1

I am trying to set environment variables in my dockerfile that are available at runtime after running the next js app via npm run start (next start).

I have read that I need to use ENV variables in my dockerfile to have these env variables available at runtime. ARG variables in dockerfile are only available at build time.

So I am running the docker build command wih --build-arg and it is working with my NEXT_PUBLIC... variables but it wont work for my secret non public env variabels.

here is my content of .env file in nextjs:

NEXT_PUBLIC_RECAPTCHA_SITE_KEY=my-public-key...
RECAPTCHA_SECRET_KEY=my-secret-key...

this is my docker run command from my Gitlab CI:

docker build --build-arg NEXT_PUBLIC_RECAPTCHA_SITE_KEY="$NEXT_PUBLIC_RECAPTCHA_SITE_KEY" --build-arg RECAPTCHA_SECRET_KEY="$RECAPTCHA_SECRET_KEY" -t ${CI_REGISTRY}/${CI_PROJECT_PATH}/nextjs:${CI_COMMIT_SHA} ./nextjs

the docker file:

ARG BASE_IMAGE=node:14.16.0-alpine3.13

# Build
FROM $BASE_IMAGE as BUILD
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
RUN apk add --no-cache bash git
WORKDIR /app
COPY ./package.json ./
COPY ./package-lock.json ./
RUN CI=true npm ci
COPY . ./

ARG RECAPTCHA_SECRET_KEY=recaptchasecrect_placeholder
ENV RECAPTCHA_SECRET_KEY=${RECAPTCHA_SECRET_KEY}

ARG NEXT_PUBLIC_RECAPTCHA_SITE_KEY=recaptchasitekey_placeholder
ENV NEXT_PUBLIC_RECAPTCHA_SITE_KEY=${NEXT_PUBLIC_RECAPTCHA_SITE_KEY}

RUN npm run build

# Run
FROM $BASE_IMAGE
WORKDIR /app
COPY --from=BUILD /app ./
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
EXPOSE 3000
CMD ["npm", "start"]

If I put ENV RECAPTCHA_SECRET_KEY=my-secret-key... hardcoded into the dockerfile above EXPOSE 3000 it will work and the .env variable is available at runtime.

Why is my NEXT_PUBLIC_RECAPTCHA_SITE_KEY variable available at runtime and my RECAPTCHA_SECRET_KEY variable that is set the same way not?

anvin
  • 450
  • 2
  • 8
  • 22
  • 1
    When executing `docker build` are you sure the environment variables are set in your host environment? (I.E. did you load your `.env` file first?) in other words are you sure of the value you are passing to `--build-arg`? Try echoing the value before `docker build` and also confirm with a test echoing the buildarg value with a `RUN` command. Also when you hardcode the `ENV` are you putting it above or below the last `FROM` instruction? – sytech Jan 14 '22 at 20:23

1 Answers1

-1

When you run the next app, the variables in .evn will only load to next app if they start with NEXT_PUBLIC_, remember you are not running the next app from cmd, your starting point is 'npm start' in docker which only loads env variable with names stating from "NEXT_PUBLIC"

NEXT_PUBLIC_ANALYTICS_ID=abcdefghijk

More info here - https://nextjs.org/docs/basic-features/environment-variables

Just prefix all your variables with "NEXT_PUBLIC"

NEXT_PUBLIC_RECAPTCHA_SITE_KEY=my-public-key...
NEXT_PUBLIC_RECAPTCHA_SECRET_KEY=my-secret-key...
Santosh Karanam
  • 1,077
  • 11
  • 23
  • 1
    Thanks for your answer, but then my NEXT_PUBLIC_RECAPTCHA_SECRET_KEY is exposed to the client and I want to keep that var only available to the server. So this isnt an option for me, or am I missing something? All vars in my .env file not prefixed with `NEXT_PUBLIC_...` are not exposed to the client/browser. This is what I want. – anvin Jan 14 '22 at 09:11
  • Ha got it, Can you check these links https://github.com/vercel/next.js/discussions/12077 https://stackoverflow.com/a/35462890/1554860 – Santosh Karanam Jan 14 '22 at 10:39