From f1b9f873cf1f8a231a678bc3aabcbe8290801149 Mon Sep 17 00:00:00 2001
From: alipix <ali.elamrani@zenika.com>
Date: Fri, 3 May 2024 09:03:54 +0200
Subject: [PATCH 1/7] [TECH] Initial Dockerfile to host pix-site in scalway

---
 Dockerfile                | 30 ++++++++++++++++++++++++++++++
 pix-site/servers.conf.erb |  2 +-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..ba8239f69
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,30 @@
+FROM node:18.20-alpine AS build-stage
+
+RUN apk update  \
+  && apk add ruby
+
+COPY pix-site code/pix-site
+COPY shared code/shared
+
+ENV SITE=pix-site
+
+WORKDIR /code/shared
+RUN npm install
+
+WORKDIR ../pix-site
+RUN npm install
+RUN npm run build
+
+ENV PORT=80
+RUN erb servers.conf.erb > nginx.conf
+
+FROM nginx:alpine AS run-stage
+
+COPY --from=build-stage /code/pix-site/build /app/build/
+COPY --from=build-stage /code/pix-site/nginx.conf /etc/nginx/conf.d/pix-site.conf
+
+RUN chown -R nginx:nginx /app/
+RUN mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.backup
+
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/pix-site/servers.conf.erb b/pix-site/servers.conf.erb
index e9a2bdfb0..b8121eb5f 100644
--- a/pix-site/servers.conf.erb
+++ b/pix-site/servers.conf.erb
@@ -35,7 +35,7 @@ upstream api {
 <% end %>
 
 server {
-  access_log logs/access.log keyvalue;
+  # access_log logs/access.log keyvalue;
 
   listen <%= ENV['PORT'] %>;
 

From 9f6281f5a35c21bcde9f11d543e2e61a8b8a2ba3 Mon Sep 17 00:00:00 2001
From: Yoan de LUCA <yoan.de-luca@pix.fr>
Date: Wed, 15 May 2024 12:33:27 +0200
Subject: [PATCH 2/7] [TECH] add docker ignore file to optimize docker build
 process

---
 .dockerignore | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..edde6c59c
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,9 @@
+**/node_modules
+*~
+*.bak
+*.swp
+.cache/
+tmp/
+temp/
+.npm/
+npm-debug.log
\ No newline at end of file

From 07d21cf49c12a884b73df6d8b4641989ff9bd13b Mon Sep 17 00:00:00 2001
From: Yoan de LUCA <yoan.de-luca@pix.fr>
Date: Wed, 15 May 2024 12:34:26 +0200
Subject: [PATCH 3/7] [TECH] update Dockerfile to use best practices and nginx
 templates

---
 Dockerfile                                    | 41 ++++++-----
 pix-site/nginx/includes/rewrites.conf         |  4 ++
 .../nginx/templates/default.conf.template     | 72 +++++++++++++++++++
 pix-site/servers.conf.erb                     |  5 +-
 4 files changed, 102 insertions(+), 20 deletions(-)
 create mode 100644 pix-site/nginx/includes/rewrites.conf
 create mode 100644 pix-site/nginx/templates/default.conf.template

diff --git a/Dockerfile b/Dockerfile
index ba8239f69..3b0f8a1d3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,30 +1,39 @@
-FROM node:18.20-alpine AS build-stage
+ARG SITE=pix-site
 
-RUN apk update  \
-  && apk add ruby
+FROM node:18.20-alpine AS build-stage
 
-COPY pix-site code/pix-site
-COPY shared code/shared
+ARG SITE
+COPY ${SITE}/package-lock.json /code/${SITE}/package-lock.json
+COPY ${SITE}/package.json /code/${SITE}/package.json
 
-ENV SITE=pix-site
+COPY shared /code/shared
 
 WORKDIR /code/shared
-RUN npm install
 
-WORKDIR ../pix-site
-RUN npm install
+RUN npm ci
+
+WORKDIR /code/${SITE}
+
+RUN npm ci
+
+RUN ls /code/
+RUN ls /code/
+COPY ${SITE}/ /code/${SITE}
+
 RUN npm run build
 
-ENV PORT=80
-RUN erb servers.conf.erb > nginx.conf
+FROM nginx:1.26.0-alpine AS run-stage
+ARG SITE
 
-FROM nginx:alpine AS run-stage
+ENV PORT=80
+ENV NGINX_GEOAPI_UPSTREAM_HOST=localhost
 
-COPY --from=build-stage /code/pix-site/build /app/build/
-COPY --from=build-stage /code/pix-site/nginx.conf /etc/nginx/conf.d/pix-site.conf
+RUN ln -sf /dev/stdout /var/log/nginx/access.log \
+ && ln -sf /dev/stderr /var/log/nginx/error.log
 
-RUN chown -R nginx:nginx /app/
-RUN mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.backup
+COPY --from=build-stage /code/${SITE}/build /usr/share/nginx/html 
+COPY ${SITE}/nginx/templates /etc/nginx/templates
+COPY ${SITE}/nginx/includes /etc/nginx/includes
 
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/pix-site/nginx/includes/rewrites.conf b/pix-site/nginx/includes/rewrites.conf
new file mode 100644
index 000000000..ea4a74a06
--- /dev/null
+++ b/pix-site/nginx/includes/rewrites.conf
@@ -0,0 +1,4 @@
+rewrite ^/en-gb(.*)$ /en$1 permanent;
+rewrite ^/(aide|help)$ https://support.pix.org redirect;
+rewrite ^/support/(enseignement-superieur|mediation-numerique|centre-de-certification|professionnel)$ https://support.pix.org redirect;
+rewrite ^/employeurs$ https://pro.pix.fr redirect;
\ No newline at end of file
diff --git a/pix-site/nginx/templates/default.conf.template b/pix-site/nginx/templates/default.conf.template
new file mode 100644
index 000000000..933fdb683
--- /dev/null
+++ b/pix-site/nginx/templates/default.conf.template
@@ -0,0 +1,72 @@
+log_format keyvalue
+  'method=$request_method'
+  ' path="$request_uri"'
+  ' host=$host'
+  ' request_id=$http_x_request_id'
+  ' from="$remote_addr"'
+  ' protocol=$scheme'
+  ' status=$status'
+  ' duration=${request_time}s'
+  ' bytes=$bytes_sent'
+  ' referer="$http_referer"'
+  ' user_agent="$http_user_agent"'
+  ' nginx_logger_version="1"'
+  ' bln_ja3="$http_bln_ssl_ja3_hash"'
+  ' bln_fate="$http_bln_request_fate"'
+  ' bln_fate_action="$http_bln_request_fate_action"'
+  ' bln_debug_path="$http_bln_debug_path"'
+  ' cookie_locale="$cookie_locale"'
+  ' nuxt-version="3"';
+
+# In order to avoid logging access twice per request
+# it is necessary to turn off the top-level (e.g. http) buildpack default access_log
+# as we are about to override it in the server directive here below
+access_log off;
+
+port_in_redirect off;
+
+upstream api {
+  server ${NGINX_GEOAPI_UPSTREAM_HOST}:443 max_fails=3 fail_timeout=5s;
+}
+
+server {
+  error_log /dev/stderr info;
+  access_log /dev/stdout;
+
+  listen ${PORT};
+
+  server_name ~(?<extension>(fr|org))$;
+  if ($extension = '') {
+    set $extension 'fr';
+  }
+
+  if ($http_x_forwarded_host ~ \.org) {
+    set $extension 'org';
+  }
+
+
+  location /geolocate {
+    proxy_pass https://api/me;
+    proxy_redirect default;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host pix-geoapi-production.osc-secnum-fr1.scalingo.io;
+  }
+
+  charset utf-8;
+
+  # Disable compression that is performed by the Scalingo router anyway
+  gzip off;
+
+  # Serve from dist/pix.fr or dist/pix.org depending on the extension
+  root /usr/share/nginx/html/$extension;
+
+  include includes/rewrites.conf;
+
+  error_page 400 401 403 404 418 500 502 503 504 /404.html;
+
+  location ~ ^/(_assets|_nuxt|images|scripts)/ {
+    expires 1y;
+    add_header Cache-Control public;
+    add_header ETag "";
+  }
+}
\ No newline at end of file
diff --git a/pix-site/servers.conf.erb b/pix-site/servers.conf.erb
index b8121eb5f..5b3a0a414 100644
--- a/pix-site/servers.conf.erb
+++ b/pix-site/servers.conf.erb
@@ -65,10 +65,7 @@ server {
   # Serve from dist/pix.fr or dist/pix.org depending on the extension
   root /app/build/$extension;
 
-  rewrite ^/en-gb(.*)$ /en$1 permanent;
-  rewrite ^/(aide|help)$ https://support.pix.org redirect;
-  rewrite ^/support/(enseignement-superieur|mediation-numerique|centre-de-certification|professionnel)$ https://support.pix.org redirect;
-  rewrite ^/employeurs$ https://pro.pix.fr redirect;
+  include /app/nginx/includes/rewrites.conf;
 
   error_page 400 401 403 404 418 500 502 503 504 /404.html;
 

From 32b5cd0b85eb01f0c20aac8064a29e4fae4f26cd Mon Sep 17 00:00:00 2001
From: Yoan de LUCA <yoan.de-luca@pix.fr>
Date: Fri, 17 May 2024 12:43:44 +0200
Subject: [PATCH 4/7] [TECH] fix docker config

