From ba6f5183bebe14bca09e052419d5d96efca6ee9c Mon Sep 17 00:00:00 2001
From: Jordan Frazier <122494242+jordanrfrazier@users.noreply.github.com>
Date: Fri, 13 Dec 2024 14:38:55 -0800
Subject: [PATCH] ci: update docker image configuration for secure deployments
 (#5259)

* changes required for openshift to work with read-only dirs
---
 docker/build_and_push_ep.Dockerfile           |  2 +-
 .../build_and_push_frontend.Dockerfile        |  2 +-
 docker/frontend/default.conf.template         | 43 +++++++++++++++++++
 docker/frontend/start-nginx.sh                | 21 +++++----
 .../langflow/services/database/service.py     |  4 ++
 5 files changed, 62 insertions(+), 10 deletions(-)
 create mode 100644 docker/frontend/default.conf.template

diff --git a/docker/build_and_push_ep.Dockerfile b/docker/build_and_push_ep.Dockerfile
index 1e19dada0c98..675522c7c0d8 100644
--- a/docker/build_and_push_ep.Dockerfile
+++ b/docker/build_and_push_ep.Dockerfile
@@ -88,4 +88,4 @@ ENV LANGFLOW_HOST=0.0.0.0
 ENV LANGFLOW_PORT=7860
 
 USER 1000
-ENTRYPOINT ["python", "-m", "langflow", "run", "--host", "0.0.0.0", "--backend-only"]
+CMD ["python", "-m", "langflow", "run", "--host", "0.0.0.0", "--backend-only"]
diff --git a/docker/frontend/build_and_push_frontend.Dockerfile b/docker/frontend/build_and_push_frontend.Dockerfile
index 8bba52c3b073..5ca674dfa19a 100644
--- a/docker/frontend/build_and_push_frontend.Dockerfile
+++ b/docker/frontend/build_and_push_frontend.Dockerfile
@@ -23,7 +23,7 @@ LABEL org.opencontainers.image.url=https://github.com/langflow-ai/langflow
 LABEL org.opencontainers.image.source=https://github.com/langflow-ai/langflow
 
 COPY --from=builder-base --chown=nginx /frontend/build /usr/share/nginx/html
-COPY --chown=nginx ./docker/frontend/nginx.conf /etc/nginx/conf.d/default.conf
 COPY --chown=nginx ./docker/frontend/start-nginx.sh /start-nginx.sh
+COPY --chown=nginx ./docker/frontend/default.conf.template /etc/nginx/conf.d/default.conf.template
 RUN chmod +x /start-nginx.sh
 ENTRYPOINT ["/start-nginx.sh"]
diff --git a/docker/frontend/default.conf.template b/docker/frontend/default.conf.template
new file mode 100644
index 000000000000..76864def4659
--- /dev/null
+++ b/docker/frontend/default.conf.template
@@ -0,0 +1,43 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+events {}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type text/plain;
+
+    types {
+        text/html html;
+        text/css css;
+        application/javascript js;
+    }
+
+    server {
+        gzip on;
+        gzip_comp_level 2;
+        gzip_min_length 1000;
+        gzip_types text/xml text/css;
+        gzip_http_version 1.1;
+        gzip_vary on;
+        gzip_disable "MSIE [4-6] \.";
+
+        listen ${FRONTEND_PORT};
+
+        location / {
+            root /usr/share/nginx/html;
+            index index.html index.htm;
+            try_files $uri $uri/ /index.html =404;
+        }
+        location /api {
+            proxy_pass ${BACKEND_URL};
+        }
+        location /health_check {
+            proxy_pass ${BACKEND_URL};
+        }
+        location /health {
+            proxy_pass ${BACKEND_URL};
+        }
+
+        include /etc/nginx/extra-conf.d/*.conf;
+    }
+}
\ No newline at end of file
diff --git a/docker/frontend/start-nginx.sh b/docker/frontend/start-nginx.sh
index 6ef09745c59f..891075e800d5 100644
--- a/docker/frontend/start-nginx.sh
+++ b/docker/frontend/start-nginx.sh
@@ -1,6 +1,11 @@
 #!/bin/sh
 set -e
-trap 'kill -TERM $PID' TERM INT
+
+# Define writable directory for the final config
+CONFIG_DIR="/tmp/nginx"
+mkdir -p $CONFIG_DIR
+
+# Check and set environment variables
 if [ -z "$BACKEND_URL" ]; then
   BACKEND_URL="$1"
 fi
@@ -14,12 +19,12 @@ if [ -z "$BACKEND_URL" ]; then
   echo "BACKEND_URL must be set as an environment variable or as first parameter. (e.g. http://localhost:7860)"
   exit 1
 fi
-echo "BACKEND_URL: $BACKEND_URL"
-echo "FRONTEND_PORT: $FRONTEND_PORT"
-sed -i "s|__BACKEND_URL__|$BACKEND_URL|g" /etc/nginx/conf.d/default.conf
-sed -i "s|__FRONTEND_PORT__|$FRONTEND_PORT|g" /etc/nginx/conf.d/default.conf
-cat /etc/nginx/conf.d/default.conf
 
+# Export variables for envsubst
+export BACKEND_URL FRONTEND_PORT
+
+# Use envsubst to substitute environment variables in the template
+envsubst '${BACKEND_URL} ${FRONTEND_PORT}' < /etc/nginx/conf.d/default.conf.template > $CONFIG_DIR/default.conf
 
-# Start nginx
-exec nginx -g 'daemon off;'
+# Start nginx with the new configuration
+exec nginx -c $CONFIG_DIR/default.conf -g 'daemon off;'
\ No newline at end of file
diff --git a/src/backend/base/langflow/services/database/service.py b/src/backend/base/langflow/services/database/service.py
index 88a0bdcab527..ec03cf195183 100644
--- a/src/backend/base/langflow/services/database/service.py
+++ b/src/backend/base/langflow/services/database/service.py
@@ -62,6 +62,10 @@ def __init__(self, settings_service: SettingsService):
         else:
             # Construct the path using the langflow directory.
             self.alembic_log_path = Path(langflow_dir) / alembic_log_file
+
+        # Ensure the directory and file for the alembic log file exists
+        self.alembic_log_path.parent.mkdir(parents=True, exist_ok=True)
+        self.alembic_log_path.touch(exist_ok=True)
         self._logged_pragma = False
 
     def reload_engine(self) -> None: