|
|
|
@ -41,9 +41,9 @@ FROM base AS frontend-runner
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
RUN addgroup --system --gid 1001 nodejs
|
|
|
|
|
RUN adduser --system --uid 1001 nextjs
|
|
|
|
|
RUN adduser --system --uid 1001 non-root-user
|
|
|
|
|
|
|
|
|
|
RUN mkdir -p /app/.next/cache/images && chown nextjs:nodejs /app/.next/cache/images
|
|
|
|
|
RUN mkdir -p /app/.next/cache/images && chown non-root-user:nodejs /app/.next/cache/images
|
|
|
|
|
VOLUME /app/.next/cache/images
|
|
|
|
|
|
|
|
|
|
ARG POSTHOG_API_KEY
|
|
|
|
@ -53,13 +53,13 @@ ARG INTERCOM_ID
|
|
|
|
|
ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
|
|
|
|
|
BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
|
|
|
|
|
|
|
|
|
|
COPY --chown=nextjs:nodejs --chmod=555 frontend/scripts ./scripts
|
|
|
|
|
COPY --chown=non-root-user:nodejs --chmod=555 frontend/scripts ./scripts
|
|
|
|
|
COPY --from=frontend-builder /app/public ./public
|
|
|
|
|
RUN chown nextjs:nodejs ./public/data
|
|
|
|
|
COPY --from=frontend-builder --chown=nextjs:nodejs /app/.next/standalone ./
|
|
|
|
|
COPY --from=frontend-builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
|
|
|
|
RUN chown non-root-user:nodejs ./public/data
|
|
|
|
|
COPY --from=frontend-builder --chown=non-root-user:nodejs /app/.next/standalone ./
|
|
|
|
|
COPY --from=frontend-builder --chown=non-root-user:nodejs /app/.next/static ./.next/static
|
|
|
|
|
|
|
|
|
|
USER nextjs
|
|
|
|
|
USER non-root-user
|
|
|
|
|
|
|
|
|
|
ENV NEXT_TELEMETRY_DISABLED 1
|
|
|
|
|
|
|
|
|
@ -67,6 +67,8 @@ ENV NEXT_TELEMETRY_DISABLED 1
|
|
|
|
|
## BACKEND
|
|
|
|
|
##
|
|
|
|
|
FROM base AS backend-build
|
|
|
|
|
RUN addgroup --system --gid 1001 nodejs \
|
|
|
|
|
&& adduser --system --uid 1001 non-root-user
|
|
|
|
|
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
@ -74,7 +76,7 @@ COPY backend/package*.json ./
|
|
|
|
|
RUN npm ci --only-production
|
|
|
|
|
|
|
|
|
|
COPY /backend .
|
|
|
|
|
COPY standalone-entrypoint.sh standalone-entrypoint.sh
|
|
|
|
|
COPY --chown=non-root-user:nodejs standalone-entrypoint.sh standalone-entrypoint.sh
|
|
|
|
|
RUN npm run build
|
|
|
|
|
|
|
|
|
|
# Production stage
|
|
|
|
@ -91,6 +93,8 @@ RUN mkdir frontend-build
|
|
|
|
|
|
|
|
|
|
# Production stage
|
|
|
|
|
FROM base AS production
|
|
|
|
|
RUN addgroup --system --gid 1001 nodejs \
|
|
|
|
|
&& adduser --system --uid 1001 non-root-user
|
|
|
|
|
|
|
|
|
|
WORKDIR /
|
|
|
|
|
|
|
|
|
@ -98,9 +102,7 @@ COPY --from=backend-runner /app /backend
|
|
|
|
|
|
|
|
|
|
COPY --from=frontend-runner /app ./backend/frontend-build
|
|
|
|
|
|
|
|
|
|
EXPOSE 80
|
|
|
|
|
|
|
|
|
|
ENV PORT 80
|
|
|
|
|
ENV PORT 8080
|
|
|
|
|
ENV HTTPS_ENABLED false
|
|
|
|
|
ENV NODE_ENV production
|
|
|
|
|
|
|
|
|
@ -108,6 +110,13 @@ WORKDIR /backend
|
|
|
|
|
|
|
|
|
|
ENV TELEMETRY_ENABLED true
|
|
|
|
|
|
|
|
|
|
HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \
|
|
|
|
|
CMD node healthcheck.js
|
|
|
|
|
|
|
|
|
|
EXPOSE 8080
|
|
|
|
|
|
|
|
|
|
USER non-root-user
|
|
|
|
|
|
|
|
|
|
CMD ["./standalone-entrypoint.sh"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|