beenull/libremdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

build: harden docker implementation (#38)

Browse source 
* harden docker implementation

* fix caching error

---------

Co-authored-by: Nullnet Services Administrator <admin@nullnet.services>
This commit is contained in:
kuanhulio 2023-03-19 22:46:32 -04:00 committed by GitHub
parent 505ff4d839
commit 1eeaab259d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Dockerfile
View file

@ -5,6 +5,7 @@ FROM node:lts-alpine AS deps
WORKDIR /opt/app WORKDIR /opt/app
COPY package.json pnpm-lock.yaml ./ COPY package.json pnpm-lock.yaml ./
RUN npm install -g pnpm
RUN pnpm install --frozen-lockfile RUN pnpm install --frozen-lockfile
# Rebuild the source code only when needed # Rebuild the source code only when needed
@ -15,13 +16,13 @@ FROM node:lts-alpine AS builder
ENV NODE_ENV=production ENV NODE_ENV=production
WORKDIR /opt/app WORKDIR /opt/app
RUN npm install -g pnpm
COPY . . COPY . .
COPY --from=deps /opt/app/node_modules ./node_modules COPY --from=deps /opt/app/node_modules ./node_modules
RUN pnpm build RUN pnpm build
# Production image, copy all the files and run next # Production image, copy all the files and run next
FROM node:lts-alpine AS runner FROM gcr.io/distroless/nodejs18-debian11 AS runner
ARG X_TAG ARG X_TAG
WORKDIR /opt/app WORKDIR /opt/app
ENV NODE_ENV=production ENV NODE_ENV=production
@ -31,4 +32,4 @@ COPY --from=builder /opt/app/.next ./.next
COPY --from=builder /opt/app/node_modules ./node_modules COPY --from=builder /opt/app/node_modules ./node_modules
ENV HOST=0.0.0.0 ENV HOST=0.0.0.0
ENV PORT=3000 ENV PORT=3000
CMD ["node_modules/.bin/next", "start"] CMD ["./node_modules/next/dist/bin/next", "start"]

36
docker-compose.example.yml
View file

@ -3,21 +3,45 @@
version: '3' version: '3'
services: services:
frontend: libremdb:
container_name: libremdb container_name: libremdb
build: build:
context: . context: .
network: host dockerfile: Dockerfile
ports: ports:
- "3000:3000" - "3000:3000"
env_file: .env.local env_file: .env.local.example
depends_on: depends_on:
- redis - libremdb-redis
restart: always restart: always
redis: user: 65534:65534 # equivalent to the nobody user
read_only: true
tmpfs:
- /opt/app/.next/cache/:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
networks:
- libremdb
libremdb-redis:
container_name: libremdb_redis container_name: libremdb_redis
image: redis image: redis
# FOR DEBUGGING ONLY # FOR DEBUGGING ONLY
# ports: # ports:
# - "6379:6379" # - "6379:6379"
restart: always restart: always
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
networks:
- libremdb
networks:
libremdb: