diff --git a/apps/deploy-web/nginx.conf b/apps/deploy-web/nginx.conf new file mode 100644 index 000000000..d7434112d --- /dev/null +++ b/apps/deploy-web/nginx.conf @@ -0,0 +1,33 @@ +# nginx.conf + +events { +} + +http { + server { + # Redirect HTTP requests to HTTPS. + listen 80; + return 307 https://$host$request_uri; + } + + server { + listen 443 ssl; + + server_tokens off; + + ssl_certificate /etc/nginx/ssl/my_ssl_cert.crt; + ssl_certificate_key /etc/nginx/ssl/my_ssl_key.key; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_pass http://127.0.0.1:3000; + proxy_buffers 8 16k; + proxy_buffer_size 16k; + proxy_cookie_path / "/; HTTPOnly; Secure"; + } + } +} diff --git a/docker-compose.build.yml b/docker-compose.build.yml index dc811d1e9..649ca709f 100644 --- a/docker-compose.build.yml +++ b/docker-compose.build.yml @@ -26,7 +26,7 @@ services: deploy-web: image: console-deploy-web:${DEPLOY_WEB_TAG:-latest} build: - dockerfile: docker/Dockerfile.nextjs + dockerfile: docker/Dockerfile.deploy-web target: production args: WORKSPACE: apps/deploy-web diff --git a/docker/Dockerfile.deploy-web b/docker/Dockerfile.deploy-web index e69de29bb..446a99069 100644 --- a/docker/Dockerfile.deploy-web +++ b/docker/Dockerfile.deploy-web @@ -0,0 +1,52 @@ +FROM node:20-alpine AS base + +ARG WORKSPACE +ENV WORKSPACE $WORKSPACE + +ENV NEXT_TELEMETRY_DISABLED 1 + +FROM base AS development + +ENV NODE_ENV development + +WORKDIR /app + +RUN apk add --no-cache libc6-compat + +COPY $WORKSPACE ./$WORKSPACE +COPY /packages /app/packages +COPY package.json /app +COPY package-lock.json /app + +RUN npm install + +CMD ["npm", "run", "dev", "--workspace", "${WORKSPACE}"] + +FROM development AS builder + +WORKDIR /app + +ENV NODE_ENV production + +RUN npm run build -w $WORKSPACE + +FROM base AS production + +WORKDIR /app + +ENV NODE_ENV production + +COPY --from=builder /app/$WORKSPACE/public ./$WORKSPACE/public +COPY --from=builder /app/$WORKSPACE/.next/standalone ./ +COPY --from=builder /app/$WORKSPACE/.next/static ./$WORKSPACE/.next/static + +RUN apk add --no-cache libcap nginx openssl +RUN setcap cap_net_bind_service=+ep `readlink -f \`which node\`` + +RUN apk add --no-cache nginx +RUN mkdir -p /etc/nginx/ssl +RUN openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/nginx/ssl/my_ssl_key.key -out /etc/nginx/ssl/my_ssl_cert.crt -subj "/CN=cloudmos.io" -days 600 +COPY apps/deploy-web/nginx.conf /etc/nginx/nginx.conf +RUN nginx -t + +CMD sed -i "s/127.0.0.1/$(hostname -i)/" /etc/nginx/nginx.conf && nginx && node apps/deploy-web/server.js \ No newline at end of file