From 81a5d8514f960ce5dba5ab1b304edb942fa6bbd4 Mon Sep 17 00:00:00 2001 From: Nolan Poe Date: Fri, 30 Dec 2022 02:29:58 -0800 Subject: [PATCH 1/3] Docker Changes - Add "release" and "release-aio" configurations based on alma linux - Add nginx example and entrypoint script - Dockerfile changes - "p" was not removed --- docker-compose.yml | 15 ++++--- p/Dockerfile | 102 ++++++++++++++++++++++++++++++++++++++++--- p/entrypoint.sh | 31 +++++++++++++ p/nginx.conf.example | 19 ++++++++ 4 files changed, 157 insertions(+), 10 deletions(-) create mode 100644 p/entrypoint.sh create mode 100644 p/nginx.conf.example diff --git a/docker-compose.yml b/docker-compose.yml index 6daee78..acf9a6d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,12 +1,17 @@ -version: '3.1' - -# TODO: Dockerize the other services - services: proxy: build: context: . dockerfile: p/Dockerfile + target: release-aio + # cache_to: + # cache_from: restart: unless-stopped ports: - - 3000:3000 + - 80:80 + - 443:443 + # - 3000:3000 + environment: + - HOSTNAME=example.com + - EMAIL=user@email.com # required for https + - STAGING=true # Set to "true" to use staging diff --git a/p/Dockerfile b/p/Dockerfile index 05132ff..1e25ae7 100644 --- a/p/Dockerfile +++ b/p/Dockerfile @@ -1,7 +1,99 @@ -FROM node:18 -WORKDIR /app -COPY package.json /app/ -COPY p /app/p +################################################################################# +# INSTALLERS # +# These images provide the dependencies required to build the other images. # +################################################################################# + +FROM quay.io/almalinuxorg/9-base AS builder-installer + +# Needed for node 18+ +# RUN dnf module --assumeyes enable nodejs + +RUN --mount=type=cache,target=/var/cache/dnf \ + dnf install --assumeyes --nodocs nodejs ca-certificates jq make gcc g++ + +RUN npm install -g \ + npm@$(curl "https://release-monitoring.org/api/v2/versions/?project_id=190206" | jq --raw-output '.stable_versions[0]') + + +# Runtime dependencies +FROM quay.io/almalinuxorg/9-base AS installer + +COPY --from=quay.io/almalinuxorg/9-micro / /rpms +RUN --mount=type=cache,target=/var/cache/dnf \ + dnf install --assumeyes \ + --installroot /rpms \ + --releasever=9 \ + --setopt=install_weak_deps=false \ + --nodocs \ + nodejs ca-certificates + +RUN dnf clean all \ + --installroot /rpms + + +# Proxy + certbot +FROM quay.io/almalinuxorg/9-base AS proxy-installer + +RUN dnf install epel-release --assumeyes + +COPY --from=quay.io/almalinuxorg/9-micro / /rpms +RUN --mount=type=cache,target=/var/cache/dnf \ + dnf install --assumeyes \ + --installroot /rpms \ + --releasever=9 \ + --setopt=install_weak_deps=false \ + --setopt=reposdir=/etc/yum.repos.d \ + --nodocs \ + nginx-core certbot python3-certbot-nginx + +RUN dnf clean all \ + --installroot /rpms + +################################################################################# +# BUILDER # +################################################################################# + +FROM builder-installer AS builder + +RUN mkdir -p /usr/src/app +WORKDIR /usr/src/app +COPY package.json ./ RUN npm install --frozen-lockfile +COPY ./ ./ +COPY p/server.js ./ + +################################################################################# +# FINAL IMAGE # +################################################################################# + +FROM quay.io/almalinuxorg/9-micro AS release-base + +# Grab npm +COPY --from=installer /rpms / + +# Grab site +COPY --from=builder /usr/src/app /app + +WORKDIR /app + ENV NODE_ENV production -CMD ["node", "p/server.js"] + + +# Final image +FROM release-base as release +# EXPOSE 3000/tcp +ENTRYPOINT [ "node", "server.js" ] + +# Final image with extras +FROM release-base AS release-aio +# Grab nginx and certbot +COPY --from=proxy-installer /rpms / + +COPY p/entrypoint.sh entrypoint.sh +RUN chmod +x entrypoint.sh +COPY p/nginx.conf.example /etc/nginx/conf.d/poketube.conf + +# EXPOSE 80/tcp +# EXPOSE 443/tcp +ENTRYPOINT [ "/usr/bin/bash", "./entrypoint.sh" ] +CMD [ "node", "server.js" ] \ No newline at end of file diff --git a/p/entrypoint.sh b/p/entrypoint.sh new file mode 100644 index 0000000..a642a43 --- /dev/null +++ b/p/entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/bash + +set -e + +if [[ "$STAGING" == true ]]; then + TEST="--test-cert" + echo Using staging server! +else + TEST="" + echo Using production server! +fi + +if [[ -v "HOSTNAME" && -v "EMAIL" ]]; then + echo Creating nginx config... + sed -i "s/SERVERNAME/$HOSTNAME/" /etc/nginx/conf.d/poketube.conf + echo Starting certbot + certbot run --nginx -n \ + -d $HOSTNAME \ + -d www.$HOSTNAME\ + --agree-tos \ + --email $EMAIL \ + $TEST + echo Starting nginx + nginx -s reload + +else + echo Please set HOSTNAME and/or EMAIL! + exit 1 +fi + +exec "$@" \ No newline at end of file diff --git a/p/nginx.conf.example b/p/nginx.conf.example new file mode 100644 index 0000000..2055aef --- /dev/null +++ b/p/nginx.conf.example @@ -0,0 +1,19 @@ +server { + listen 80; + server_name www.SERVERNAME; + return 301 $scheme://SERVERNAME$request_uri; +} + +server { + listen 80; + server_name SERVERNAME; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-NginX-Proxy true; + proxy_pass http://localhost:3000; + proxy_ssl_session_reuse off; + proxy_set_header Host $http_host; + } +} \ No newline at end of file From b0d75415f3277be05fee85fcc69db70ae13d2cc1 Mon Sep 17 00:00:00 2001 From: Nolan Poe Date: Fri, 30 Dec 2022 13:48:17 -0800 Subject: [PATCH 2/3] Move files --- p/entrypoint.sh => entrypoint.sh | 7 +++---- p/nginx.conf.example => nginx.conf.example | 0 p/Dockerfile | 6 +++--- 3 files changed, 6 insertions(+), 7 deletions(-) rename p/entrypoint.sh => entrypoint.sh (89%) rename p/nginx.conf.example => nginx.conf.example (100%) diff --git a/p/entrypoint.sh b/entrypoint.sh similarity index 89% rename from p/entrypoint.sh rename to entrypoint.sh index a642a43..4f599e6 100644 --- a/p/entrypoint.sh +++ b/entrypoint.sh @@ -16,16 +16,15 @@ if [[ -v "HOSTNAME" && -v "EMAIL" ]]; then echo Starting certbot certbot run --nginx -n \ -d $HOSTNAME \ - -d www.$HOSTNAME\ - --agree-tos \ + -d www.$HOSTNAME --agree-tos \ --email $EMAIL \ $TEST echo Starting nginx nginx -s reload - + else echo Please set HOSTNAME and/or EMAIL! exit 1 fi -exec "$@" \ No newline at end of file +exec "$@" diff --git a/p/nginx.conf.example b/nginx.conf.example similarity index 100% rename from p/nginx.conf.example rename to nginx.conf.example diff --git a/p/Dockerfile b/p/Dockerfile index 1e25ae7..048a249 100644 --- a/p/Dockerfile +++ b/p/Dockerfile @@ -82,16 +82,16 @@ ENV NODE_ENV production # Final image FROM release-base as release # EXPOSE 3000/tcp -ENTRYPOINT [ "node", "server.js" ] +CMD [ "node", "server.js" ] # Final image with extras FROM release-base AS release-aio # Grab nginx and certbot COPY --from=proxy-installer /rpms / -COPY p/entrypoint.sh entrypoint.sh +COPY entrypoint.sh entrypoint.sh RUN chmod +x entrypoint.sh -COPY p/nginx.conf.example /etc/nginx/conf.d/poketube.conf +COPY nginx.conf.example /etc/nginx/conf.d/poketube.conf # EXPOSE 80/tcp # EXPOSE 443/tcp From a2d4091a3861ab4021a4c27d5c9633f2f8cfd8ec Mon Sep 17 00:00:00 2001 From: Nolan Poe Date: Sun, 1 Jan 2023 21:28:35 -0800 Subject: [PATCH 3/3] Do not copy root on proxy dockerfile --- p/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p/Dockerfile b/p/Dockerfile index 048a249..773cac0 100644 --- a/p/Dockerfile +++ b/p/Dockerfile @@ -59,7 +59,7 @@ RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY package.json ./ RUN npm install --frozen-lockfile -COPY ./ ./ +# COPY ./ ./ COPY p/server.js ./ #################################################################################