fix: prevent Chromium zombie leak in htmlToPdf

- Wrap browser lifecycle in try/finally so browser.close() always runs
- Fall back to SIGKILL of browser.process() if close() fails
- Add --disable-dev-shm-usage to launch args (container stability)
- Add tini as ENTRYPOINT in Dockerfile for defense in depth
- Bump version to 1.0.2
This commit is contained in:
alexz
2026-04-11 14:59:50 +00:00
parent 6cac4d16e0
commit 43152351fa
3 changed files with 45 additions and 34 deletions

View File

@@ -4,6 +4,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
chromium \ chromium \
fonts-freefont-ttf \ fonts-freefont-ttf \
fonts-noto-cjk \ fonts-noto-cjk \
tini \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
WORKDIR /app WORKDIR /app
@@ -21,4 +22,5 @@ EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/health', r => process.exit(r.statusCode === 200 ? 0 : 1))" CMD node -e "require('http').get('http://localhost:3000/health', r => process.exit(r.statusCode === 200 ? 0 : 1))"
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["node", "server.js"] CMD ["node", "server.js"]

View File

@@ -235,43 +235,52 @@ async function htmlToPdf(html) {
const browser = await puppeteer.launch({ const browser = await puppeteer.launch({
executablePath: process.env.CHROME_PATH || "/usr/bin/google-chrome-stable", executablePath: process.env.CHROME_PATH || "/usr/bin/google-chrome-stable",
args: ["--no-sandbox", "--disable-setuid-sandbox"], args: ["--no-sandbox", "--disable-setuid-sandbox", "--disable-dev-shm-usage"],
}); });
const page = await browser.newPage(); try {
const page = await browser.newPage();
const htmlForPdf = html.replace( const htmlForPdf = html.replace(
/<script src="https:\/\/cdn\.jsdelivr\.net\/npm\/mermaid@[^"]*"><\/script>/, /<script src="https:\/\/cdn\.jsdelivr\.net\/npm\/mermaid@[^"]*"><\/script>/,
"" ""
);
await page.setContent(htmlForPdf, { waitUntil: "domcontentloaded" });
const hasMermaid = await page.evaluate(
() => document.querySelectorAll("pre.mermaid").length > 0
);
if (hasMermaid) {
const mermaidJs = fs.readFileSync(
path.join(__dirname, "mermaid.min.js"),
"utf-8"
); );
await page.addScriptTag({ content: mermaidJs }); await page.setContent(htmlForPdf, { waitUntil: "domcontentloaded" });
await page.evaluate(() => {
mermaid.initialize({
startOnLoad: false,
theme: "default",
flowchart: { useMaxWidth: true, htmlLabels: true, curve: "basis" },
securityLevel: "loose",
});
return mermaid.run({ querySelector: "pre.mermaid" });
});
}
const pdfBuffer = await page.pdf({ const hasMermaid = await page.evaluate(
format: "A4", () => document.querySelectorAll("pre.mermaid").length > 0
printBackground: true, );
margin: { top: "20mm", bottom: "20mm", left: "15mm", right: "15mm" }, if (hasMermaid) {
}); const mermaidJs = fs.readFileSync(
await browser.close(); path.join(__dirname, "mermaid.min.js"),
return pdfBuffer; "utf-8"
);
await page.addScriptTag({ content: mermaidJs });
await page.evaluate(() => {
mermaid.initialize({
startOnLoad: false,
theme: "default",
flowchart: { useMaxWidth: true, htmlLabels: true, curve: "basis" },
securityLevel: "loose",
});
return mermaid.run({ querySelector: "pre.mermaid" });
});
}
const pdfBuffer = await page.pdf({
format: "A4",
printBackground: true,
margin: { top: "20mm", bottom: "20mm", left: "15mm", right: "15mm" },
});
return pdfBuffer;
} finally {
try {
await browser.close();
} catch (e) {
try {
browser.process()?.kill("SIGKILL");
} catch (_) {}
}
}
} }
module.exports = { markdownToHtml, htmlToPdf }; module.exports = { markdownToHtml, htmlToPdf };

View File

@@ -1,6 +1,6 @@
{ {
"name": "md2html", "name": "md2html",
"version": "1.0.0", "version": "1.0.2",
"description": "", "description": "",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {