Update nginx config and docker files to use Debian Bookworm with Ruby…

… 3.1

Nginx proxy needed update on buffer size to avoid error about "upstream
sent too big header".

.dockerignore

@@ -23,3 +23,4 @@
 /uploads
 /vendor/ruby
 /vendor/bundle
+/coverage

db/schema.rb

@@ -205,7 +205,7 @@
     t.index ["user_id"], name: "index_nodes_on_user_id"
   end
 
-  create_table "oauth_access_grants", id: :integer, charset: "utf8mb3", force: :cascade do |t|
+  create_table "oauth_access_grants", id: :integer, charset: "utf8", force: :cascade do |t|
     t.integer "resource_owner_id", null: false
     t.integer "application_id", null: false
     t.string "token", null: false
@@ -219,7 +219,7 @@
     t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
   end
 
-  create_table "oauth_access_tokens", id: :integer, charset: "utf8mb3", force: :cascade do |t|
+  create_table "oauth_access_tokens", id: :integer, charset: "utf8", force: :cascade do |t|
     t.integer "resource_owner_id"
     t.integer "application_id", null: false
     t.string "token", null: false
@@ -234,7 +234,7 @@
     t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
   end
 
-  create_table "oauth_applications", id: :integer, charset: "utf8mb3", force: :cascade do |t|
+  create_table "oauth_applications", id: :integer, charset: "utf8", force: :cascade do |t|
     t.string "name", null: false
     t.string "uid", null: false
     t.string "secret", null: false

deployment/linuxfr-board/Dockerfile

@@ -1,22 +1,39 @@
-FROM ruby:2-slim-buster
+FROM ruby:3-slim-bookworm
 
-LABEL maintainer="adrien@adorsaz.ch"
-LABEL version="1.0"
-LABEL description="Run LinuxFr board service for LinuxFr.org Ruby on Rails website"
+LABEL org.opencontainers.image.title="LinuxFr.org boards"
+LABEL org.opencontainers.image.description="Push notifications for chat rooms of LinuxFr"
+LABEL org.opencontainers.image.source="https://github.com/linuxfrorg/board-sse-linuxfr.org"
+LABEL org.opencontainers.image.url="https://github.com/linuxfrorg/linuxfr.org/blob/master/Container.md"
+LABEL org.opencontainers.image.licenses="AGPL-3.0-only"
+LABEL org.opencontainers.image.version="ruby3-bookworm"
+LABEL org.opencontainers.image.authors="Adrien Dorsaz <adrien@adorsaz.ch>"
 
-WORKDIR /linuxfr-board
+ARG UID=1200
 
-# Install dependencies
 RUN apt-get update \
+  # Install dependencies \
   && apt-get install -y --no-install-recommends \
-    build-essential ruby ruby-dev \
+    build-essential git ruby ruby-dev \
   && apt-get clean
 
+USER ${UID}
+WORKDIR /linuxfr-board
+ENV HOME=/linuxfr-board
+
 # Install board-linuxfr
-RUN gem install board-linuxfr -v '~> 0.1.3'
+# RUN gem install board-linuxfr -v '~> 0.1.4'
+
+# Temporary build board-linuxfr from sources
+RUN git clone https://github.com/linuxfrorg/board-sse-linuxfr.org.git --branch ruby3 \
+  && cd board-sse-linuxfr.org \
+  && gem build board-linuxfr.gemspec \
+  && gem install ./board-linuxfr-*.gem
 
-RUN apt purge --autoremove -y build-essential ruby-dev
+# Clean development dependencies
+USER 0
+RUN apt purge --autoremove -y build-essential git ruby-dev
 
+USER ${UID}
 EXPOSE 9000
 
 CMD ["board-linuxfr"]

deployment/linuxfr-img/Dockerfile

@@ -1,24 +1,34 @@
 FROM debian:bullseye-slim as build
 
-LABEL maintainer="adrien@adorsaz.ch"
-LABEL version="2.0"
-LABEL description="Run LinuxFr image caching service for LinuxFr.org"
+LABEL org.opencontainers.image.title="LinuxFr.org image caching service"
+LABEL org.opencontainers.image.description="Store external images into a cache to not flood external website"
+LABEL org.opencontainers.image.source="https://github.com/linuxfrorg/img-LinuxFr.org"
+LABEL org.opencontainers.image.url="https://github.com/linuxfrorg/linuxfr.org/blob/master/Container.md"
+LABEL org.opencontainers.image.licenses="AGPL-3.0-only"
+LABEL org.opencontainers.image.version="rails7-bullseye"
+LABEL org.opencontainers.image.authors="Adrien Dorsaz <adrien@adorsaz.ch>"
 
-ENV GOPATH=/linuxfr-img
-WORKDIR /linuxfr-img
+ARG UID=1200
 
-# Build linuxfr-img
 RUN apt-get update \
   && apt-get install -y --no-install-recommends \
     golang git ca-certificates \
-  && apt-get clean \
-  && go get -u github.com/linuxfrorg/img-LinuxFr.org
+  && apt-get clean
+
+USER ${UID}
+ENV GOPATH=/linuxfr-img
+ENV HOME=/linuxfr-img
+WORKDIR /linuxfr-img
+
+# Build linuxfr-img
+RUN go get -u github.com/linuxfrorg/img-LinuxFr.org
 
 FROM debian:bullseye-slim as deploy
 
+USER ${UID}
 WORKDIR /linuxfr-img
 
-COPY --from=build /linuxfr-img/bin/img-LinuxFr.org .
+COPY --from=build --chown=${UID}:0 --chmod=770 /linuxfr-img/bin/img-LinuxFr.org .
 
 EXPOSE 8000
 

deployment/linuxfr.org/Dockerfile

@@ -1,50 +1,53 @@
-FROM debian:stretch-slim
+FROM debian:bookworm-slim
 
-LABEL maintainer="adrien@adorsaz.ch"
-LABEL version="1.0"
-LABEL description="Run LinuxFr.org Ruby on Rails website"
+LABEL org.opencontainers.image.title="LinuxFr.org website"
+LABEL org.opencontainers.image.description="Run LinuxFr.org Ruby on Rails website"
+LABEL org.opencontainers.image.source="https://github.com/linuxfrorg/linuxfr.org"
+LABEL org.opencontainers.image.url="https://github.com/linuxfrorg/linuxfr.org/blob/master/Docker.md"
+LABEL org.opencontainers.image.licenses="AGPL-3.0-only"
+LABEL org.opencontainers.image.version="rails7-bookworm"
+LABEL org.opencontainers.image.authors="Adrien Dorsaz <adrien@adorsaz.ch>"
 
-WORKDIR /linuxfr.org
+ARG UID=1200
 
 # Install system dependencies
-# Debian Stretch has been archived so we replace the sources with the archived ones
-RUN echo 'deb http://archive.debian.org/debian stretch main' > '/etc/apt/sources.list' \
-  && echo 'deb http://archive.debian.org/debian stretch-proposed-updates main' >> '/etc/apt/sources.list' \
-  && echo 'deb http://archive.debian.org/debian stretch-backports main' >> '/etc/apt/sources.list.d/linuxfr.list' \
-  && apt-get update \
+RUN apt-get update \
   && apt-get install -y --no-install-recommends --allow-downgrades \
-    mysql-client libmysql++-dev git \
-    build-essential openssl libreadline-dev curl libcurl4-openssl-dev zlib1g=1:1.2.8.dfsg-5 \
+    mariadb-client libmariadb++-dev git \
+    build-essential openssl libreadline-dev curl libcurl4-openssl-dev zlib1g \
     zlib1g-dev libssl-dev libxml2-dev libxslt-dev autoconf libgmp-dev libyaml-dev \
     ncurses-dev bison automake libtool imagemagick libc6-dev hunspell \
     hunspell-fr-comprehensive ruby ruby-dev ruby-rack \
-  && apt-get install -t stretch-backports -y --no-install-recommends \
     nodejs npm \
-  && gem install bundler -v 1.17.3 \
+  && gem install bundler -v 2.3.15 \
   && apt-get clean
 
-RUN mkdir /home/linuxfr.org
-ENV HOME /home/linuxfr.org
+USER ${UID}
+ENV HOME=/linuxfr.org
+WORKDIR /linuxfr.org
 
 # Install node external dependencies
-COPY package*.json ./
+COPY --chown=${UID}:0 --chmod=770 package*.json ./
 RUN npm ci
 
 # Install external dependencies
-COPY Gemfile* ./
+COPY --chown=${UID}:0 --chmod=770 Gemfile* ./
 
 RUN bundle config set path 'vendor/bundle' \
   && bundle config set deployment 'true' \
   && bundle install
 
 # Configure the application
-COPY deployment/linuxfr.org/database.yml config/database.yml
-COPY config/secrets.yml.sample config/secrets.yml
+COPY --chown=${UID}:0 --chmod=770 deployment/linuxfr.org/database.yml config/database.yml
+COPY --chown=${UID}:0 --chmod=770 config/secrets.yml.sample config/secrets.yml
 
 # Bundle source code
-COPY . /linuxfr.org
+COPY --chown=${UID}:0 --chmod=770 . /linuxfr.org
 
 EXPOSE 3000
 
+# Workaround for EACCESS error while running assets.rb
+USER 0
+
 CMD ["bin/rails", "server", "--binding", "0.0.0.0"]
 

deployment/nginx/templates/dlfp.conf.template

@@ -29,6 +29,8 @@ server {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $http_host;
     proxy_redirect off;
+    proxy_buffers 8 16k;
+    proxy_buffer_size 32k;
     proxy_pass http://linuxfr.org:3000;
   }
 }