From 44660055affc399ad12b29d2677ef2b48b0ce42c Mon Sep 17 00:00:00 2001 From: estebanthi Date: Sun, 18 Jan 2026 15:07:34 +0100 Subject: [PATCH] Switch to alpine chromium image --- Dockerfile | 70 +++++++++++++++++++++----------------------- docker-entrypoint.sh | 54 ++++++++-------------------------- index.js | 4 +-- 3 files changed, 48 insertions(+), 80 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6120649..d3f3523 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,50 +1,48 @@ -FROM node:20.12.2-slim +FROM node:20-alpine AS build ENV NODE_ENV=production -ENV CHROME_PATH=/usr/bin/google-chrome-stable -ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/google-chrome-stable - -# Install Chrome and dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates wget gnupg \ - && wget -qO- https://dl.google.com/linux/linux_signing_key.pub \ - | gpg --dearmor -o /usr/share/keyrings/google-linux-signing-keyring.gpg \ - && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] https://dl.google.com/linux/chrome/deb/ stable main" \ - > /etc/apt/sources.list.d/google-chrome.list \ - && echo "deb http://deb.debian.org/debian trixie main" \ - > /etc/apt/sources.list.d/debian-trixie.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends -t trixie \ - zlib1g libexpat1 liblzma5 libpcre2-8-0 libsqlite3-0 libxml2 xserver-common xvfb fonts-liberation \ - && apt-get install -y --no-install-recommends google-chrome-stable \ - && apt-mark manual google-chrome-stable \ - && rm /etc/apt/sources.list.d/debian-trixie.list \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache python3 make g++ RUN corepack enable -# Create a non-root user for running the app -RUN useradd --create-home --home-dir /app --shell /bin/sh appuser - -# Set working directory WORKDIR /app -# Entrypoint script -COPY docker-entrypoint.sh /usr/local/bin/ -RUN chmod 755 /usr/local/bin/docker-entrypoint.sh - -# Copy and install dependencies -COPY --chown=appuser:appuser package.json pnpm-lock.yaml ./ -USER appuser -RUN corepack prepare pnpm@9.0.0 --activate \ +COPY package.json pnpm-lock.yaml ./ +RUN corepack prepare pnpm@10.28.0 --activate \ && pnpm install --frozen-lockfile --prod \ && pnpm store prune -# Copy app code -COPY --chown=appuser:appuser . . +COPY . . + +FROM node:20-alpine + +ENV NODE_ENV=production +ENV CHROME_PATH=/usr/bin/chromium-browser +ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser + +RUN apk add --no-cache chromium nss freetype harfbuzz ttf-freefont + +# Remove npm/corepack to shrink attack surface and avoid bundled CVEs. +RUN rm -rf /usr/local/lib/node_modules/npm \ + /usr/local/bin/npm \ + /usr/local/bin/npx \ + /usr/local/lib/node_modules/corepack \ + /usr/local/bin/corepack + +WORKDIR /app + +COPY --from=build /app/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh +RUN chmod 755 /usr/local/bin/docker-entrypoint.sh + +COPY --from=build --chown=node:node /app/package.json /app/package.json +COPY --from=build --chown=node:node /app/index.js /app/index.js +COPY --from=build --chown=node:node /app/endpoints /app/endpoints +COPY --from=build --chown=node:node /app/node_modules /app/node_modules + +RUN mkdir -p /app/cache && chown -R node:node /app + +USER node -# Expose port (match your app's port) EXPOSE 10000 -# Start Xvfb and run the bot CMD ["/usr/local/bin/docker-entrypoint.sh"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 6595832..4642542 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -7,31 +7,31 @@ resolve_chrome_path() { fi for candidate in \ + /usr/bin/chromium-browser \ + /usr/bin/chromium \ /usr/bin/google-chrome-stable \ /usr/bin/google-chrome \ - /opt/google/chrome/google-chrome \ - /usr/bin/chromium \ - /usr/bin/chromium-browser; do + /opt/google/chrome/google-chrome; do if [ -x "$candidate" ]; then CHROME_PATH="$candidate" return 0 fi done - if command -v google-chrome-stable >/dev/null 2>&1; then - CHROME_PATH="$(command -v google-chrome-stable)" - return 0 - fi - if command -v google-chrome >/dev/null 2>&1; then - CHROME_PATH="$(command -v google-chrome)" + if command -v chromium-browser >/dev/null 2>&1; then + CHROME_PATH="$(command -v chromium-browser)" return 0 fi if command -v chromium >/dev/null 2>&1; then CHROME_PATH="$(command -v chromium)" return 0 fi - if command -v chromium-browser >/dev/null 2>&1; then - CHROME_PATH="$(command -v chromium-browser)" + if command -v google-chrome-stable >/dev/null 2>&1; then + CHROME_PATH="$(command -v google-chrome-stable)" + return 0 + fi + if command -v google-chrome >/dev/null 2>&1; then + CHROME_PATH="$(command -v google-chrome)" return 0 fi @@ -43,34 +43,4 @@ resolve_chrome_path export CHROME_PATH export PUPPETEER_EXECUTABLE_PATH="${PUPPETEER_EXECUTABLE_PATH:-$CHROME_PATH}" -rm -f /tmp/.X99-lock -Xvfb :99 -screen 0 1024x768x24 & -xvfb_pid=$! - -export DISPLAY=:99 - -npm start & -app_pid=$! - -term_handler() { - kill "$app_pid" 2>/dev/null || true - kill "$xvfb_pid" 2>/dev/null || true -} - -trap term_handler INT TERM - -while kill -0 "$app_pid" 2>/dev/null; do - if ! kill -0 "$xvfb_pid" 2>/dev/null; then - echo "Xvfb exited; stopping app." >&2 - kill "$app_pid" 2>/dev/null || true - wait "$app_pid" 2>/dev/null || true - exit 1 - fi - sleep 1 -done - -wait "$app_pid" -app_status=$? -kill "$xvfb_pid" 2>/dev/null || true -wait "$xvfb_pid" 2>/dev/null || true -exit "$app_status" +exec node index.js diff --git a/index.js b/index.js index 176b798..e00fbe3 100644 --- a/index.js +++ b/index.js @@ -59,10 +59,10 @@ if (process.env.NODE_ENV !== 'development') { async function createBrowser(proxyServer = null) { const connectOptions = { - headless: false, + headless: "new", turnstile: true, connectOption: { defaultViewport: null }, - disableXvfb: false, + disableXvfb: true, } if (proxyServer) {