From 1b2bce87ad7d6ebd07ce61226601dc19da6a67b6 Mon Sep 17 00:00:00 2001 From: Yaroslav Grishajev Date: Thu, 20 Jun 2024 09:37:28 +0200 Subject: [PATCH] chore: enable node to bind low level ports also improve docker files a bit ref #229 --- docker/Dockerfile.nextjs | 25 ++++++++++--------------- docker/Dockerfile.node | 27 ++++++++++++--------------- 2 files changed, 22 insertions(+), 30 deletions(-) diff --git a/docker/Dockerfile.nextjs b/docker/Dockerfile.nextjs index e4e24d32e..a7e4def83 100644 --- a/docker/Dockerfile.nextjs +++ b/docker/Dockerfile.nextjs @@ -2,15 +2,14 @@ FROM node:20-alpine AS base ARG WORKSPACE ENV WORKSPACE $WORKSPACE - ENV NEXT_TELEMETRY_DISABLED 1 +WORKDIR /app + FROM base AS development ENV NODE_ENV development -WORKDIR /app - RUN apk add --no-cache libc6-compat COPY $WORKSPACE ./$WORKSPACE @@ -24,27 +23,24 @@ CMD ["npm", "run", "dev", "--workspace", "${WORKSPACE}"] FROM development AS builder -WORKDIR /app - ENV NODE_ENV production RUN npm run build -w $WORKSPACE FROM base AS production -WORKDIR /app - ENV NODE_ENV production ENV APP_GROUP_ID 1001 ENV APP_GROUP nodejs ENV APP_USER app -RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP -RUN adduser --system --uid $APP_GROUP_ID $APP_USER +RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP \ + && adduser --system --uid $APP_GROUP_ID $APP_USER COPY --from=builder /app/$WORKSPACE/public ./$WORKSPACE/public COPY --from=builder /app/$WORKSPACE/.next/standalone ./ COPY --from=builder /app/$WORKSPACE/.next/static ./$WORKSPACE/.next/static + RUN chown -R $APP_USER:$APP_GROUP /app WORKDIR /app/$WORKSPACE @@ -57,13 +53,12 @@ FROM production AS production-nginx USER root -RUN apk add --no-cache libcap nginx openssl -RUN setcap cap_net_bind_service=+ep `readlink -f \`which node\`` +RUN apk add --no-cache libcap nginx openssl \ + && setcap cap_net_bind_service=+ep `readlink -f \`which node\`` \ + && mkdir -p /etc/nginx/ssl \ + && openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=cloudmos.io" -days 600 \ + && nginx -t -RUN apk add --no-cache nginx -RUN mkdir -p /etc/nginx/ssl -RUN openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=cloudmos.io" -days 600 COPY $WORKSPACE/nginx.conf /etc/nginx/nginx.conf -RUN nginx -t CMD sed -i "s/127.0.0.1/$(hostname -i)/" /etc/nginx/nginx.conf && nginx && node server.js \ No newline at end of file diff --git a/docker/Dockerfile.node b/docker/Dockerfile.node index 56fc9c19b..29fa8e0bf 100644 --- a/docker/Dockerfile.node +++ b/docker/Dockerfile.node @@ -7,8 +7,6 @@ WORKDIR /app FROM base AS development -WORKDIR /app - COPY /$WORKSPACE /app/$WORKSPACE COPY /packages /app/packages COPY package.json /app @@ -20,32 +18,31 @@ CMD ["npm", "run", "dev", "--workspace", "${WORKSPACE}"] FROM development AS builder -WORKDIR /app - RUN npm run build --workspace $WORKSPACE FROM base AS production -WORKDIR /app - ENV NODE_ENV production ENV APP_GROUP_ID 1001 ENV APP_GROUP nodejs ENV APP_USER app -RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP -RUN adduser --system --uid $APP_GROUP_ID $APP_USER +RUN addgroup --system --gid $APP_GROUP_ID $APP_GROUP \ + && adduser --system --uid $APP_GROUP_ID --ingroup $APP_GROUP $APP_USER -COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/$WORKSPACE/dist /app/$WORKSPACE/dist -COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/packages /app/packages -COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/package.json /app/package.json -COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/package-lock.json /app/package-lock.json -COPY --from=builder --chown=$APP_USER:$APP_GROUP /app/$WORKSPACE/package.json /app/$WORKSPACE/package.json +COPY --from=builder /app/$WORKSPACE/dist /app/$WORKSPACE/dist +COPY --from=builder /app/packages /app/packages +COPY --from=builder /app/package.json /app/package.json +COPY --from=builder /app/package-lock.json /app/package-lock.json +COPY --from=builder /app/$WORKSPACE/package.json /app/$WORKSPACE/package.json +RUN chown -R $APP_USER:$APP_GROUP /app RUN npm ci --workspace $WORKSPACE --omit=dev - -WORKDIR /app/$WORKSPACE +RUN apk add --no-cache libcap; \ + setcap cap_net_bind_service=+ep `readlink -f \`which node\`` USER $APP_USER +WORKDIR /app/$WORKSPACE + CMD ["node", "dist/server.js"] \ No newline at end of file