fix: handle EACCES on data/settings.json in Docker containers
- settings-store: auto-detect writable path at startup — tries <cwd>/data/settings.json first, falls back to /tmp/lingvai-settings.json if the directory is not writable. Logs a warning when fallback is used. Also supports SETTINGS_PATH env var for explicit override. - Dockerfile: switch from yarn to npm, explicitly create /app/data with chown nextjs:nodejs so the directory is writable at runtime without needing a privileged volume mount. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
20
Dockerfile
20
Dockerfile
@@ -3,31 +3,33 @@
|
|||||||
FROM node:lts-alpine AS deps
|
FROM node:lts-alpine AS deps
|
||||||
RUN apk add --no-cache libc6-compat
|
RUN apk add --no-cache libc6-compat
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY package.json yarn.lock ./
|
COPY package.json package-lock.json* ./
|
||||||
RUN yarn install --frozen-lockfile
|
RUN npm install --legacy-peer-deps
|
||||||
|
|
||||||
FROM node:lts-alpine AS builder
|
FROM node:lts-alpine AS builder
|
||||||
RUN apk add --no-cache curl
|
RUN apk add --no-cache curl
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
RUN addgroup -g 1001 -S nodejs
|
RUN addgroup -g 1001 -S nodejs && \
|
||||||
RUN adduser -S nextjs -u 1001
|
adduser -S nextjs -u 1001
|
||||||
|
|
||||||
COPY --chown=nextjs:nodejs . .
|
COPY --chown=nextjs:nodejs . .
|
||||||
COPY --from=deps /app/node_modules ./node_modules
|
COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules
|
||||||
RUN chown nextjs:nodejs .
|
|
||||||
|
# Ensure the data directory exists and is writable by the nextjs user
|
||||||
|
RUN mkdir -p /app/data && chown -R nextjs:nodejs /app/data && chmod 755 /app/data
|
||||||
|
|
||||||
USER nextjs
|
USER nextjs
|
||||||
|
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|
||||||
ENV NODE_ENV production
|
ENV NODE_ENV production
|
||||||
|
|
||||||
ENV NEXT_TELEMETRY_DISABLED 1
|
ENV NEXT_TELEMETRY_DISABLED 1
|
||||||
|
|
||||||
HEALTHCHECK --interval=1m --timeout=3s CMD curl -f http://localhost:3000/ || exit 1
|
HEALTHCHECK --interval=1m --timeout=3s CMD curl -f http://localhost:3000/ || exit 1
|
||||||
|
|
||||||
CMD NEXT_PUBLIC_SITE_DOMAIN=$site_domain\
|
CMD NEXT_PUBLIC_SITE_DOMAIN=$site_domain \
|
||||||
NEXT_PUBLIC_FORCE_DEFAULT_THEME=$force_default_theme \
|
NEXT_PUBLIC_FORCE_DEFAULT_THEME=$force_default_theme \
|
||||||
NEXT_PUBLIC_DEFAULT_SOURCE_LANG=$default_source_lang \
|
NEXT_PUBLIC_DEFAULT_SOURCE_LANG=$default_source_lang \
|
||||||
NEXT_PUBLIC_DEFAULT_TARGET_LANG=$default_target_lang \
|
NEXT_PUBLIC_DEFAULT_TARGET_LANG=$default_target_lang \
|
||||||
yarn build && yarn start
|
npm run build && npm start
|
||||||
|
|||||||
@@ -17,18 +17,43 @@ const DEFAULT_SETTINGS: Settings = {
|
|||||||
adminPasswordHash: process.env["ADMIN_PASSWORD"] ?? "admin"
|
adminPasswordHash: process.env["ADMIN_PASSWORD"] ?? "admin"
|
||||||
};
|
};
|
||||||
|
|
||||||
const SETTINGS_PATH = path.join(process.cwd(), "data", "settings.json");
|
/**
|
||||||
|
* Resolve a writable path for settings.json.
|
||||||
function ensureDataDir() {
|
* Priority:
|
||||||
const dir = path.dirname(SETTINGS_PATH);
|
* 1. SETTINGS_PATH env var (explicit override)
|
||||||
if (!fs.existsSync(dir)) {
|
* 2. <cwd>/data/settings.json (default, works when data/ is writable)
|
||||||
fs.mkdirSync(dir, { recursive: true });
|
* 3. /tmp/lingvai-settings.json (fallback for read-only containers)
|
||||||
|
*/
|
||||||
|
function resolveSettingsPath(): string {
|
||||||
|
if (process.env["SETTINGS_PATH"]) {
|
||||||
|
return process.env["SETTINGS_PATH"];
|
||||||
}
|
}
|
||||||
|
const primary = path.join(process.cwd(), "data", "settings.json");
|
||||||
|
try {
|
||||||
|
const dir = path.dirname(primary);
|
||||||
|
fs.mkdirSync(dir, { recursive: true });
|
||||||
|
// Test write access by opening with 'a' (append/create without truncating)
|
||||||
|
const fd = fs.openSync(primary, "a");
|
||||||
|
fs.closeSync(fd);
|
||||||
|
return primary;
|
||||||
|
} catch {
|
||||||
|
return path.join("/tmp", "lingvai-settings.json");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Resolve once at module load so every call uses the same path
|
||||||
|
const SETTINGS_PATH = resolveSettingsPath();
|
||||||
|
|
||||||
|
if (SETTINGS_PATH.startsWith("/tmp")) {
|
||||||
|
console.warn(
|
||||||
|
`[lingvai] data/settings.json is not writable. ` +
|
||||||
|
`Settings will be stored at ${SETTINGS_PATH}. ` +
|
||||||
|
`Mount a writable volume at /app/data or set SETTINGS_PATH to persist across restarts.`
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
export function readSettings(): Settings {
|
export function readSettings(): Settings {
|
||||||
try {
|
try {
|
||||||
ensureDataDir();
|
|
||||||
if (!fs.existsSync(SETTINGS_PATH)) {
|
if (!fs.existsSync(SETTINGS_PATH)) {
|
||||||
return { ...DEFAULT_SETTINGS };
|
return { ...DEFAULT_SETTINGS };
|
||||||
}
|
}
|
||||||
@@ -40,9 +65,10 @@ export function readSettings(): Settings {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export function writeSettings(updates: Partial<Settings>): Settings {
|
export function writeSettings(updates: Partial<Settings>): Settings {
|
||||||
ensureDataDir();
|
|
||||||
const current = readSettings();
|
const current = readSettings();
|
||||||
const next = { ...current, ...updates };
|
const next = { ...current, ...updates };
|
||||||
|
const dir = path.dirname(SETTINGS_PATH);
|
||||||
|
fs.mkdirSync(dir, { recursive: true });
|
||||||
fs.writeFileSync(SETTINGS_PATH, JSON.stringify(next, null, 2), "utf-8");
|
fs.writeFileSync(SETTINGS_PATH, JSON.stringify(next, null, 2), "utf-8");
|
||||||
return next;
|
return next;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user