beenull/libremdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

build: harden docker implementation (#38)

Browse source 
* harden docker implementation

* fix caching error

---------

Co-authored-by: Nullnet Services Administrator <admin@nullnet.services>
This commit is contained in:
kuanhulio 2023-03-19 22:46:32 -04:00 committed by GitHub
parent 505ff4d839
commit 1eeaab259d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Dockerfile
View file

@ -5,6 +5,7 @@ FROM node:lts-alpine AS deps
WORKDIR /opt/app
COPY package.json pnpm-lock.yaml ./
RUN npm install -g pnpm
RUN pnpm install --frozen-lockfile
# Rebuild the source code only when needed
@ -15,13 +16,13 @@ FROM node:lts-alpine AS builder
ENV NODE_ENV=production
WORKDIR /opt/app
RUN npm install -g pnpm
COPY . .
COPY --from=deps /opt/app/node_modules ./node_modules
RUN pnpm build
# Production image, copy all the files and run next
FROM node:lts-alpine AS runner
FROM gcr.io/distroless/nodejs18-debian11 AS runner
ARG X_TAG
WORKDIR /opt/app
ENV NODE_ENV=production
@ -31,4 +32,4 @@ COPY --from=builder /opt/app/.next ./.next
COPY --from=builder /opt/app/node_modules ./node_modules
ENV HOST=0.0.0.0
ENV PORT=3000
CMD ["node_modules/.bin/next", "start"]
CMD ["./node_modules/next/dist/bin/next", "start"]

34
docker-compose.example.yml
View file

@ -3,21 +3,45 @@
version: '3'
services:
frontend:
libremdb:
container_name: libremdb
build:
context: .
network: host
dockerfile: Dockerfile
ports:
- "3000:3000"
env_file: .env.local
env_file: .env.local.example
depends_on:
- redis
- libremdb-redis
restart: always
redis:
user: 65534:65534 # equivalent to the nobody user
read_only: true
tmpfs:
- /opt/app/.next/cache/:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
networks:
- libremdb
libremdb-redis:
container_name: libremdb_redis
image: redis
# FOR DEBUGGING ONLY
# ports:
# - "6379:6379"
restart: always
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
networks:
- libremdb
networks:
libremdb: