GenAIExamples icon indicating copy to clipboard operation
GenAIExamples copied to clipboard
Published 2 months ago verified publisher icon opea-project

[CodeGen React UI] Support parametrization of nginx port

Open Feelas opened this issue 1 year ago • 9 comments

In the nginx.conf for CodeGen React UI, there is a hardcoded port 80. https://github.com/opea-project/GenAIExamples/blob/09a3196324b6b9094852c9a990d2a9346f779cda/CodeGen/docker/ui/react/nginx.conf#L2

Supporting parametrization of nginx port is not a purely cosmetic matter, since it causes issues on unpriviliged deployments on K8s/OpenShift.

It would be good to both:

  • switch the default from port 80 to a known-working port outside of 1-1023 range, since it is is privileged by default and requires specific securityContext (which would be a terrible thing to use).
  • support parametrizing nginx port in an easy way, which doesn't require rebuilding the image (see the docs for upstream image used: https://hub.docker.com/_/nginx -> Using environment variables in nginx configuration (new in 1.19))

The fastest way to fix the issue would be to just switch port 80 to 8080.

Additionally, might be good to look into using https://hub.docker.com/r/nginxinc/nginx-unprivileged image as base.

Feelas avatar Aug 01 '24 08:08 Feelas

Agreed. When fixing this, please also fix https://github.com/opea-project/GenAIComps/blob/main/comps/third_parties/nginx/src/nginx.conf.template at the same time.

lianhao avatar Feb 06 '25 03:02 lianhao

  • witch the default from port 80 to a known-working port outside of 1-1023 range, since it is is privileged by default and requires specific securityContext (which would be a terrible thing to use).

Per @lianhao. It is not permitted to run with privileged/root for some public K8S

xiguiw avatar Feb 06 '25 03:02 xiguiw

@jaswanth8888

It decreases the security of OPEA. This is a critical issue. Pleased resolve is ASAP.

xiguiw avatar Mar 12 '25 02:03 xiguiw

Link Support parametrization of nginx port #1456 Just Remind @jaswanth8888 @ZePan110 , hopefully the PR can fix the issues.

yinghu5 avatar Mar 26 '25 08:03 yinghu5

@jaswanth8888

Please help to resolve this issue.

[Remind] #1456 does not fix this issue. 1456 fix nginx container port.

This issue focus on 1). react UI nginx port setting 2). Set the UI docker container as Non root

xiguiw avatar Apr 01 '25 07:04 xiguiw

React UI set as non-root is tracked here: #517

xiguiw avatar Apr 16 '25 06:04 xiguiw

@sgurunat

[remind] Please help on this issue. Thanks!

xiguiw avatar Apr 16 '25 06:04 xiguiw

[Remind] Talk with @jaswanth8888 @sgurunat

They are working on IBM deployable architecture for which we would be raising PR's soon. And fill fix this issue in those PRs.

@jaswanth8888 @sgurunat Please add link to this issue in your PRs. Thanks!

xiguiw avatar Apr 16 '25 07:04 xiguiw

@sgurunat

Are there other PRs to fix this issue except these two PRs? Update nginx conf template opea-project/GenAIComps#1636 Nginx Root User and Port issue Fix: ProductivitySuite #1893

xiguiw avatar May 30 '25 02:05 xiguiw