workaround for https-proxy

Dockerfile

@@ -0,0 +1,87 @@
+FROM --platform=$BUILDPLATFORM docker.io/library/node:20.7.0-bullseye-slim@sha256:86ed0f70880231adc0fb66c2edbba5de350d8587999e2fe4e1f59c11a4cbb3b4 AS builder
+
+# Build arguments to change source url, branch or tag
+ARG CODIMD_REPOSITORY
+ARG HEDGEDOC_REPOSITORY=https://github.com/orange-cloudfoundry/hedgedoc.git
+ARG VERSION=master
+#necessary on ARM because puppeteer doesn't provide a prebuilt binary
+ENV PUPPETEER_SKIP_DOWNLOAD=true
+ENV YARN_CACHE_FOLDER=/tmp/.yarn
+
+# Clone the source and remove git repository but keep the HEAD file
+RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
+    --mount=target=/var/cache/apt,type=cache,sharing=locked \
+    apt-get update && \
+    apt-get install --no-install-recommends -y git jq ca-certificates python-is-python3 build-essential
+RUN git clone --depth 1 --branch "$VERSION" "$HEDGEDOC_REPOSITORY" /hedgedoc
+RUN git -C /hedgedoc log --pretty=format:'%ad %h %d' --abbrev-commit --date=short -1
+RUN git -C /hedgedoc rev-parse HEAD > /tmp/gitref
+RUN rm -rf /hedgedoc/.git/*
+RUN mv /tmp/gitref /hedgedoc/.git/HEAD
+RUN jq ".repository.url = \"${HEDGEDOC_REPOSITORY}\"" /hedgedoc/package.json > /hedgedoc/package.new.json
+RUN mv /hedgedoc/package.new.json /hedgedoc/package.json
+
+# Install app dependencies and build
+WORKDIR /hedgedoc
+
+RUN --mount=type=cache,sharing=locked,target=/tmp/.yarn yarn install --immutable
+RUN yarn run build
+
+FROM docker.io/library/node:20.7.0-bullseye-slim@sha256:86ed0f70880231adc0fb66c2edbba5de350d8587999e2fe4e1f59c11a4cbb3b4 AS modules-installer
+WORKDIR /hedgedoc
+
+ENV NODE_ENV=production
+ENV YARN_CACHE_FOLDER=/tmp/.yarn
+
+COPY --from=builder /hedgedoc /hedgedoc
+
+RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
+    --mount=target=/var/cache/apt,type=cache,sharing=locked \
+    apt-get update && \
+    apt-get install --no-install-recommends -y git ca-certificates python-is-python3 build-essential
+
+RUN --mount=type=cache,sharing=locked,target=/tmp/.yarn yarn workspaces focus --production
+
+FROM docker.io/library/node:20.7.0-bullseye-slim@sha256:86ed0f70880231adc0fb66c2edbba5de350d8587999e2fe4e1f59c11a4cbb3b4 AS app
+
+LABEL org.opencontainers.image.title='HedgeDoc production image(debian)'
+LABEL org.opencontainers.image.url='https://hedgedoc.org'
+LABEL org.opencontainers.image.source='https://github.com/hedgedoc/container'
+LABEL org.opencontainers.image.documentation='https://github.com/hedgedoc/container/blob/master/README.md'
+LABEL org.opencontainers.image.licenses='AGPL-3.0'
+
+WORKDIR /hedgedoc
+
+ARG UID=10000
+ENV NODE_ENV=production
+ENV UPLOADS_MODE=0700
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y gosu && \
+    rm -r /var/lib/apt/lists/*
+
+# Create hedgedoc user
+RUN adduser --uid $UID --home /hedgedoc/ --disabled-password --system hedgedoc
+
+COPY --chown=$UID --from=modules-installer /hedgedoc /hedgedoc
+
+# Add configuraton files
+COPY ["resources/config.json", "/files/"]
+
+# Healthcheck
+COPY --chown=$UID /resources/healthcheck.mjs /hedgedoc/healthcheck.mjs
+HEALTHCHECK --interval=15s CMD node healthcheck.mjs
+
+# For backwards compatibility
+RUN ln -s /hedgedoc /codimd
+
+# Symlink configuration files
+RUN rm -f /hedgedoc/config.json
+RUN ln -s /files/config.json /hedgedoc/config.json
+
+EXPOSE 3000
+
+COPY ["resources/docker-entrypoint.sh", "/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+
+CMD ["node", "app.js"]

app.js

@@ -20,6 +20,10 @@ const i18n = require('i18n')
 const flash = require('connect-flash')
 const apiMetrics = require('prometheus-api-metrics')
 
+// proxy
+const OAuth2Strategy = require('passport-oauth2').Strategy
+const HttpsProxyAgent = require('https-proxy-agent')
+
 // core
 const config = require('./lib/config')
 const logger = require('./lib/logger')
@@ -181,6 +185,25 @@ app.use(require('./lib/web/middleware/tooBusy'))
 
 app.use(flash())
 
+// passport strategy for https-proxy
+const strategy = new OAuth2Strategy({
+  authorizationURL: 'https://www.example.com/oauth2/authorize',
+  tokenURL: 'https://www.example.com/oauth2/token',
+  clientID: 'EXAMPLE_CLIENT_ID',
+  clientSecret: 'EXAMPLE_CLIENT_SECRET',
+  callbackURL: 'http://localhost:3000/auth/example/callback'
+}, function (accessToken, refreshToken, profile, cb) {
+  return cb()
+  // Your callback logic here
+})
+
+if (process.env.https_proxy) {
+  const httpsProxyAgent = new HttpsProxyAgent(process.env.https_proxy)
+  strategy._oauth2.setAgent(httpsProxyAgent)
+}
+
+passport.use(strategy)
+
 // passport
 app.use(passport.initialize())
 app.use(useUnless(['/status', '/metrics', '/_health'], passport.session()))

docker-compose.yml

@@ -0,0 +1,28 @@
+version: '3'
+services:
+  database:
+    image: postgres:13.4-alpine
+    environment:
+      - POSTGRES_USER=hedgedoc
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=hedgedoc
+    volumes:
+      - database:/var/lib/postgresql/data
+    restart: always
+  app:
+    # Make sure to use the latest release from https://hedgedoc.org/latest-release
+    image: quay.io/hedgedoc/hedgedoc:1.9.9
+    environment:
+      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
+      - CMD_DOMAIN=localhost
+      - CMD_URL_ADDPORT=true
+    volumes:
+      - uploads:/hedgedoc/public/uploads
+    ports:
+      - "3000:3000"
+    restart: always
+    depends_on:
+      - database
+volumes:
+  database:
+  uploads:

package.json

@@ -42,6 +42,7 @@
     "formidable": "2.1.2",
     "graceful-fs": "4.2.11",
     "helmet": "4.6.0",
+    "https-proxy-agent": "^7.0.2",
     "i18n": "0.15.1",
     "is-svg": "4.4.0",
     "jsdom-nogyp": "0.8.3",

resources/docker-entrypoint.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+# Use gosu if the container started with root privileges
+UID="$(id -u)"
+[ "$UID" -eq 0 ] && GOSU="gosu hedgedoc" || GOSU=""
+
+if [ "$HMD_IMAGE_UPLOAD_TYPE" != "" ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "" ]; then
+    CMD_IMAGE_UPLOAD_TYPE="$HMD_IMAGE_UPLOAD_TYPE"
+fi
+
+# Print warning if local data storage is used but no volume is mounted
+[ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ] && { mountpoint -q ./public/uploads || {
+    echo "
+        #################################################################
+        ###                                                           ###
+        ###                        !!!WARNING!!!                      ###
+        ###                                                           ###
+        ###        Using local uploads without persistence is         ###
+        ###            dangerous. You'll loose your data on           ###
+        ###              container removal. Check out:                ###
+        ###  https://docs.docker.com/engine/tutorials/dockervolumes/  ###
+        ###                                                           ###
+        ###                       !!!WARNING!!!                       ###
+        ###                                                           ###
+        #################################################################
+    ";
+} ; }
+
+# Change owner and permission if filesystem backend is used and user has root permissions
+if [ "$UID" -eq 0 ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ]; then
+    if [ "$UID" -eq 0 ]; then
+        echo "Updating uploads directory permissions ($UPLOADS_MODE)"
+        chown -R hedgedoc ./public/uploads
+        chmod $UPLOADS_MODE ./public/uploads
+        find ./public/uploads -type f -executable -exec chmod a-x {} \;
+    else
+        echo "
+            #################################################################
+            ###                                                           ###
+            ###                        !!!WARNING!!!                      ###
+            ###                                                           ###
+            ###        Container was started without root permissions     ###
+            ###           and filesystem storage is being used.           ###
+            ###        In case of filesystem errors these need to be      ###
+            ###                      changed manually                     ###
+            ###                                                           ###
+            ###                       !!!WARNING!!!                       ###
+            ###                                                           ###
+            #################################################################
+        ";
+    fi
+fi
+
+# Sleep to make sure everything is fine...
+sleep 3
+
+# run
+exec $GOSU "$@"

resources/healthcheck.mjs

@@ -0,0 +1,20 @@
+import fetch from 'node-fetch'
+
+// Kill myself after 5 second timeout
+setTimeout(() => {
+    process.exit(1)
+}, 5000)
+
+fetch(`http://localhost:${process.env.CMD_PORT || '3000' }/_health`, {headers: { "user-agent": "hedgedoc-container-healthcheck/1.1"}}).then((response) => {
+    if (!response.ok) {
+        process.exit(1)
+    }
+    return response.json()
+}).then((data) => {
+    if (!data.ready) {
+        process.exit(1)
+    }
+    process.exit(0)
+}).catch(() => {
+    process.exit(1)
+})

resources/utf8.cnf

@@ -0,0 +1,10 @@
+[client]
+default-character-set=utf8mb4
+
+[mysql]
+default-character-set=utf8mb4
+
+[mysqld]
+collation-server = utf8mb4_unicode_ci
+init-connect='SET NAMES utf8mb4'
+character-set-server = utf8mb4