-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #21 from JuribaDev/fix-server-docker-file
hot fix server dockerfile
- Loading branch information
Showing
6 changed files
with
15,610 additions
and
11,798 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,44 @@ | ||
| # Build stage | ||
| FROM docker.io/node:lts-alpine3.20 AS build | ||
| FROM node:lts-alpine3.20 AS build | ||
| WORKDIR /app | ||
|
|
||
| RUN apk add --no-cache python3 make g++ | ||
|
|
||
| COPY package*.json ./ | ||
| RUN npm ci | ||
|
|
||
| COPY . . | ||
| RUN npm run build -- --prod | ||
|
|
||
| # Production stage | ||
| RUN npx nx build client --prod | ||
|
|
||
|
|
||
| FROM nginx:stable-alpine | ||
| COPY --from=build /app/dist/client /usr/share/nginx/html | ||
| COPY nginx.conf /etc/nginx/nginx.conf | ||
| RUN chown -R nginx:nginx /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html && \ | ||
| chown -R nginx:nginx /var/cache/nginx && \ | ||
| chown -R nginx:nginx /var/log/nginx && \ | ||
| chown -R nginx:nginx /etc/nginx/conf.d | ||
|
|
||
| ARG GITHUB_SHA | ||
| ARG BUILD_DATE | ||
| ARG GITHUB_REF_NAME | ||
|
|
||
| LABEL org.opencontainers.image.title="R&D Platform Client" | ||
| LABEL org.opencontainers.image.source="https://github.com/JuribaDev/rnd-platform" | ||
| LABEL org.opencontainers.image.revision=${GITHUB_SHA} | ||
| LABEL org.opencontainers.image.created=${BUILD_DATE} | ||
| LABEL org.opencontainers.image.version=${GITHUB_REF_NAME} | ||
| LABEL maintainer="Juriba Saleh [email protected]" | ||
|
|
||
| COPY --from=build /app/dist/apps/client/browser /usr/share/nginx/html | ||
|
|
||
| COPY apps/client/nginx.conf /etc/nginx/nginx.conf | ||
|
|
||
| RUN chown -R nginx:nginx /usr/share/nginx/html && \ | ||
| chmod -R 755 /usr/share/nginx/html && \ | ||
| chown -R nginx:nginx /var/cache/nginx && \ | ||
| chown -R nginx:nginx /var/log/nginx && \ | ||
| chown -R nginx:nginx /etc/nginx/conf.d | ||
|
|
||
| RUN touch /var/run/nginx.pid && \ | ||
| chown -R nginx:nginx /var/run/nginx.pid | ||
| chown -R nginx:nginx /var/run/nginx.pid | ||
|
|
||
| USER nginx | ||
|
|
||
| EXPOSE 80 | ||
|
|
||
| CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,49 +1,44 @@ | ||
| user nginx; | ||
| worker_processes auto; | ||
|
|
||
| error_log /var/log/nginx/error.log warn; | ||
| pid /var/run/nginx.pid; | ||
|
|
||
| pid /var/run/nginx.pid; | ||
| events { | ||
| worker_connections 1024; | ||
| } | ||
|
|
||
| http { | ||
| include /etc/nginx/mime.types; | ||
| default_type application/octet-stream; | ||
| include /etc/nginx/mime.types; | ||
| default_type application/octet-stream; | ||
|
|
||
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
| '$status $body_bytes_sent "$http_referer" ' | ||
| '"$http_user_agent" "$http_x_forwarded_for"'; | ||
| access_log /var/log/nginx/access.log; | ||
| error_log /var/log/nginx/error.log; | ||
|
|
||
| access_log /var/log/nginx/access.log main; | ||
| include /etc/nginx/conf.d/*.conf; | ||
|
|
||
| gzip on; | ||
| gzip_disable "msie6"; | ||
|
|
||
| sendfile on; | ||
| tcp_nopush on; | ||
| tcp_nodelay on; | ||
| keepalive_timeout 65; | ||
| types_hash_max_size 2048; | ||
|
|
||
| server { | ||
| listen 80; | ||
| server_name localhost; | ||
|
|
||
| root /usr/share/nginx/html; | ||
| index index.html index.htm; | ||
| index index.html; | ||
|
|
||
| location / { | ||
| try_files $uri $uri/ /index.html; | ||
| } | ||
|
|
||
| add_header X-Frame-Options "SAMEORIGIN" always; | ||
| add_header X-XSS-Protection "1; mode=block" always; | ||
| add_header X-Content-Type-Options "nosniff" always; | ||
| add_header Referrer-Policy "no-referrer-when-downgrade" always; | ||
| add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' http://localhost:3000;" always; | ||
|
|
||
| gzip on; | ||
| gzip_vary on; | ||
| gzip_proxied any; | ||
| gzip_comp_level 6; | ||
| gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; | ||
| error_page 404 /index.html; | ||
|
|
||
| location ~* \.(?:manifest|appcache|html?|xml|json)$ { | ||
| expires -1; | ||
| add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"; | ||
| } | ||
|
|
||
| location ~* \.(?:css|js|woff2?|eot|ttf|otf|svg|png|jpg|jpeg|gif|ico)$ { | ||
| expires 1y; | ||
| add_header Cache-Control "public, max-age=31536000, immutable"; | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,47 @@ | ||
| # Build stage | ||
| FROM docker.io/node:lts-alpine3.20 AS build | ||
| FROM node:lts-alpine3.20 AS build | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| RUN apk add --no-cache python3 make g++ | ||
|
|
||
| COPY package*.json ./ | ||
| RUN npm ci | ||
|
|
||
| COPY . . | ||
| RUN npm run build | ||
|
|
||
| # Production stage | ||
| FROM nginx:stable-alpine | ||
| RUN apk add --no-cache dumb-init | ||
| ENV NODE_ENV production | ||
| RUN npx nx build server --prod | ||
|
|
||
| FROM node:lts-alpine3.20 | ||
|
|
||
| ARG GITHUB_SHA | ||
| ARG BUILD_DATE | ||
| ARG GITHUB_REF_NAME | ||
|
|
||
| LABEL org.opencontainers.image.title="R&D Platform" | ||
| LABEL org.opencontainers.image.source="https://github.com/JuribaDev/rnd-platform" | ||
| LABEL org.opencontainers.image.revision=${GITHUB_SHA} | ||
| LABEL org.opencontainers.image.created=${BUILD_DATE} | ||
| LABEL org.opencontainers.image.version=${GITHUB_REF_NAME} | ||
| LABEL maintainer="Juriba Saleh [email protected]" | ||
|
|
||
| RUN apk add --no-cache dumb-init python3 make g++ | ||
|
|
||
| ENV NODE_ENV=production | ||
|
|
||
| WORKDIR /app | ||
| COPY --from=build /app/node_modules ./node_modules | ||
|
|
||
| COPY package*.json ./ | ||
|
|
||
| RUN npm ci --only=production && npm rebuild bcrypt --build-from-source | ||
|
|
||
| COPY --from=build /app/dist ./dist | ||
|
|
||
| RUN addgroup -g 1001 -S nodejs | ||
| RUN adduser -S nestjs -u 1001 | ||
| RUN chown -R nestjs:nodejs /app | ||
|
|
||
| USER nestjs | ||
|
|
||
| EXPOSE 3000 | ||
| CMD ["dumb-init", "node", "dist/main"] | ||
|
|
||
| CMD ["dumb-init", "node", "dist/apps/server/main.js"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.