Skip to content

feat(docker): containerized web build + CORS guidance#23

Merged
offendingcommit merged 1 commit into
mainfrom
feat/docker-web
May 28, 2026
Merged

feat(docker): containerized web build + CORS guidance#23
offendingcommit merged 1 commit into
mainfrom
feat/docker-web

Conversation

@offendingcommit
Copy link
Copy Markdown
Owner

@offendingcommit offendingcommit commented May 28, 2026

Adds Docker support for the @openconcho/web SPA — a recurring ask.

  • Dockerfile — multi-stage (node:22-alpine + pnpm builds the SPA -> nginx-unprivileged serves it). Non-root (UID 101) on :8080, runs under --read-only --cap-drop ALL.
  • docker/nginx.conf — SPA-fallback routing, /healthz, immutable asset caching, gzip, and an opt-in same-origin reverse-proxy block.
  • docs/docker.md — build/run + the CORS story.
  • .dockerignore.

On CORS (the second half of the ask)

The desktop app routes fetch through Rust and bypasses browser CORS; the web build doesn't. Two documented options: (1) configure Honcho's FastAPI CORSMiddleware for the UI origin — recommended, fits the absolute-URL-in-localStorage model; (2) the nginx reverse-proxy block for zero-CORS same-origin. Option 2 needs the Settings form to accept a relative base URL (currently z.string().url() requires absolute) — flagged as follow-up in the docs.

Credit

Dockerfile + nginx.conf adapted from @zmarakjanbangash's fork. Thanks!

Verification

docker build succeeds; container smoke-tested — /healthz returns ok, index serves, SPA deep-link returns 200.

@offendingcommit @zmarakjanbangash
feat(docker): add containerized web build with CORS guidance
cfe07f1 
Multi-stage Dockerfile (node:22-alpine + pnpm build -> nginx-unprivileged
serve) producing a non-root image that runs under read-only fs + cap_drop
ALL. nginx.conf does SPA-fallback routing, /healthz, immutable asset cache,
and gzip, plus an opt-in same-origin reverse-proxy block.

docs/docker.md documents build/run and the two ways to handle browser CORS
on the web build (configure Honcho's CORSMiddleware, or the nginx proxy).

The Dockerfile and nginx.conf are adapted from @zmarakjanbangash's fork.

Co-authored-by: zmarakjanbangash <zmarakjanbangash@users.noreply.github.com>
@offendingcommit offendingcommit mentioned this pull request May 28, 2026
Closed
@offendingcommit offendingcommit merged commit a338919 into main May 28, 2026
2 checks passed
@offendingcommit offendingcommit deleted the feat/docker-web branch May 28, 2026 19:32
@offendingcommit offendingcommit mentioned this pull request May 28, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@offendingcommit