Skip to content

Commit

Permalink
[Feature] Run container as non-root node user and use Chromium sand…
Browse files Browse the repository at this point in the history 
…box by default.
  • Loading branch information
@azasypkin
azasypkin committed Aug 31, 2023
1 parent 2a70989 commit 4717f74
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 9 deletions.
1 change: 1 addition & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,5 @@ RUN set -x && apk update --no-cache && \
apk add --no-cache dumb-init nss freetype harfbuzz ca-certificates ttf-freefont chromium
COPY --from=BUILDER ["/app/dist", "/app/package.json", "/app/yarn.lock", "./"]
RUN set -x && yarn install --production --frozen-lockfile && yarn cache clean
USER node
CMD [ "node", "src/index.js" ]
14 changes: 5 additions & 9 deletions src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,19 @@ const server = fastify({ logger: { level: process.env.SECUTILS_WEB_SCRAPER_LOG_L

async function runBrowser(serverInstance: FastifyInstance) {
const headless = true;
const args = process.env.SECUTILS_WEB_SCRAPER_BROWSER_EXECUTABLE_ARGS
? process.env.SECUTILS_WEB_SCRAPER_BROWSER_EXECUTABLE_ARGS.split(',')
: ['--no-sandbox', '--disable-dev-shm-usage'];
serverInstance.log.info(`Running browser (headless: ${headless.toString()}, args: ${JSON.stringify(args)})...`);
const chromiumSandbox = !(process.env.SECUTILS_WEB_SCRAPER_BROWSER_NO_SANDBOX === 'true');
serverInstance.log.info(`Running browser (headless: ${headless}, sandbox: ${chromiumSandbox})...`);
try {
const browserToRun = await chromium.launch({
executablePath: process.env.SECUTILS_WEB_SCRAPER_BROWSER_EXECUTABLE_PATH || undefined,
// defaultViewport: { width: 1600, height: 1200 },
args,
// ignoreHTTPSErrors: true,
headless,
chromiumSandbox,
});
serverInstance.log.info(`Successfully run browser (headless: ${headless.toString()}).`);
serverInstance.log.info(`Successfully run browser (headless: ${headless}, sandbox: ${chromiumSandbox}).`);
return browserToRun;
} catch (err) {
serverInstance.log.error(
`Failed to run browser (headless: ${headless.toString()}): ${Diagnostics.errorMessage(err)}`,
`Failed to run browser (headless: ${headless}, sandbox: ${chromiumSandbox}): ${Diagnostics.errorMessage(err)}`,
);
throw err;
}
Expand Down

0 comments on commit 4717f74

Please sign in to comment.