project: add Dockerfiles

2022-11-27 21:17:30 +03:00 · 2022-11-27 21:17:30 +03:00 · 8602876264
commit 8602876264
parent 57b321ec31
7 changed files with 153 additions and 14 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,13 @@
+NETWORK_NAME=
+BASE_PATH=
+
+LDAP_BIND_DN=
+LDAP_BIND_CREDENTIALS=
+LDAP_DOMAIN=
+LDAP_URL=
+LDAP_BASE=
+LDAP_ATTRIBUTE=
+API_SECRET=
+API_TOKEN_TTL=
+API_CACHE_TTL=
+API_REDIS_HOST=
--- a/apps/api/.dockerignore
+++ b/apps/api/.dockerignore
@ -2,4 +2,5 @@ Dockerfile
 .dockerignore
 node_modules
 npm-debug.log
-dist
+dist
+README.md
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@ -1,22 +1,40 @@
-FROM node:16-alpine AS deps
-WORKDIR /app
-COPY package.json yarn.lock ./
-COPY .npmrc ./
-RUN yarn config set "strict-ssl" false
-RUN yarn install --frozen-lockfile --prod=true
+# The web Dockerfile is copy-pasted into our main docs at /docs/handbook/deploying-with-docker.
+# Make sure you update this Dockerfile, the Dockerfile in the web workspace and copy that over to Dockerfile in the docs.

 FROM node:16-alpine AS builder
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+RUN apk update
+# Set working directory
 WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
+RUN yarn global add turbo
 COPY . .
-RUN yarn build
+RUN turbo prune --scope=api --docker
+
+# Add lockfile and package.json's of isolated subworkspace
+FROM node:16-alpine AS installer
+RUN apk add --no-cache libc6-compat
+RUN apk update
+WORKDIR /app
+
+# First install dependencies (as they change less often)
+COPY .gitignore .gitignore
+COPY --from=builder /app/out/json/ .
+COPY --from=builder /app/out/yarn.lock ./yarn.lock
+RUN yarn install
+
+# Build the project and its dependencies
+COPY --from=builder /app/out/full/ .
+COPY turbo.json turbo.json
+RUN yarn turbo run build --filter=api...

 FROM node:16-alpine AS runner
 WORKDIR /app
-COPY --from=builder /app/package.json ./package.json
-COPY --from=builder /app/dist ./dist
-COPY --from=builder /app/node_modules ./node_modules

-EXPOSE 3000
+# Don't run production as root
+RUN addgroup --system --gid 1001 nestjs
+RUN adduser --system --uid 1001 nestjs
+USER nestjs
+COPY --from=installer /app .

-CMD [ "node", "dist/main.js" ]
+CMD node apps/api/dist/main.js
--- a/apps/web/.dockerignore
+++ b/apps/web/.dockerignore
@ -0,0 +1,7 @@
+Dockerfile
+.dockerignore
+node_modules
+npm-debug.log
+README.md
+.next
+.git
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@ -0,0 +1,52 @@
+# This Dockerfile is copy-pasted into our main docs at /docs/handbook/deploying-with-docker.
+# Make sure you update both files!
+
+FROM node:16-alpine AS builder
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+RUN apk update
+# Set working directory
+WORKDIR /app
+RUN yarn global add turbo
+COPY . .
+RUN turbo prune --scope=web --docker
+
+# Add lockfile and package.json's of isolated subworkspace
+FROM node:16-alpine AS installer
+RUN apk add --no-cache libc6-compat
+RUN apk update
+WORKDIR /app
+ENV NEXT_TELEMETRY_DISABLED 1
+
+# First install the dependencies (as they change less often)
+COPY .gitignore .gitignore
+COPY --from=builder /app/out/json/ .
+COPY --from=builder /app/out/yarn.lock ./yarn.lock
+RUN yarn install
+
+ARG NEXT_PUBLIC_COLOR_PRIMARY
+
+# Build the project
+COPY --from=builder /app/out/full/ .
+COPY turbo.json turbo.json
+RUN yarn turbo run build --filter=web...
+
+FROM node:16-alpine AS runner
+WORKDIR /app
+
+ENV NEXT_TELEMETRY_DISABLED 1
+
+# Don't run production as root
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+USER nextjs
+
+COPY --from=installer /app/apps/web/next.config.js .
+COPY --from=installer /app/apps/web/package.json .
+
+# Automatically leverage output traces to reduce image size
+# https://nextjs.org/docs/advanced-features/output-file-tracing
+COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/standalone ./
+COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static
+
+CMD node apps/web/server.js
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@ -1,11 +1,17 @@
+const path = require('path');
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
  basePath: process.env.NEXT_PUBLIC_BASE_PATH,
+  output: 'standalone',
  reactStrictMode: true,
  swcMinify: true,
  eslint: {
    ignoreDuringBuilds: true,
  },
+  experimental: {
+    outputFileTracingRoot: path.join(__dirname, '../../'),
+  },
 };

 module.exports = nextConfig;
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,42 @@
+version: '3'
+
+services:
+  web:
+    container_name: web
+    build:
+      context: .
+      dockerfile: ./apps/web/Dockerfile
+    environment:
+      - NEXT_PUBLIC_BASE_PATH=${BASE_PATH}
+    restart: always
+
+  api:
+    container_name: api
+    build:
+      context: .
+      dockerfile: ./apps/api/Dockerfile
+    environment:
+      - bindDN=${LDAP_BIND_DN}
+      - bindCredentials=${LDAP_BIND_CREDENTIALS}
+      - domain=${LDAP_DOMAIN}
+      - ldapUrl=${LDAP_URL}
+      - base=${LDAP_BASE}
+      - attribute=${LDAP_ATTRIBUTE}
+      - SECRET=${API_SECRET}
+      - TOKEN_TTL=${API_TOKEN_TTL}
+      - CACHE_TTL=${API_CACHE_TTL}
+      - REDIS_HOST=${API_REDIS_HOST}
+    restart: always
+    networks:
+      - auth_network
+
+  redis:
+    image: redis:7-alpine
+    environment:
+      ALLOW_EMPTY_PASSWORD: 'yes'
+    networks:
+      - auth_network
+
+networks:
+  auth_network:
+    name: ${NETWORK_NAME}