---
 Dockerfile                                    | 25 +++++++++++--------
 .../nginx/templates/default.conf.template     |  4 ++-
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3b0f8a1d3..6d364f3b3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,39 +1,44 @@
 ARG SITE=pix-site
-
 FROM node:18.20-alpine AS build-stage
-
 ARG SITE
+
+# Copy des packages.json 
 COPY ${SITE}/package-lock.json /code/${SITE}/package-lock.json
 COPY ${SITE}/package.json /code/${SITE}/package.json
 
-COPY shared /code/shared
+COPY shared/package-lock.json /code/shared/package-lock.json
+COPY shared/package.json /code/shared/package.json
 
 WORKDIR /code/shared
 
+# Installation des nodes_modules 
 RUN npm ci
 
 WORKDIR /code/${SITE}
 
 RUN npm ci
 
-RUN ls /code/
-RUN ls /code/
+# Copy du code
+COPY shared /code/shared
 COPY ${SITE}/ /code/${SITE}
 
+# Build de l'application 
+
 RUN npm run build
 
 FROM nginx:1.26.0-alpine AS run-stage
 ARG SITE
 
-ENV PORT=80
-ENV NGINX_GEOAPI_UPSTREAM_HOST=localhost
-
+# Prise en compte des logs nginx avec Alpine 
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
  && ln -sf /dev/stderr /var/log/nginx/error.log
 
+ENV PORT=80
+ENV NGINX_GEOAPI_UPSTREAM_HOST=localhost
+
+# Récupération du build et de la configuration 
 COPY --from=build-stage /code/${SITE}/build /usr/share/nginx/html 
 COPY ${SITE}/nginx/templates /etc/nginx/templates
 COPY ${SITE}/nginx/includes /etc/nginx/includes
 
-EXPOSE 80
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/pix-site/nginx/templates/default.conf.template b/pix-site/nginx/templates/default.conf.template
index 933fdb683..0a2d65e7b 100644
--- a/pix-site/nginx/templates/default.conf.template
+++ b/pix-site/nginx/templates/default.conf.template
@@ -1,3 +1,5 @@
+# Fichier de configuration template utilisé uniquement pour Docker
+
 log_format keyvalue
   'method=$request_method'
   ' path="$request_uri"'
@@ -49,7 +51,7 @@ server {
     proxy_pass https://api/me;
     proxy_redirect default;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host pix-geoapi-production.osc-secnum-fr1.scalingo.io;
+    proxy_set_header Host ${NGINX_GEOAPI_UPSTREAM_HOST};
   }
 
   charset utf-8;

From c2ed7b4e05b9086982bfe9f8fd526f193da321ee Mon Sep 17 00:00:00 2001
From: Yoan de LUCA <yoan.de-luca@pix.fr>
Date: Fri, 17 May 2024 12:44:05 +0200
Subject: [PATCH 5/7] [TECH] - add pix-pro docker nginx config

---
 pix-pro/nginx/includes/rewrites.conf          |  3 +
 pix-pro/nginx/templates/default.conf.template | 73 +++++++++++++++++++
 pix-pro/servers.conf.erb                      |  4 +-
 3 files changed, 77 insertions(+), 3 deletions(-)
 create mode 100644 pix-pro/nginx/includes/rewrites.conf
 create mode 100644 pix-pro/nginx/templates/default.conf.template

