[TECH] Initial Dockerfile to host pix-site in scaleway

 #652

.dockerignore

@@ -0,0 +1,9 @@
+**/node_modules
+*~
+*.bak
+*.swp
+.cache/
+tmp/
+temp/
+.npm/
+npm-debug.log

Dockerfile

@@ -0,0 +1,44 @@
+ARG SITE=pix-site
+FROM node:18.20-alpine AS build-stage
+ARG SITE
+
+# Copy des packages.json 
+COPY ${SITE}/package-lock.json /code/${SITE}/package-lock.json
+COPY ${SITE}/package.json /code/${SITE}/package.json
+
+COPY shared/package-lock.json /code/shared/package-lock.json
+COPY shared/package.json /code/shared/package.json
+
+WORKDIR /code/shared
+
+# Installation des nodes_modules 
+RUN npm ci
+
+WORKDIR /code/${SITE}
+
+RUN npm ci
+
+# Copy du code
+COPY shared /code/shared
+COPY ${SITE}/ /code/${SITE}
+
+# Build de l'application 
+
+RUN npm run build
+
+FROM nginx:1.26.0-alpine AS run-stage
+ARG SITE
+
+# Prise en compte des logs nginx avec Alpine 
+RUN ln -sf /dev/stdout /var/log/nginx/access.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
+
+ENV PORT=80
+ENV NGINX_GEOAPI_UPSTREAM_HOST=localhost
+
+# Récupération du build et de la configuration 
+COPY --from=build-stage /code/${SITE}/build /usr/share/nginx/html 
+COPY ${SITE}/nginx/templates /etc/nginx/templates
+COPY ${SITE}/nginx/includes /etc/nginx/includes
+
+CMD ["nginx", "-g", "daemon off;"]

INSTALL.md

@@ -0,0 +1,45 @@
+# Installation
+
+## Builpack
+
+Ce projet est compatible avec les buildpacks de scalingo.
+Deux répertoires 
+- pix-site
+- pix-pro
+
+## Docker
+
+Un dockerfile est diposible à la racine du projet, pour pix-site et pix-pro
+
+### Build pix-site
+
+```
+docker build \
+--build-arg "DOMAIN_FR=localhost:8080" \
+--build-arg "DOMAIN_ORG=localhost:8080" \
+--build-arg "SITE=pix-site" \
+-t pix-site .
+```
+### Run pix-site
+
+```
+docker run -ti -p 8080:80 pix-site
+
+```
+
+### Build pix-pro
+
+```
+docker build \
+--build-arg "DOMAIN_FR=localhost:8080" \
+--build-arg "DOMAIN_ORG=localhost:8080" \
+--build-arg "SITE=pix-pro" \
+-t pix-pro .
+```
+
+### Run pix-pro
+
+```
+docker run -ti -p 8080:80 pix-pro
+
+```

pix-pro/nginx/includes/rewrites.conf

@@ -0,0 +1,3 @@
+rewrite ^/en-gb(.*)$ /en$1 permanent;
+rewrite ^/(aide|help)$ https://support.pix.org redirect;
+rewrite ^/employeurs$ https://pro.pix.fr redirect;

pix-pro/nginx/templates/default.conf.template

@@ -0,0 +1,73 @@
+log_format keyvalue
+  'method=$request_method'
+  ' path="$request_uri"'
+  ' host=$host'
+  ' request_id=$http_x_request_id'
+  ' from="$remote_addr"'
+  ' protocol=$scheme'
+  ' status=$status'
+  ' duration=${request_time}s'
+  ' bytes=$bytes_sent'
+  ' referer="$http_referer"'
+  ' user_agent="$http_user_agent"'
+  ' nginx_logger_version="1"'
+  ' bln_ja3="$http_bln_ssl_ja3_hash"'
+  ' bln_fate="$http_bln_request_fate"'
+  ' bln_fate_action="$http_bln_request_fate_action"'
+  ' bln_debug_path="$http_bln_debug_path"'
+  ' cookie_locale="$cookie_locale"'
+  ' nuxt-version="3"';
+
+# In order to avoid logging access twice per request
+# it is necessary to turn off the top-level (e.g. http) buildpack default access_log
+# as we are about to override it in the server directive here below
+access_log off;
+
+port_in_redirect off;
+
+upstream api {
+  server ${NGINX_GEOAPI_UPSTREAM_HOST}:443 max_fails=3 fail_timeout=5s;
+}
+
+server {
+  error_log /dev/stderr info;
+  access_log /dev/stdout keyvalue;
+
+  listen ${PORT};
+
+  server_name ~(?<extension>(fr|org))$;
+  if ($extension = '') {
+    set $extension 'fr';
+  }
+
+  if ($http_x_forwarded_host ~ \.org) {
+    set $extension 'org';
+  }
+
+
+  location /geolocate {
+    proxy_pass https://api/me;
+    proxy_redirect default;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host ${NGINX_GEOAPI_UPSTREAM_HOST};
+  }
+
+
+  charset utf-8;
+
+  # Disable compression that is performed by the Scalingo router anyway
+  gzip off;
+
+  # Serve from dist/pix.fr or dist/pix.org depending on the extension
+  root /usr/share/nginx/html/$extension;
+
+  include includes/rewrites.conf;
+
+  error_page 400 401 403 404 418 500 502 503 504 /404.html;
+
+  location ~ ^/(_assets|_nuxt|images|scripts)/ {
+    expires 1y;
+    add_header Cache-Control public;
+    add_header ETag "";
+  }
+}

pix-pro/servers.conf.erb

@@ -65,9 +65,7 @@ server {
   # Serve from dist/pix.fr or dist/pix.org depending on the extension
   root /app/build/$extension;
 
-  rewrite ^/en-gb(.*)$ /en$1 permanent;
-  rewrite ^/(aide|help)$ https://support.pix.org redirect;
-  rewrite ^/employeurs$ https://pro.pix.fr redirect;
+  include /app/nginx/includes/rewrites.conf;
 
   error_page 400 401 403 404 418 500 502 503 504 /404.html;
 

pix-site/nginx/includes/rewrites.conf

@@ -0,0 +1,4 @@
+rewrite ^/en-gb(.*)$ /en$1 permanent;
+rewrite ^/(aide|help)$ https://support.pix.org redirect;
+rewrite ^/support/(enseignement-superieur|mediation-numerique|centre-de-certification|professionnel)$ https://support.pix.org redirect;
+rewrite ^/employeurs$ https://pro.pix.fr redirect;

pix-site/nginx/templates/default.conf.template

@@ -0,0 +1,74 @@
+# Fichier de configuration template utilisé uniquement pour Docker
+
+log_format keyvalue
+  'method=$request_method'
+  ' path="$request_uri"'
+  ' host=$host'
+  ' request_id=$http_x_request_id'
+  ' from="$remote_addr"'
+  ' protocol=$scheme'
+  ' status=$status'
+  ' duration=${request_time}s'
+  ' bytes=$bytes_sent'
+  ' referer="$http_referer"'
+  ' user_agent="$http_user_agent"'
+  ' nginx_logger_version="1"'
+  ' bln_ja3="$http_bln_ssl_ja3_hash"'
+  ' bln_fate="$http_bln_request_fate"'
+  ' bln_fate_action="$http_bln_request_fate_action"'
+  ' bln_debug_path="$http_bln_debug_path"'
+  ' cookie_locale="$cookie_locale"'
+  ' nuxt-version="3"';
+
+# In order to avoid logging access twice per request
+# it is necessary to turn off the top-level (e.g. http) buildpack default access_log
+# as we are about to override it in the server directive here below
+access_log off;
+
+port_in_redirect off;
+
+upstream api {
+  server ${NGINX_GEOAPI_UPSTREAM_HOST}:443 max_fails=3 fail_timeout=5s;
+}
+
+server {
+  error_log /dev/stderr info;
+  access_log /dev/stdout;
+
+  listen ${PORT};
+
+  server_name ~(?<extension>(fr|org))$;
+  if ($extension = '') {
+    set $extension 'fr';
+  }
+
+  if ($http_x_forwarded_host ~ \.org) {
+    set $extension 'org';
+  }
+
+
+  location /geolocate {
+    proxy_pass https://api/me;
+    proxy_redirect default;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host ${NGINX_GEOAPI_UPSTREAM_HOST};
+  }
+
+  charset utf-8;
+
+  # Disable compression that is performed by the Scalingo router anyway
+  gzip off;
+
+  # Serve from dist/pix.fr or dist/pix.org depending on the extension
+  root /usr/share/nginx/html/$extension;
+
+  include includes/rewrites.conf;
+
+  error_page 400 401 403 404 418 500 502 503 504 /404.html;
+
+  location ~ ^/(_assets|_nuxt|images|scripts)/ {
+    expires 1y;
+    add_header Cache-Control public;
+    add_header ETag "";
+  }
+}

pix-site/servers.conf.erb

@@ -65,10 +65,7 @@ server {
   # Serve from dist/pix.fr or dist/pix.org depending on the extension
   root /app/build/$extension;
 
-  rewrite ^/en-gb(.*)$ /en$1 permanent;
-  rewrite ^/(aide|help)$ https://support.pix.org redirect;
-  rewrite ^/support/(enseignement-superieur|mediation-numerique|centre-de-certification|professionnel)$ https://support.pix.org redirect;
-  rewrite ^/employeurs$ https://pro.pix.fr redirect;
+  include /app/nginx/includes/rewrites.conf;
 
   error_page 400 401 403 404 418 500 502 503 504 /404.html;