From 8602876264a33cb4e54df7e675bea33b3a4bb560 Mon Sep 17 00:00:00 2001
From: Chika <djchikalkin@gmail.com>
Date: Sun, 27 Nov 2022 21:17:30 +0300
Subject: [PATCH] project: add Dockerfiles

---
 .env                    | 13 +++++++++++
 apps/api/.dockerignore  |  3 ++-
 apps/api/Dockerfile     | 44 +++++++++++++++++++++++-----------
 apps/web/.dockerignore  |  7 ++++++
 apps/web/Dockerfile     | 52 +++++++++++++++++++++++++++++++++++++++++
 apps/web/next.config.js |  6 +++++
 docker-compose.yml      | 42 +++++++++++++++++++++++++++++++++
 7 files changed, 153 insertions(+), 14 deletions(-)
 create mode 100644 .env
 create mode 100644 apps/web/.dockerignore
 create mode 100644 apps/web/Dockerfile
 create mode 100644 docker-compose.yml

diff --git a/.env b/.env
new file mode 100644
index 0000000..6c598c9
--- /dev/null
+++ b/.env
@@ -0,0 +1,13 @@
+NETWORK_NAME=
+BASE_PATH=
+
+LDAP_BIND_DN=
+LDAP_BIND_CREDENTIALS=
+LDAP_DOMAIN=
+LDAP_URL=
+LDAP_BASE=
+LDAP_ATTRIBUTE=
+API_SECRET=
+API_TOKEN_TTL=
+API_CACHE_TTL=
+API_REDIS_HOST=
\ No newline at end of file
diff --git a/apps/api/.dockerignore b/apps/api/.dockerignore
index 1d7d55f..2d6b28a 100644
--- a/apps/api/.dockerignore
+++ b/apps/api/.dockerignore
@@ -2,4 +2,5 @@ Dockerfile
 .dockerignore
 node_modules
 npm-debug.log
-dist
\ No newline at end of file
+dist
+README.md
\ No newline at end of file
diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile
index bff9494..946ade2 100644
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -1,22 +1,40 @@
-FROM node:16-alpine AS deps
-WORKDIR /app
-COPY package.json yarn.lock ./
-COPY .npmrc ./
-RUN yarn config set "strict-ssl" false
-RUN yarn install --frozen-lockfile --prod=true
+# The web Dockerfile is copy-pasted into our main docs at /docs/handbook/deploying-with-docker.
+# Make sure you update this Dockerfile, the Dockerfile in the web workspace and copy that over to Dockerfile in the docs.
 
 FROM node:16-alpine AS builder
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+RUN apk update
+# Set working directory
 WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
+RUN yarn global add turbo
 COPY . .
-RUN yarn build
+RUN turbo prune --scope=api --docker
+
+# Add lockfile and package.json's of isolated subworkspace
+FROM node:16-alpine AS installer
+RUN apk add --no-cache libc6-compat
+RUN apk update
+WORKDIR /app
+
+# First install dependencies (as they change less often)
+COPY .gitignore .gitignore
+COPY --from=builder /app/out/json/ .
+COPY --from=builder /app/out/yarn.lock ./yarn.lock
+RUN yarn install
+
+# Build the project and its dependencies
+COPY --from=builder /app/out/full/ .
+COPY turbo.json turbo.json
+RUN yarn turbo run build --filter=api...
 
 FROM node:16-alpine AS runner
 WORKDIR /app
-COPY --from=builder /app/package.json ./package.json
-COPY --from=builder /app/dist ./dist
-COPY --from=builder /app/node_modules ./node_modules
 
-EXPOSE 3000
+# Don't run production as root
+RUN addgroup --system --gid 1001 nestjs
+RUN adduser --system --uid 1001 nestjs
+USER nestjs
+COPY --from=installer /app .
 
-CMD [ "node", "dist/main.js" ]
\ No newline at end of file
+CMD node apps/api/dist/main.js
diff --git a/apps/web/.dockerignore b/apps/web/.dockerignore
new file mode 100644
index 0000000..72e9aa4
--- /dev/null
+++ b/apps/web/.dockerignore
@@ -0,0 +1,7 @@
+Dockerfile
+.dockerignore
+node_modules
+npm-debug.log
+README.md
+.next
+.git
\ No newline at end of file
diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile
new file mode 100644
index 0000000..ea88762
--- /dev/null
+++ b/apps/web/Dockerfile
@@ -0,0 +1,52 @@
+# This Dockerfile is copy-pasted into our main docs at /docs/handbook/deploying-with-docker.
+# Make sure you update both files!
+
+FROM node:16-alpine AS builder
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+RUN apk update
+# Set working directory
+WORKDIR /app
+RUN yarn global add turbo
+COPY . .
+RUN turbo prune --scope=web --docker
+
+# Add lockfile and package.json's of isolated subworkspace
+FROM node:16-alpine AS installer
+RUN apk add --no-cache libc6-compat
+RUN apk update
+WORKDIR /app
+ENV NEXT_TELEMETRY_DISABLED 1
+
+# First install the dependencies (as they change less often)
+COPY .gitignore .gitignore
+COPY --from=builder /app/out/json/ .
+COPY --from=builder /app/out/yarn.lock ./yarn.lock
+RUN yarn install
+
+ARG NEXT_PUBLIC_COLOR_PRIMARY
+
+# Build the project
+COPY --from=builder /app/out/full/ .
+COPY turbo.json turbo.json
+RUN yarn turbo run build --filter=web...
+
+FROM node:16-alpine AS runner
+WORKDIR /app
+
+ENV NEXT_TELEMETRY_DISABLED 1
+
+# Don't run production as root
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+USER nextjs
+
+COPY --from=installer /app/apps/web/next.config.js .
+COPY --from=installer /app/apps/web/package.json .
+
+# Automatically leverage output traces to reduce image size
+# https://nextjs.org/docs/advanced-features/output-file-tracing
+COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/standalone ./
+COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static
+
+CMD node apps/web/server.js
\ No newline at end of file
diff --git a/apps/web/next.config.js b/apps/web/next.config.js
index 5ea7e93..da80bb6 100644
--- a/apps/web/next.config.js
+++ b/apps/web/next.config.js
@@ -1,11 +1,17 @@
+const path = require('path');
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   basePath: process.env.NEXT_PUBLIC_BASE_PATH,
+  output: 'standalone',
   reactStrictMode: true,
   swcMinify: true,
   eslint: {
     ignoreDuringBuilds: true,
   },
+  experimental: {
+    outputFileTracingRoot: path.join(__dirname, '../../'),
+  },
 };
 
 module.exports = nextConfig;
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..22b08ff
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,42 @@
+version: '3'
+
+services:
+  web:
+    container_name: web
+    build:
+      context: .
+      dockerfile: ./apps/web/Dockerfile
+    environment:
+      - NEXT_PUBLIC_BASE_PATH=${BASE_PATH}
+    restart: always
+
+  api:
+    container_name: api
+    build:
+      context: .
+      dockerfile: ./apps/api/Dockerfile
+    environment:
+      - bindDN=${LDAP_BIND_DN}
+      - bindCredentials=${LDAP_BIND_CREDENTIALS}
+      - domain=${LDAP_DOMAIN}
+      - ldapUrl=${LDAP_URL}
+      - base=${LDAP_BASE}
+      - attribute=${LDAP_ATTRIBUTE}
+      - SECRET=${API_SECRET}
+      - TOKEN_TTL=${API_TOKEN_TTL}
+      - CACHE_TTL=${API_CACHE_TTL}
+      - REDIS_HOST=${API_REDIS_HOST}
+    restart: always
+    networks:
+      - auth_network
+
+  redis:
+    image: redis:7-alpine
+    environment:
+      ALLOW_EMPTY_PASSWORD: 'yes'
+    networks:
+      - auth_network
+
+networks:
+  auth_network:
+    name: ${NETWORK_NAME}