This repository aims to solve the compatibility issue with PostgreSQL-12+ and provide updates to the base image system, solving some vulnerabilities.
Main references:
To get all things working, it's necessary to add the environment variable DB_IS_PG12_OR_NEWER
with the value true
or false
. This ensures compatibility with PostgreSQL-12+.
DB_IS_PG12_OR_NEWER=true
Node has been updated from version 12.16.3 to 12.22.12.
To use a newer version of the base image in this node version, the first FROM
line in the Dockerfile was changed to alpine:3.19
.
Node was installed manually following the official Docker Node repository on GitHub.
Additionally, the docker-entrypoint was merged into the current Dockerfile.
###### NODE ######
FROM alpine:3.19.1 as node12
ENV NODE_VERSION 12.22.12
RUN addgroup -g 1000 node \
&& adduser -u 1000 -G node -s /bin/sh -D node \
&& apk add --no-cache \
libstdc++ \
&& apk add --no-cache --virtual .build-deps \
curl \
&& ARCH= && alpineArch="$(apk --print-arch)" \
&& case "${alpineArch##*-}" in \
x86_64) \
ARCH='x64' \
CHECKSUM="e5eb941bd3d5b7ab197e27c353049e6e8fd03d39c4949ea393f5af4ba8ef020a" \
;; \
*) ;; \
esac \
&& if [ -n "${CHECKSUM}" ]; then \
set -eu; \
curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \
echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
else \
echo "Building from source" \
# backup build
&& apk add --no-cache --virtual .build-deps-full \
binutils-gold \
g++ \
gcc \
gnupg \
libgcc \
linux-headers \
make \
python2 \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
141F07595B7B3FFE74309A937405533BE57C7D57 \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
74F12602B6F1C4E913FAA37AD3A89613643B6201 \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
&& cd "node-v$NODE_VERSION" \
&& ./configure \
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
&& make install \
&& apk del .build-deps-full \
&& cd .. \
&& rm -Rf "node-v$NODE_VERSION" \
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
fi \
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
&& apk del .build-deps \
# smoke tests
&& node --version \
&& npm --version
ENV YARN_VERSION 1.22.18
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& mkdir -p /opt \
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
&& apk del .build-deps-yarn \
# smoke test
&& yarn --version
RUN addgroup -S app && adduser -S app -G app
RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.19/main" > /etc/apk/repositories && \
apk -U update --no-cache
RUN apk add --no-cache apk-tools=2.14.0-r5
RUN apk add --no-cache musl=1.2.4_git20230717-r4
RUN apk add --no-cache libssl3=3.1.4-r5
RUN apk add --no-cache libcrypto3=3.1.4-r5
RUN apk add --no-cache busybox=1.36.1-r15
RUN apk add --no-cache ssl_client=1.36.1-r15
RUN apk add --no-cache curl=8.5.0-r0
RUN apk add --no-cache ca-certificates
RUN apk add --no-cache bash
RUN apk add --no-cache git
RUN apk add --no-cache tar
HEALTHCHECK NONE
RUN mkdir /app
RUN mkdir /config
RUN chmod 777 -R /app
RUN chmod 777 -R /config
RUN chmod 777 -R /home/app
RUN echo '#!/bin/sh' > /usr/local/bin/docker-entrypoint.sh && \
echo 'set -e' >> /usr/local/bin/docker-entrypoint.sh && \
echo '' >> /usr/local/bin/docker-entrypoint.sh && \
echo '# Run command with node if the first argument contains a "-" or is not a system command.' >> /usr/local/bin/docker-entrypoint.sh && \
echo '# The last part inside the "{}" is a workaround for the following bug in ash/dash:' >> /usr/local/bin/docker-entrypoint.sh && \
echo '# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264' >> /usr/local/bin/docker-entrypoint.sh && \
echo 'if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then' >> /usr/local/bin/docker-entrypoint.sh && \
echo ' set -- node "$@"' >> /usr/local/bin/docker-entrypoint.sh && \
echo 'fi' >> /usr/local/bin/docker-entrypoint.sh && \
echo '' >> /usr/local/bin/docker-entrypoint.sh && \
echo 'exec "$@"' >> /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
ENV HOME /home/app
USER app
WORKDIR /app
ENTRYPOINT ["docker-entrypoint.sh"]
CMD [ "node" ]
The Dockerfile of the Konga project was adapted to incorporate a solution for compatibility issues with PostgreSQL-12 or newer. This was done by downloading the master branch of a PR in the official Konga repository, which contains the solution made by @vichaos.
It was merged into the one above, with the installation of the older package patch-package@6.5.1 from the @matejd's post
###### KONGA ######
FROM node12
USER root
WORKDIR /app
COPY . /app
RUN apk upgrade --update --no-cache
RUN apk add bash git ca-certificates python3 make --no-cache
RUN npm install -g bower
RUN npm install -g patch-package@6.5.1 #NEWLINE
RUN npm --unsafe-perm --production install
RUN apk del git
RUN rm -rf /var/cache/apk/* \
/app/.git \
/app/screenshots \
/app/test
RUN adduser -H -S -g "Konga service owner" -D -u 1200 -s /sbin/nologin konga
RUN mkdir -p /app/kongadata /app/.tmp
RUN chown -R 1200:1200 /app/kongadata /app/.tmp
EXPOSE 1337
VOLUME /app/kongadata
ENTRYPOINT ["/app/start.sh"]