |
| chown -R nocodb:nocodb /etc/redis.conf /var/log/redis /var/run/redis /usr/app/data /var/lib/redis && \ | |
| apk add --update --no-cache dasel dumb-init nodejs | |
| # 使用 secret 获取 S3 bucket 名称和访问密钥 | |
| RUN --mount=type=secret,id=NC_S3_BUCKET_NAME,mode=0444,required=true \ | |
| --mount=type=secret,id=NC_S3_ACCESS_SECRET,mode=0444,required=true \ | |
| echo "export NC_S3_BUCKET_NAME=$(cat /run/secrets/NC_S3_BUCKET_NAME)" >> /etc/profile.d/s3_env.sh && \ | |
| echo "export NC_S3_ACCESS_SECRET=$(cat /run/secrets/NC_S3_ACCESS_SECRET)" >> /etc/profile.d/s3_env.sh && \ | |
| echo "export LITESTREAM_S3_BUCKET=$(cat /run/secrets/NC_S3_BUCKET_NAME)" >> /etc/profile.d/s3_env.sh && \ | |
| echo "export LITESTREAM_S3_SECRET_ACCESS_KEY=$(cat /run/secrets/NC_S3_ACCESS_SECRET)" >> /etc/profile.d/s3_env.sh && \ | |
| chmod +x /etc/profile.d/s3_env.sh | |
| # 复制启动脚本和 Node.js 示例程序并设置权限 | |
| COPY docker/startup.sh /usr/src/appEntry/startup.sh | |
| RUN chmod +x /usr/src/appEntry/startup.sh | |
| # 切换到 nocodb 用户 | |
| USER nocodb | |
| WORKDIR /usr/src/app | |
| # 设置环境变量,包括从 secret 获取的值 | |
| ENV LITESTREAM_S3_SKIP_VERIFY=false \ | |
| LITESTREAM_RETENTION=1440h \ | |
| LITESTREAM_RETENTION_CHECK_INTERVAL=72h \ | |
| LITESTREAM_SNAPSHOT_INTERVAL=24h \ | |
| LITESTREAM_SYNC_INTERVAL=60s \ | |
| NC_DOCKER=0.6 \ | |
| NC_TOOL_DIR=/usr/app/data/ \ | |
| NODE_ENV=production \ | |
| NC_ALLOW_LOCAL_HOOKS=true \ | |
| NC_REDIS_URL="redis://:redis_password@localhost:6379/4" \ | |
| NC_S3_REGION=${NC_S3_REGION} \ | |
| NC_S3_ENDPOINT=${NC_S3_ENDPOINT} \ | |
| NC_S3_ACCESS_KEY=${NC_S3_ACCESS_KEY} \ | |
| LITESTREAM_S3_REGION=${NC_S3_REGION} \ | |
| LITESTREAM_S3_ENDPOINT=${NC_S3_ENDPOINT} \ | |
| LITESTREAM_S3_ACCESS_KEY_ID=${NC_S3_ACCESS_KEY} | |
| # 从临时文件中读取 secret 值并设置为环境变量 | |
| ENV $(source /etc/profile.d/s3_env.sh && env | grep '^S3_' | xargs) | |
| EXPOSE 8080 | |
| ENTRYPOINT ["/usr/bin/dumb-init", "--"] | |
| # 运行启动脚本 | |
| CMD ["/usr/src/appEntry/startup.sh"] | |