diff --git a/pix-pro/nginx/includes/rewrites.conf b/pix-pro/nginx/includes/rewrites.conf
new file mode 100644
index 000000000..28ac1e6bf
--- /dev/null
+++ b/pix-pro/nginx/includes/rewrites.conf
@@ -0,0 +1,3 @@
+rewrite ^/en-gb(.*)$ /en$1 permanent;
+rewrite ^/(aide|help)$ https://support.pix.org redirect;
+rewrite ^/employeurs$ https://pro.pix.fr redirect;
\ No newline at end of file
diff --git a/pix-pro/nginx/templates/default.conf.template b/pix-pro/nginx/templates/default.conf.template
new file mode 100644
index 000000000..18b0d6370
--- /dev/null
+++ b/pix-pro/nginx/templates/default.conf.template
@@ -0,0 +1,73 @@
+log_format keyvalue
+  'method=$request_method'
+  ' path="$request_uri"'
+  ' host=$host'
+  ' request_id=$http_x_request_id'
+  ' from="$remote_addr"'
+  ' protocol=$scheme'
+  ' status=$status'
+  ' duration=${request_time}s'
+  ' bytes=$bytes_sent'
+  ' referer="$http_referer"'
+  ' user_agent="$http_user_agent"'
+  ' nginx_logger_version="1"'
+  ' bln_ja3="$http_bln_ssl_ja3_hash"'
+  ' bln_fate="$http_bln_request_fate"'
+  ' bln_fate_action="$http_bln_request_fate_action"'
+  ' bln_debug_path="$http_bln_debug_path"'
+  ' cookie_locale="$cookie_locale"'
+  ' nuxt-version="3"';
+
+# In order to avoid logging access twice per request
+# it is necessary to turn off the top-level (e.g. http) buildpack default access_log
+# as we are about to override it in the server directive here below
+access_log off;
+
+port_in_redirect off;
+
+upstream api {
+  server ${NGINX_GEOAPI_UPSTREAM_HOST}:443 max_fails=3 fail_timeout=5s;
+}
+
+server {
+  error_log /dev/stderr info;
+  access_log /dev/stdout keyvalue;
+
+  listen ${PORT};
+
+  server_name ~(?<extension>(fr|org))$;
+  if ($extension = '') {
+    set $extension 'fr';
+  }
+
+  if ($http_x_forwarded_host ~ \.org) {
+    set $extension 'org';
+  }
+
+
+  location /geolocate {
+    proxy_pass https://api/me;
+    proxy_redirect default;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host ${NGINX_GEOAPI_UPSTREAM_HOST};
+  }
+
+
+  charset utf-8;
+
+  # Disable compression that is performed by the Scalingo router anyway
+  gzip off;
+
+  # Serve from dist/pix.fr or dist/pix.org depending on the extension
+  root /usr/share/nginx/html/$extension;
+
+  include includes/rewrites.conf;
+
+  error_page 400 401 403 404 418 500 502 503 504 /404.html;
+
+  location ~ ^/(_assets|_nuxt|images|scripts)/ {
+    expires 1y;
+    add_header Cache-Control public;
+    add_header ETag "";
+  }
+}
\ No newline at end of file
diff --git a/pix-pro/servers.conf.erb b/pix-pro/servers.conf.erb
index 975caec26..d609cd56e 100644
--- a/pix-pro/servers.conf.erb
+++ b/pix-pro/servers.conf.erb
@@ -65,9 +65,7 @@ server {
   # Serve from dist/pix.fr or dist/pix.org depending on the extension
   root /app/build/$extension;
 
-  rewrite ^/en-gb(.*)$ /en$1 permanent;
-  rewrite ^/(aide|help)$ https://support.pix.org redirect;
-  rewrite ^/employeurs$ https://pro.pix.fr redirect;
+  include /app/nginx/includes/rewrites.conf;
 
   error_page 400 401 403 404 418 500 502 503 504 /404.html;
 

From 4c7d188cae494a8d0c5bdff2a282b7b87ab9efcd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C3=A9reng=C3=A8re?= <berengere.claudeau@pix.fr>
Date: Fri, 17 May 2024 15:42:33 +0200
Subject: [PATCH 6/7] =?UTF-8?q?Cr=C3=A9ation=20install.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 INSTALL.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 INSTALL.md

diff --git a/INSTALL.md b/INSTALL.md
new file mode 100644
index 000000000..d1ba6a46a
--- /dev/null
+++ b/INSTALL.md
@@ -0,0 +1,45 @@
+# Installation
+
+## Builpack
+
+Ce projet est compatible avec les buildpacks de scalingo.
+Deux répertoires 
+- pix-site
+- pix-pro
+
+## Docker
+
+Un dockerfile est diposible à la racine du projet, pour pix-site et pix-pro
+
+### Build pix-site
+
+```
+docker build \
+--build-arg "DOMAIN_FR=localhost:8080" \
+--build-arg "DOMAIN_ORG=localhost:8080" \
+--build-arg "SITE=pix-site" \
+-t pix-site .
+```
+### Run pix-site
+
+```
+docker run -ti -p 8080:80 pix-site
+
+```
+
+### Build pix-pro
+
+```
+docker build \
+--build-arg "DOMAIN_FR=localhost:8080" \
+--build-arg "DOMAIN_ORG=localhost:8080" \
+--build-arg "SITE=pix-pro" \
+-t pix-pro .
+```
+
+### Run pix-pro
+
+```
+docker run -ti -p 8080:80 pix-pro
+
+```

From 0fec0a13d5e1f733bc2e69e1a735e427c661f00c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C3=A9reng=C3=A8re?= <berengere.claudeau@pix.fr>
Date: Fri, 17 May 2024 15:46:27 +0200
Subject: [PATCH 7/7] fix acces log

---
 pix-site/servers.conf.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pix-site/servers.conf.erb b/pix-site/servers.conf.erb
index 5b3a0a414..d609cd56e 100644
--- a/pix-site/servers.conf.erb
+++ b/pix-site/servers.conf.erb
@@ -35,7 +35,7 @@ upstream api {
 <% end %>
 
 server {
-  # access_log logs/access.log keyvalue;
+  access_log logs/access.log keyvalue;
 
   listen <%= ENV['PORT'] %>;