-
-
Notifications
You must be signed in to change notification settings - Fork 39
Expand file tree
/
Copy pathDockerfile
More file actions
89 lines (73 loc) · 2.82 KB
/
Dockerfile
File metadata and controls
89 lines (73 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
FROM node:20-alpine3.21 AS frontend-builder
# Update packages to fix vulnerabilities
RUN apk update && apk upgrade --no-cache
WORKDIR /app/frontend
ENV NPM_CONFIG_REGISTRY=https://registry.npmjs.org/ \
NPM_CONFIG_FETCH_RETRIES=5 \
NPM_CONFIG_FETCH_RETRY_FACTOR=2 \
NPM_CONFIG_FETCH_RETRY_MINTIMEOUT=20000 \
NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=120000
COPY frontend/package*.json ./
# Use lockfile-based installs for deterministic CI builds.
RUN npm ci --no-audit --no-fund
COPY frontend/ ./
# Set VITE_API_URL to use relative path for Nginx proxy
ARG VITE_API_URL=/api
ENV VITE_API_URL=${VITE_API_URL}
# PromoteKit affiliate tracking (optional)
ARG VITE_PROMOTEKIT_ID
ENV VITE_PROMOTEKIT_ID=${VITE_PROMOTEKIT_ID}
RUN npm run build
FROM node:20-alpine3.21 AS backend-builder
# Update packages to fix vulnerabilities
RUN apk update && apk upgrade --no-cache
WORKDIR /app/backend
ENV NPM_CONFIG_REGISTRY=https://registry.npmjs.org/ \
NPM_CONFIG_FETCH_RETRIES=5 \
NPM_CONFIG_FETCH_RETRY_FACTOR=2 \
NPM_CONFIG_FETCH_RETRY_MINTIMEOUT=20000 \
NPM_CONFIG_FETCH_RETRY_MAXTIMEOUT=120000
# Install build dependencies for native modules (excluding vips-dev to avoid Sharp build issues)
RUN apk add --no-cache --no-scripts \
python3 \
make \
g++ \
libc6-compat \
build-base
COPY backend/package*.json ./
# Install node-gyp globally for native module builds.
RUN npm install -g node-gyp
# Install dependencies
# Sharp will automatically download prebuilt binaries for Alpine Linux
# Set environment variable to ensure Sharp uses prebuilt binaries
ENV SHARP_IGNORE_GLOBAL_LIBVIPS=1
RUN npm ci --omit=dev --no-audit --no-fund
COPY backend/ ./
FROM node:20-alpine3.21
# Update packages to fix vulnerabilities
# Note: vips is NOT needed here - Sharp uses bundled libvips via SHARP_IGNORE_GLOBAL_LIBVIPS=1
RUN apk update && apk upgrade --no-cache && \
apk add --no-cache \
nginx \
netcat-openbsd \
libc6-compat \
su-exec && \
mkdir -p /run/nginx /var/lib/nginx /var/lib/nginx/tmp /var/log/nginx && \
chown -R nginx:nginx /run/nginx /var/lib/nginx /var/log/nginx
WORKDIR /app
# Copy built frontend
COPY --from=frontend-builder /app/frontend/dist /usr/share/nginx/html
# Copy backend
COPY --from=backend-builder /app/backend ./backend
# Copy configuration files
COPY docker/nginx.conf /etc/nginx/http.d/default.conf
COPY docker/start.sh /app/start.sh
COPY docker/docker-entrypoint.sh /app/docker-entrypoint.sh
RUN chmod +x /app/start.sh /app/docker-entrypoint.sh
# Create non-root user for the Node.js backend process
# Note: nginx master process requires root to bind port 80, but worker processes
# run as the 'nginx' user. The Node.js backend is started as 'appuser' in start.sh.
RUN addgroup -S appgroup && adduser -S appuser -G appgroup && \
chown -R appuser:appgroup /app
EXPOSE 80 3000
CMD ["/app/start.sh"]