Add nginx to docker-compose + revert to Ubuntu 20.04 (#501)

backend/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:21.04 as base
+FROM ubuntu:20.04 as base
 
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -6,7 +6,8 @@ RUN apt-get update && apt-get install -y \
     python3-pip \
     python3 \
     python-is-python3 \
-    python3.9-venv
+    python3.9-venv \
+    python3.9-dev
 
 
 FROM base AS nsjail
@@ -48,7 +49,7 @@ RUN apt-get -y update && apt-get install -y \
     && rm -rf /var/lib/apt/lists/*
 
 RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | \
-  POETRY_VERSION=1.1.13 POETRY_HOME=/etc/poetry python -
+  POETRY_VERSION=1.1.13 POETRY_HOME=/etc/poetry python3.9 -
 
 COPY --from=nsjail /nsjail/nsjail /bin/nsjail
 
@@ -91,7 +92,11 @@ ENV ENABLE_NDS_SUPPORT=${ENABLE_NDS_SUPPORT}
 ENV ENABLE_PS1_SUPPORT=${ENABLE_PS1_SUPPORT}
 ENV ENABLE_SWITCH_SUPPORT=${ENABLE_SWITCH_SUPPORT}
 
-RUN pip install requests tqdm && python3 /compilers/download.py && rm -rf /compilers/download_cache/
+RUN python3.9 -m pip install requests tqdm \
+    && python3.9 /compilers/download.py \
+    && rm -rf /compilers/download_cache/
+
+RUN mkdir -p /etc/fonts
 
 WORKDIR /backend
 

backend/coreapp/sandbox.py

@@ -75,9 +75,10 @@ class Sandbox(contextlib.AbstractContextManager["Sandbox"]):
              "--rlimit_nofile", "soft",
             "--rlimit_cpu", "30",  # seconds
             "--time_limit", "30",  # seconds
-            #"--disable_proc",  # Needed for running inside Docker
         ]
         # fmt: on
+        if settings.SANDBOX_DISABLE_PROC:
+            wrapper.append("--disable_proc")  # needed for running inside Docker
 
         if not settings.DEBUG:
             wrapper.append("--really_quiet")

backend/decompme/settings.py

@@ -15,6 +15,7 @@ env = environ.Env(
     DUMMY_COMPILER=(bool, False),
     ALLOWED_HOSTS=(list, []),
     SANDBOX_NSJAIL_BIN_PATH=(str, "/bin/nsjail"),
+    SANDBOX_DISABLE_PROC=(bool, False),
     SECURE_SSL_REDIRECT=(bool, False),
     SECURE_HSTS_SECONDS=(int, 0),
     SECURE_HSTS_INCLUDE_SUBDOMAINS=(bool, False),
@@ -179,6 +180,7 @@ USE_SANDBOX_JAIL = env("USE_SANDBOX_JAIL")
 SANDBOX_NSJAIL_BIN_PATH = Path(env("SANDBOX_NSJAIL_BIN_PATH"))
 SANDBOX_CHROOT_PATH = BASE_DIR.parent / "sandbox" / "root"
 SANDBOX_TMP_PATH = BASE_DIR.parent / "sandbox" / "tmp"
+SANDBOX_DISABLE_PROC = env("SANDBOX_DISABLE_PROC")
 
 GITHUB_CLIENT_ID = env("GITHUB_CLIENT_ID", str)
 GITHUB_CLIENT_SECRET = env("GITHUB_CLIENT_SECRET", str)

docker-compose.yaml

@@ -33,6 +33,7 @@ services:
       DEBUG: "on"
       ALLOWED_HOSTS: "backend,localhost,127.0.0.1"
       USE_SANDBOX_JAIL: "on"
+      SANDBOX_DISABLE_PROC: "true"
       COMPILER_BASE_PATH: /compilers
       LOCAL_FILE_DIR: /local_files
     ports:
@@ -50,9 +51,16 @@ services:
   frontend:
     build: frontend
     environment:
+      API_BASE: http://localhost/api
       INTERNAL_API_BASE: http://backend:8000/api
     ports:
     - "8080:8080"
     volumes:
     - ./frontend:/frontend
     - .env:/.env
+  nginx:
+    image: nginx:1.22-alpine
+    ports:
+    - "80:80"
+    volumes:
+    - ./nginx:/etc/nginx/conf.d

docs/DOCKER.md

@@ -28,6 +28,8 @@ docker-compose up --build
 
 The processes will run in the foreground until you CTRL+C to trigger a shutdown.
 
+Navigate to [http://localhost:80](http://localhost:80) in your browser.
+
 
 **Run daemonised:**
 

nginx/default.conf

@@ -0,0 +1,48 @@
+# nginx config file used by docker
+
+server {
+    listen 80;
+    listen [::]:80;
+    client_max_body_size 5M;
+
+    server_name decomp.local www.decomp.local;
+
+    location / {
+        try_files $uri @proxy_frontend;
+    }
+
+    location /api {
+        try_files $uri @proxy_api;
+    }
+    location /admin {
+        try_files $uri @proxy_api;
+    }
+    location /static {
+        try_files $uri @proxy_api;
+    }
+
+    location @proxy_api {
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Url-Scheme $scheme;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+        proxy_pass http://backend:8000;
+    }
+
+    location @proxy_frontend {
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Url-Scheme $scheme;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+        proxy_pass http://frontend:8080;
+    }
+
+    location /_next/webpack-hmr {
+        proxy_pass http://frontend:8080/_next/webpack-hmr;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}