feat: non-root self hosted images for standard deployment (#5701)

* Use IHttpMessageHandlerFactory For HTTP Communication Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> * feat: allow custom app-id.json location for rootless Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> * fix: new build context wont allow copying git context * feat: allow images to run as non-root user * fix: build failures caused by bad merge * build: we don't need to copy the `.git` dir * Revert "build: we don't need to copy the `.git` dir" This reverts commit 32c2f6236a. * Use `IHttpClientFactory` in more places * update build workflow * fix: compatibility with the existin run.sh script * fix: compatibility with existing run.sh script * Add SelfHosted GlobalSettings for Setup * Fix my build error * Add other services * Add IConfiguration * fix: missing gosu command for rootful mode * fix: try using .net core certificate handling * fix: add `SSL_CERT_DIR` to remaining images * Remove X509ChainCustomization activation code * Revert "Use IHttpMessageHandlerFactory For HTTP Communication" This reverts commit c93be6d52b. * Revert "fix: build failures caused by bad merge" This reverts commit 3e4639489b. * Revert "Use `IHttpClientFactory` in more places" This reverts commit 284501a493. * remove unused code * re-add error log for installation id * remove missing error message in log * build: remove duplicate docker+qemu setup steps Co-authored-by: Opeyemi <Alaoopeyemi101@gmail.com> * build: optimize for simpler builds over caching * build: restore previous method for getting the GIT_HASH * fix: add missing build args to remaining images * fix: rm extraneous source revision id arg * fmt: apply consistent spacing and rm redundant WORKDIR directive * build: update migrator to use simpler build; apply consistent spacing * fix: merge conflicts; simplify changes * fix: add publish branch check back --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: Opeyemi <Alaoopeyemi101@gmail.com>
2025-06-30 15:42:48 -05:00 · 2025-05-30 10:29:47 -07:00
parent 0b2b573bd3
commit 63f5811aa9
41 changed files with 1045 additions and 478 deletions
--- a/util/Nginx/Dockerfile
+++ b/util/Nginx/Dockerfile
@ -1,20 +1,23 @@
-FROM nginx:stable
+FROM --platform=$BUILDPLATFORM nginx:stable

+ARG TARGETPLATFORM
 LABEL com.bitwarden.product="bitwarden"

+ENV SSL_CERT_DIR=/etc/bitwarden/ca-certificates
+
 RUN apt-get update \
    && apt-get install -y --no-install-recommends \
-        gosu \
-        curl \
+    gosu \
+    curl \
    && rm -rf /var/lib/apt/lists/*

-COPY nginx.conf /etc/nginx
-COPY proxy.conf /etc/nginx
-COPY mime.types /etc/nginx
-COPY security-headers.conf /etc/nginx
-COPY security-headers-ssl.conf /etc/nginx
-COPY logrotate.sh /
-COPY entrypoint.sh /
+COPY util/Nginx/nginx.conf /etc/nginx
+COPY util/Nginx/proxy.conf /etc/nginx
+COPY util/Nginx/mime.types /etc/nginx
+COPY util/Nginx/security-headers.conf /etc/nginx
+COPY util/Nginx/security-headers-ssl.conf /etc/nginx
+COPY util/Nginx/logrotate.sh /
+COPY util/Nginx/entrypoint.sh /

 EXPOSE 8080
 EXPOSE 8443