chore: enable node to bind low level ports

also improve docker files a bit

ref #229

docker/Dockerfile.nextjs

@@ -2,15 +2,14 @@ FROM node:20-alpine AS base
 
 ARG WORKSPACE
 ENV WORKSPACE $WORKSPACE
-
 ENV NEXT_TELEMETRY_DISABLED 1
 
+WORKDIR /app
+
 FROM base AS development
 
 ENV NODE_ENV development
 
-WORKDIR /app
-
 RUN apk add --no-cache libc6-compat
 
 COPY $WORKSPACE ./$WORKSPACE
@@ -24,27 +23,24 @@ CMD ["npm", "run", "dev", "--workspace", "${WORKSPACE}"]
 
 FROM development AS builder
 
-WORKDIR /app
-
 ENV NODE_ENV production
 
 RUN npm run build -w $WORKSPACE
 
 FROM base AS production
 
-WORKDIR /app
-
 ENV NODE_ENV production
 ENV APP_GROUP_ID 1001
 ENV APP_GROUP nodejs
 ENV APP_USER app
 
-RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP
-RUN adduser --system --uid $APP_GROUP_ID $APP_USER
+RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP \
+    && adduser --system --uid $APP_GROUP_ID $APP_USER
 
 COPY --from=builder /app/$WORKSPACE/public ./$WORKSPACE/public
 COPY --from=builder /app/$WORKSPACE/.next/standalone ./
 COPY --from=builder /app/$WORKSPACE/.next/static ./$WORKSPACE/.next/static
+
 RUN chown -R $APP_USER:$APP_GROUP /app
 
 WORKDIR /app/$WORKSPACE
@@ -57,13 +53,12 @@ FROM production AS production-nginx
 
 USER root
 
-RUN apk add --no-cache libcap nginx openssl
-RUN setcap cap_net_bind_service=+ep `readlink -f \`which node\``
+RUN apk add --no-cache libcap nginx openssl \
+    && setcap cap_net_bind_service=+ep `readlink -f \`which node\`` \
+    && mkdir -p /etc/nginx/ssl \
+    && openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=cloudmos.io" -days 600 \
+    && nginx -t
 
-RUN apk add --no-cache nginx
-RUN mkdir -p /etc/nginx/ssl
-RUN openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=cloudmos.io" -days 600
 COPY $WORKSPACE/nginx.conf /etc/nginx/nginx.conf
-RUN nginx -t
 
 CMD sed -i "s/127.0.0.1/$(hostname -i)/" /etc/nginx/nginx.conf && nginx && node server.js

docker/Dockerfile.node

@@ -7,8 +7,6 @@ WORKDIR /app
 
 FROM base AS development
 
-WORKDIR /app
-
 COPY /$WORKSPACE /app/$WORKSPACE
 COPY /packages /app/packages
 COPY package.json /app
@@ -20,32 +18,31 @@ CMD ["npm", "run", "dev", "--workspace", "${WORKSPACE}"]
 
 FROM development AS builder
 
-WORKDIR /app
-
 RUN npm run build --workspace $WORKSPACE
 
 FROM base AS production
 
-WORKDIR /app
-
 ENV NODE_ENV production
 ENV APP_GROUP_ID 1001
 ENV APP_GROUP nodejs
 ENV APP_USER app
 
-RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP
-RUN adduser --system --uid $APP_GROUP_ID $APP_USER
+RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP \
+    && adduser --system --uid $APP_GROUP_ID --ingroup $APP_GROUP $APP_USER
 
-COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/$WORKSPACE/dist /app/$WORKSPACE/dist
-COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/packages /app/packages
-COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/package.json /app/package.json
-COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/package-lock.json /app/package-lock.json
-COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/$WORKSPACE/package.json /app/$WORKSPACE/package.json
+COPY --from=builder /app/$WORKSPACE/dist /app/$WORKSPACE/dist
+COPY --from=builder /app/packages /app/packages
+COPY --from=builder /app/package.json /app/package.json
+COPY --from=builder /app/package-lock.json /app/package-lock.json
+COPY --from=builder /app/$WORKSPACE/package.json /app/$WORKSPACE/package.json
 
+RUN chown -R $APP_USER:$APP_GROUP /app
 RUN npm ci --workspace $WORKSPACE --omit=dev
-
-WORKDIR /app/$WORKSPACE
+RUN apk add --no-cache libcap; \
+    setcap cap_net_bind_service=+ep `readlink -f \`which node\``
 
 USER $APP_USER
 
+WORKDIR /app/$WORKSPACE
+
 CMD ["node", "dist/server.js"]