I'm encountering issues with my Docker setup for a Next.js application, specifically after setting to a custom server with HTTPS.
Here are the problems I'm facing:
When I run the container(
docker compose -f docker/docker-compose.prod.yml up -d), it unexpectedly starts reinstalling dependencies.I'm getting "permission denied" errors when trying to install files.
Attention: Next.js now collects completely anonymous telemetry regarding usage.This information is used to shape Next.js' roadmap and prioritize features.You can learn more, including how to opt-out if you'd not like to participate in this anonymous program, by visiting the following URL:https://nextjs.org/telemetryIt looks like you're trying to use TypeScript but do not have the required package(s) installed.Installing dependenciesIf you are not trying to use TypeScript, please remove the tsconfig.json file from your package root (and any TypeScript files in your pages directory).Installing devDependencies (yarn):- typescript- @types/react- @types/nodeyarn add v1.22.22info No lockfile found.[1/5] Validating package.json...[2/5] Resolving packages...warning @next/eslint-plugin-next > glob@7.1.7: Glob versions prior to v9 are no longer supportedwarning @next/eslint-plugin-next > glob > inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.warning eslint > @humanwhocodes/config-array@0.11.14: Use @eslint/config-array insteadwarning eslint > file-entry-cache > flat-cache > rimraf@3.0.2: Rimraf versions prior to v4 are no longer supportedwarning eslint > file-entry-cache > flat-cache > rimraf > glob@7.2.3: Glob versions prior to v9 are no longer supportedwarning eslint > file-entry-cache > flat-cache > rimraf > glob > inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.warning eslint > @humanwhocodes/config-array > @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema insteadwarning jest > jest-cli > jest-config > glob@7.2.3: Glob versions prior to v9 are no longer supportedwarning jest > @jest/core > jest-runtime > glob@7.2.3: Glob versions prior to v9 are no longer supportedwarning jest > @jest/core > @jest/reporters > glob@7.2.3: Glob versions prior to v9 are no longer supportedwarning jest > @jest/core > @jest/transform > babel-plugin-istanbul > test-exclude > glob@7.2.3: Glob versions prior to v9 are no longer supportedwarning jest-environment-jsdom > jsdom > abab@2.0.6: Use your platform's native atob() and btoa() methods insteadwarning jest-environment-jsdom > jsdom > data-urls > abab@2.0.6: Use your platform's native atob() and btoa() methods insteadwarning jest-environment-jsdom > jsdom > domexception@4.0.0: Use your platform's native DOMException insteadwarning ls-engines > pacote > read-package-json@6.0.4: This package is no longer supported. Please use @npmcli/package-json instead.warning ls-engines > @npmcli/arborist > npmlog@7.0.1: This package is no longer supported.warning ls-engines > @npmcli/arborist > npmlog > are-we-there-yet@4.0.2: This package is no longer supported.warning ls-engines > @npmcli/arborist > npmlog > gauge@5.0.2: This package is no longer supported.warning ls-engines > pacote > @npmcli/run-script > node-gyp > glob@7.2.3: Glob versions prior to v9 are no longer supportedwarning ls-engines > pacote > @npmcli/run-script > node-gyp > npmlog@6.0.2: This package is no longer supported.warning ls-engines > pacote > @npmcli/run-script > node-gyp > rimraf@3.0.2: Rimraf versions prior to v4 are no longer supportedwarning ls-engines > pacote > @npmcli/run-script > node-gyp > npmlog > gauge@4.0.4: This package is no longer supported.warning ls-engines > pacote > @npmcli/run-script > node-gyp > npmlog > are-we-there-yet@3.0.1: This package is no longer supported.warning ls-engines > pacote > @npmcli/run-script > node-gyp > make-fetch-happen > cacache > glob@8.1.0: Glob versions prior to v9 are no longer supportedwarning ls-engines > pacote > @npmcli/run-script > node-gyp > make-fetch-happen > cacache > rimraf@3.0.2: Rimraf versions prior to v4 are no longer supportedwarning ls-engines > pacote > @npmcli/run-script > node-gyp > make-fetch-happen > cacache > glob > inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.warning ls-engines > pacote > @npmcli/run-script > node-gyp > make-fetch-happen > cacache > @npmcli/move-file@2.0.1: This functionality has been moved to @npmcli/fswarning ls-engines > pacote > @npmcli/run-script > node-gyp > make-fetch-happen > cacache > @npmcli/move-file > rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported[3/5] Fetching packages...[4/5] Linking dependencies...warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/form-control@^2.0.0".warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/icon@^3.0.0".warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/layout@^2.0.0".warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/media-query@^3.0.0".warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/menu@^2.0.0".warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/spinner@^2.0.0".warning " > chakra-react-select@4.9.1" has unmet peer dependency "@chakra-ui/system@^2.0.0".warning " > slick-carousel@1.8.1" has unmet peer dependency "jquery@>=1.8.0".warning " > use-context-selector@1.4.4" has unmet peer dependency "scheduler@>=0.19.0".[5/5] Building fresh packages...error Error: EACCES: permission denied, open '/app/yarn.lock'info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.Failed to install required TypeScript dependencies, please install them manually to continue:yarn add --exact --cwd /app --dev typescript @types/react @types/nodenode:internal/process/promises:389 new UnhandledPromiseRejection(reason); ^UnhandledPromiseRejection: This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). The promise rejected with the reason "#<Object>". at throwUnhandledRejectionsMode (node:internal/process/promises:389:7) at processPromiseRejections (node:internal/process/promises:470:17) at process.processTicksAndRejections (node:internal/process/task_queues:96:32) { code: 'ERR_UNHANDLED_REJECTION'}Node.js v20.16.0node:internal/fs/promises:639 return new FileHandle(await PromisePrototypeThen( ^Error: EACCES: permission denied, open '/app/tsconfig.json' at async open (node:internal/fs/promises:639:25) at async Object.writeFile (node:internal/fs/promises:1219:14) at async writeConfigurationDefaults (/app/node_modules/next/dist/lib/typescript/writeConfigurationDefaults.js:176:9) at async verifyTypeScriptSetup (/app/node_modules/next/dist/lib/verify-typescript-setup.js:119:9) at async verifyTypeScript (/app/node_modules/next/dist/server/lib/router-utils/setup-dev-bundler.js:108:26) at async startWatcher (/app/node_modules/next/dist/server/lib/router-utils/setup-dev-bundler.js:129:29) at async setupDevBundler (/app/node_modules/next/dist/server/lib/router-utils/setup-dev-bundler.js:1627:20) at async initialize (/app/node_modules/next/dist/server/lib/router-server.js:71:30) at async NextCustomServer.prepare (/app/node_modules/next/dist/server/next.js:241:28) { errno: -13, code: 'EACCES', syscall: 'open', path: '/app/tsconfig.json'} - I'm using a custom server with HTTPS, which seems to be contributing to the problem.
- The container is attempting to install dev dependencies
Background
- Previously, I was using the standalone configuration with the built
server.js, and everything worked fine. - The issues started occurring after I switched to a custom
server.jswith HTTPS configuration.
Current Dockerfile
FROM node:20-alpine AS base# Step 1. Rebuild the source code only when neededFROM base AS builderWORKDIR /app# Add non-root userRUN addgroup -g 1001 -S nodejsRUN adduser -S nextjs -u 1001# Install dependencies based on the preferred package managerCOPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./RUN \ if [ -f yarn.lock ]; then yarn --frozen-lockfile; \ elif [ -f package-lock.json ]; then npm ci; \ elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i; \ else echo "Warning: Lockfile not found. It is recommended to commit lockfiles to version control." && yarn install; \ fi# Copy source filesCOPY src ./srcCOPY public ./publicCOPY next.config.js .COPY tsconfig.json .COPY holiday-kr.d.ts .COPY server.custom.js .COPY certificates ./certificates# Set correct permissionsRUN chown -R nextjs:nodejs /app# Build Next.js based on the preferred package managerRUN \ if [ -f yarn.lock ]; then yarn build; \ elif [ -f package-lock.json ]; then npm run build; \ elif [ -f pnpm-lock.yaml ]; then pnpm build; \ else npm run build; \ fi# Step 2. Production image, copy all the files and run nextFROM base AS runnerWORKDIR /app# Don't run production as rootRUN addgroup --system --gid 1001 nodejs && \ adduser --system --uid 1001 nextjs# Set the correct permission for the /app directoryRUN mkdir -p /app && chown -R nextjs:nodejs /app# Copy built artifacts and set permissionsCOPY --from=builder --chown=nextjs:nodejs /app/public ./publicCOPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/staticCOPY --from=builder --chown=nextjs:nodejs /app/.next/standalone/server.js ./server.jsCOPY --from=builder --chown=nextjs:nodejs /app/node_modules/next ./node_modules/nextCOPY --from=builder --chown=nextjs:nodejs /app/server.custom.js .COPY --from=builder --chown=nextjs:nodejs /app/certificates ./certificates# Ensure all files are owned by nextjs userRUN chown -R nextjs:nodejs /app# Switch to non-root userUSER nextjsCMD ["node", "server.custom.js"]Current custom.server.js
const { createServer: https } = require('https');const { createServer: http } = require('http');const { parse } = require('url');const next = require('next');const fs = require('fs');const path = require('path');const { config } = require(path.join( process.cwd(),'.next','required-server-files.json',));const dev = process.env.NODE_ENV !== 'production';const hostname = 'localhost';const app = next({ dev: dev, hostname, conf: config });const handle = app.getRequestHandler();process.env.NODE_ENV = 'production';const ports = { http: 3000, https: 3001,};const httpsOptions = { cert: fs.readFileSync('certificates/localhost.pem'), key: fs.readFileSync('certificates/localhost-key.pem'),};app.prepare().then(() => { http((req, res) => { const parsedUrl = parse(req.url, true); handle(req, res, parsedUrl); }).listen(ports.http, (err) => { if (err) { throw err; } console.log(`> Ready on http://${hostname}:${ports.http}`); }); https(httpsOptions, (req, res) => { const parsedUrl = parse(req.url, true); handle(req, res, parsedUrl); }).listen(ports.https, (err) => { if (err) { throw err; } console.log(`> Ready on http://${hostname}:${ports.https}`); });});Questions
- Why is the container trying to reinstall dependencies when I run it, even though they should have been installed during the build process?
- How can I resolve the "permission denied" errors? I've tried setting permissions in the Dockerfile, but it doesn't seem to be working.
- Could my use of a custom server with HTTPS be causing these issues? If so, how can I modify my setup to accommodate it?
- How can I prevent the installation of dev dependencies in the production container?
- What's the best way to grant the necessary permissions so that the container can install dependencies if needed, without compromising security?
Any insights or suggestions would be greatly appreciated.
