diff --git a/Dockerfile b/Dockerfile index 3b93735a..1766ef86 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,11 +7,9 @@ RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ wget gnupg ca-certificates curl unzip \ - # Chrome runtime deps libnss3 libxss1 libx11-xcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 \ libxkbcommon0 libxrandr2 libatk1.0-0 libatk-bridge2.0-0 libgtk-3-0 \ libgbm1 libasound2 fonts-liberation \ - # Optional fonts for broader charset support fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst fonts-freefont-ttf; \ wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-linux.gpg; \ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list; \ @@ -19,39 +17,44 @@ RUN set -eux; \ apt-get install -y --no-install-recommends google-chrome-stable; \ rm -rf /var/lib/apt/lists/* -# Prevent Puppeteer from downloading Chromium, point to system Chrome +# Prevent Puppeteer from downloading Chromium ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true -ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/google-chrome-stable -# Default Chrome args suitable for containers (headless + no sandbox) -ENV CHROME_DEFAULT_ARGS="--no-sandbox --disable-setuid-sandbox --headless=new --disable-gpu --disable-dev-shm-usage --no-zygote --no-first-run --ozone-platform=none --disable-features=UseOzonePlatform --enable-features=NetworkService,NetworkServiceInProcess" +# Force flags via a wrapper so Chrome cannot try X11 or sandbox +RUN printf '%s\n' \ +'#!/usr/bin/env bash' \ +'exec /usr/bin/google-chrome-stable \' \ +' --no-sandbox --disable-setuid-sandbox \' \ +' --headless=new --disable-gpu --disable-dev-shm-usage \' \ +' --no-zygote --no-first-run \' \ +' --ozone-platform=none --disable-features=UseOzonePlatform \' \ +' "$@"' \ +> /usr/local/bin/chrome-wrapper && chmod +x /usr/local/bin/chrome-wrapper -# Env consumed by lowlighter/metrics to pass browser flags +# Point puppeteer to the wrapper +ENV PUPPETEER_EXECUTABLE_PATH=/usr/local/bin/chrome-wrapper + +# Optional envs used by metrics (kept for completeness) ENV METRICS_BROWSER=chromium ENV METRICS_BROWSER_HEADLESS=true ENV METRICS_BROWSER_ARGS="" - -# Optional: trust reverse proxy for express-rate-limit ENV METRICS_TRUST_PROXY=1 -# Copy sources and install JS deps +# Install JS deps COPY package.json package-lock.json* ./ RUN npm ci +# Copy source and build COPY . . - -# Build the project RUN npm run build -# Wrapper entrypoint to ensure args are always set +# Entry RUN printf '%s\n' \ '#!/usr/bin/env bash' \ 'set -euo pipefail' \ -'export PUPPETEER_EXECUTABLE_PATH="${PUPPETEER_EXECUTABLE_PATH:-/usr/bin/google-chrome-stable}"' \ -'export METRICS_BROWSER="${METRICS_BROWSER:-chromium}"' \ -'export METRICS_BROWSER_HEADLESS="${METRICS_BROWSER_HEADLESS:-true}"' \ +# Ensure METRICS_BROWSER_ARGS has flags if the app reads it (not strictly needed with wrapper) 'if [ -z "${METRICS_BROWSER_ARGS:-}" ]; then' \ -' export METRICS_BROWSER_ARGS="${CHROME_DEFAULT_ARGS}"' \ +' export METRICS_BROWSER_ARGS="--no-sandbox --disable-setuid-sandbox --headless=new --disable-gpu --disable-dev-shm-usage --no-zygote --no-first-run --ozone-platform=none --disable-features=UseOzonePlatform --enable-features=NetworkService,NetworkServiceInProcess"' \ 'fi' \ 'exec npm start' \ > /usr/local/bin/metrics-entrypoint && chmod +x /usr/local/bin/metrics-entrypoint