Skip to content

Commit

Permalink
refactor(deployment): serve frontend from backend, making proxy redun…
Browse files Browse the repository at this point in the history
…dant (#319)

Co-authored-by: Anatol Karalkoŭ <[email protected]>
  • Loading branch information
tamirGer and rielas authored Mar 10, 2024
1 parent 63ce629 commit 86ca82b
Show file tree
Hide file tree
Showing 632 changed files with 1,210 additions and 2,895 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# compiled output
/dist
/public/build
/client/build
/node_modules

# Logs
Expand Down
95 changes: 80 additions & 15 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,27 +1,92 @@
FROM node:14
###################
# BUILD FOR LOCAL DEVELOPMENT
###################

WORKDIR /var/www/
FROM node:14-alpine As development

COPY package*.json ./
WORKDIR /usr/src/app

RUN npm ci -q
COPY --chown=node:node package*.json ./
COPY --chown=node:node tsconfig.build.json ./
COPY --chown=node:node tsconfig.json ./
COPY --chown=node:node nest-cli.json ./
COPY --chown=node:node mikro-orm.config.ts ./
COPY --chown=node:node .env ./
COPY --chown=node:node config ./config
COPY --chown=node:node keycloak ./keycloak
COPY --chown=node:node client ./client
COPY --chown=node:node src ./src

COPY config ./config
COPY tsconfig.build.json ./
COPY tsconfig.json ./
COPY nest-cli.json ./
COPY .env ./
COPY src ./src

RUN apk add --no-cache --virtual .gyp python3 py3-pip make g++

RUN npm ci
RUN npm ci --prefix=client --only=prod

RUN apk del .gyp

USER node

###################
# BUILD FOR PRODUCTION
###################

FROM node:14-alpine As build

WORKDIR /usr/src/app

COPY --chown=node:node package*.json ./
COPY --chown=node:node tsconfig.build.json ./
COPY --chown=node:node tsconfig.json ./
COPY --chown=node:node nest-cli.json ./
COPY --chown=node:node mikro-orm.config.ts ./
COPY --chown=node:node .env ./
COPY --chown=node:node config ./config
COPY --chown=node:node keycloak ./keycloak
COPY --chown=node:node client ./client
COPY --chown=node:node src ./src

COPY --chown=node:node --from=development /usr/src/app/node_modules ./node_modules
COPY --chown=node:node --from=development /usr/src/app/client/node_modules ./client/node_modules

RUN apk add --no-cache --virtual .gyp python3 py3-pip make g++

# Install project dependencies before running build commands
RUN npm ci

RUN npm run build
RUN npm prune --production
# Build the client (React) project
RUN cd client && npm ci && npm run build

ENV NODE_ENV production

RUN npm ci --only=production && npm cache clean --force

RUN chown -R node:node /var/www/*
RUN apk del .gyp

USER node

ENV NODE_ENV=production
###################
# PRODUCTION
###################

FROM node:14-alpine As production

WORKDIR /usr/src/app

COPY --chown=node:node nest-cli.json ./
COPY --chown=node:node mikro-orm.config.ts ./
COPY --chown=node:node .env ./
COPY --chown=node:node config ./config
COPY --chown=node:node keycloak ./keycloak

COPY --chown=node:node --from=build /usr/src/app/node_modules ./node_modules
COPY --chown=node:node --from=build /usr/src/app/package*.json ./
COPY --chown=node:node --from=build /usr/src/app/dist ./dist

EXPOSE 3000
COPY --chown=node:node --from=build /usr/src/app/client/node_modules ./client/node_modules
COPY --chown=node:node --from=build /usr/src/app/client/package*.json ./client/
COPY --chown=node:node --from=build /usr/src/app/client/build ./client/build
COPY --chown=node:node --from=build /usr/src/app/client/vcs ./client/vcs

CMD ["npm", "run", "start:prod"]
CMD ["npm", "run", "start:prod"]
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ The application contains:
- React based web client
- FE - http://localhost:8090
- BE - http://localhost:3000
- NodeJS server - the full API documentation is available via swagger or GraphQL
- NodeJS server that serves that React client and provides both OpenAPI and GraphQL endpoints.
The full API documentation is available via swagger or GraphQL:
- Swagger UI - http://localhost:8090/swagger
- Swagger JSON file - http://localhost:8090/swagger-json
- GraphiQL UI - http://localhost:8090/graphiql
- nginx web server that serves the client and acts as a reverse proxy for the server's API requests

> **Note**
> The GraphQL API does not yet support all of the endpoints the REST API does.
Expand Down
8 changes: 4 additions & 4 deletions charts/brokencrystals/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
apiVersion: v2
name: brokencrystals
name: brokencrystals-exp
description: |
Benchmark application that uses modern technologies and implements a set of
common security vulnerabilities
type: application
version: 0.0.48
version: 0.0.55
keywords:
- brokencrystals
- brkn
- brokencrystals-exp
- brkn-e
59 changes: 5 additions & 54 deletions charts/brokencrystals/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,11 @@ spec:
value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json"
- name: X5U_URL
value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt"
volumeMounts:
- name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
resources:
requests:
cpu: 900m
Expand All @@ -168,60 +173,6 @@ spec:
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 30

- name: proxy
image: brightsec/brokencrystals-proxy-http:{{ .Values.images.client }}
env:
- name: URL
value: "https://{{ .Values.ingress.url }}"
- name: DATABASE_HOST
value: "postgres"
- name: DATABASE_SCHEMA
value: "bc"
- name: DATABASE_USER
value: "bc"
- name: DATABASE_PASSWORD
value: "bc"
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_DEBUG
value: "true"
- name: AWS_BUCKET
value: "https://neuralegion-open-bucket.s3.amazonaws.com"
- name: GOOGLE_MAPS_API
value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ"
- name: JWT_PRIVATE_KEY_LOCATION
value: "config/keys/jwtRS256.key"
- name: JWT_PUBLIC_KEY_LOCATION
value: "config/keys/jwtRS256.key.pub.pem"
- name: JWT_SECRET_KEY
value: "1234"
- name: JWK_PRIVATE_KEY_LOCATION
value: "config/keys/jwk.key.pem"
- name: JWK_PUBLIC_KEY_LOCATION
value: "config/keys/jwk.pub.key.pem"
- name: JWK_PUBLIC_JSON
value: "config/keys/jwk.pub.json"
- name: JKU_URL
value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json"
- name: X5U_URL
value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt"
volumeMounts:
- name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
resources:
requests:
cpu: 500m
memory: 50Mi
livenessProbe:
httpGet:
path: /
port: 80
scheme: HTTP
initialDelaySeconds: 120
periodSeconds: 30
restartPolicy: Always

volumes:
Expand Down
2 changes: 1 addition & 1 deletion charts/brokencrystals/templates/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
service:
name: {{ .Release.Name }}
port:
number: 80
number: 3000

---
apiVersion: networking.k8s.io/v1
Expand Down
4 changes: 2 additions & 2 deletions charts/brokencrystals/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ spec:
app: {{ .Release.Name }}
ports:
- protocol: TCP
port: 80
targetPort: 80
port: 3000
targetPort: 3000

---
apiVersion: v1
Expand Down
4 changes: 2 additions & 2 deletions charts/brokencrystals/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ ingress:
cert: ""
authlevel: "."
images:
main: stable
client: stable
main: experimental
client: unstable
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Loading

0 comments on commit 86ca82b

Please sign in to comment.