mirror of
https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git
synced 2025-07-16 17:48:49 +02:00
WIP: first steps to create distroless frontend OCI image using nix
This commit is contained in:
@ -42,7 +42,6 @@ services:
|
|||||||
build:
|
build:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
context: ./frontend
|
context: ./frontend
|
||||||
target: prod
|
|
||||||
# open port 8000
|
# open port 8000
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000"
|
- "8000:8000"
|
||||||
@ -50,7 +49,7 @@ services:
|
|||||||
rproxy:
|
rproxy:
|
||||||
image: docker.io/bitnami/nginx:1.27
|
image: docker.io/bitnami/nginx:1.27
|
||||||
volumes:
|
volumes:
|
||||||
- ./reverseproxy.local.conf:/opt/bitnami/nginx/conf/nginx.conf
|
- ./reverseproxy.local.conf:/var/conf/nginx.conf
|
||||||
depends_on:
|
depends_on:
|
||||||
- htwkalender-data-manager
|
- htwkalender-data-manager
|
||||||
- htwkalender-frontend
|
- htwkalender-frontend
|
||||||
|
@ -1,20 +1,3 @@
|
|||||||
#Calendar implementation for the HTWK Leipzig timetable. Evaluation and display of the individual dates in iCal format.
|
|
||||||
#Copyright (C) 2024 HTWKalender support@htwkalender.de
|
|
||||||
|
|
||||||
#This program is free software: you can redistribute it and/or modify
|
|
||||||
#it under the terms of the GNU Affero General Public License as published by
|
|
||||||
#the Free Software Foundation, either version 3 of the License, or
|
|
||||||
#(at your option) any later version.
|
|
||||||
|
|
||||||
#This program is distributed in the hope that it will be useful,
|
|
||||||
#but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
#GNU Affero General Public License for more details.
|
|
||||||
|
|
||||||
#You should have received a copy of the GNU Affero General Public License
|
|
||||||
#along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
# build stage
|
|
||||||
FROM docker.io/node:lts-alpine AS build
|
FROM docker.io/node:lts-alpine AS build
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
@ -23,20 +6,40 @@ RUN npm ci
|
|||||||
COPY / ./
|
COPY / ./
|
||||||
RUN npm run build
|
RUN npm run build
|
||||||
|
|
||||||
# development stage
|
FROM docker.io/nixos/nix:2.26.2 AS build-nginx
|
||||||
FROM docker.io/node:lts-alpine AS dev
|
|
||||||
|
|
||||||
WORKDIR /app
|
# Install nginx
|
||||||
COPY package*.json ./
|
RUN mkdir -p /output/store
|
||||||
RUN npm install
|
RUN nix-env --profile /output/profile -i nginx
|
||||||
COPY . ./
|
RUN cp -va $(nix-store -qR /output/profile) /output/store
|
||||||
|
|
||||||
# production stage
|
# Create empty directories needed by nginx
|
||||||
# https://hub.docker.com/r/bitnami/nginx -> always run as non-root user
|
RUN mkdir -p /to_add/var/log/nginx \
|
||||||
FROM docker.io/bitnami/nginx:1.27 AS prod
|
/to_add/var/cache/nginx/tmp \
|
||||||
|
/to_add/var/conf/ \
|
||||||
|
/to_add/var/conf/ \
|
||||||
|
/to_add/var/www \
|
||||||
|
/to_add/var/run
|
||||||
|
|
||||||
# copy build files from build container
|
# Create user and group for nginx
|
||||||
COPY --from=build /app/dist /app
|
RUN nix-shell -p busybox --command "addgroup --system nginx && adduser --system -G nginx --uid 31337 nginx"
|
||||||
COPY ./nginx.conf /opt/bitnami/nginx/conf/nginx.conf
|
|
||||||
|
|
||||||
|
# Make sure nginx can write to required directories
|
||||||
|
RUN chown -R 31337 /to_add/
|
||||||
|
|
||||||
|
FROM scratch
|
||||||
|
|
||||||
|
# Copy over nginx files and dependencies
|
||||||
|
COPY --from=build-nginx /output/store /nix/store
|
||||||
|
COPY --from=build-nginx /output/profile/ /usr/local/
|
||||||
|
COPY --from=build-nginx /to_add /
|
||||||
|
|
||||||
|
# Copy required user information
|
||||||
|
COPY --from=build-nginx /etc/passwd /etc/passwd
|
||||||
|
COPY --from=build-nginx /etc/group /etc/group
|
||||||
|
|
||||||
|
# Add user specific content and config
|
||||||
|
COPY --from=build --chown=nginx:nginx /app/dist/ /var/www/
|
||||||
|
COPY ./nginx.conf /var/conf/nginx.conf
|
||||||
EXPOSE 8000
|
EXPOSE 8000
|
||||||
|
ENTRYPOINT ["nginx", "-p", "/var/"]
|
@ -13,50 +13,40 @@
|
|||||||
|
|
||||||
#You should have received a copy of the GNU Affero General Public License
|
#You should have received a copy of the GNU Affero General Public License
|
||||||
#along with this program. If not, see <https://www.gnu.org/licenses/>.
|
#along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
user nginx;
|
||||||
worker_processes 4;
|
worker_processes auto;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
error_log /opt/bitnami/nginx/logs/error.log;
|
|
||||||
pid /opt/bitnami/nginx/tmp/nginx.pid;
|
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
include mime.types;
|
default_type application/octet-stream;
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
log_format anonymized '[$time_local] "$request" $status $body_bytes_sent "$http_referer"';
|
log_format anonymized '[$time_local] "$request" $status $body_bytes_sent "$http_referer"';
|
||||||
|
|
||||||
access_log /opt/bitnami/nginx/logs/proxy_access.log anonymized;
|
access_log /var/log/nginx/proxy_access.log anonymized;
|
||||||
error_log /opt/bitnami/nginx/logs/proxy_error.log error;
|
error_log /var/log/nginx/proxy_error.log error;
|
||||||
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
keepalive_timeout 180s;
|
keepalive_timeout 180s;
|
||||||
send_timeout 180s;
|
send_timeout 180s;
|
||||||
|
|
||||||
client_body_temp_path /opt/bitnami/nginx/tmp/client_temp;
|
client_body_temp_path /var/cache/nginx/tmp/client_temp;
|
||||||
proxy_temp_path /opt/bitnami/nginx/tmp/proxy_temp_path;
|
proxy_temp_path /var/cache/nginx/tmp/proxy_temp_path;
|
||||||
fastcgi_temp_path /opt/bitnami/nginx/tmp/fastcgi_temp;
|
fastcgi_temp_path /var/cache/nginx/tmp/fastcgi_temp;
|
||||||
uwsgi_temp_path /opt/bitnami/nginx/tmp/uwsgi_temp;
|
uwsgi_temp_path /var/cache/nginx/tmp/uwsgi_temp;
|
||||||
scgi_temp_path /opt/bitnami/nginx/tmp/scgi_temp;
|
scgi_temp_path /var/cache/nginx/tmp/scgi_temp;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 8000;
|
listen 8000;
|
||||||
listen [::]:8000;
|
server_name localhost;
|
||||||
server_name localhost;
|
|
||||||
|
root /var/www;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
root /opt/bitnami/nginx/html;
|
try_files $uri $uri/ =404;
|
||||||
index index.html index.htm;
|
|
||||||
|
|
||||||
#necessary to display vue subpage
|
|
||||||
try_files $uri $uri.html $uri/ /index.html;
|
|
||||||
}
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /50x.html {
|
|
||||||
root /opt/bitnami/nginx/html;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user