diff --git a/docker-compose.override.yml b/docker-compose.override.yml index a87e24d1..fdab23bb 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -1,76 +1,82 @@ -version: "3.8" - -services: - - api: - build: - target: development - image: template-api-dev - volumes: - - ./api/src/:/code/src - env_file: - - .env - environment: - ENVIRONMENT: local - LOGGING_LEVEL: debug - MONGODB_DATABASE: $MONGODB_DATABASE - MONGODB_USERNAME: $MONGODB_USERNAME - MONGODB_PASSWORD: $MONGODB_PASSWORD - AUTH_ENABLED: $AUTH_ENABLED - MONGODB_HOSTNAME: db - MONGODB_PORT: $MONGODB_PORT - OAUTH_TOKEN_ENDPOINT: $OAUTH_TOKEN_ENDPOINT - OAUTH_AUTH_ENDPOINT: $OAUTH_AUTH_ENDPOINT - OAUTH_WELL_KNOWN: $OAUTH_WELL_KNOWN - OAUTH_AUDIENCE: $OAUTH_AUDIENCE - OAUTH_AUTH_SCOPE: $AUTH_SCOPE - OAUTH_CLIENT_ID: $CLIENT_ID - SECRET_KEY: $SECRET_KEY - ports: - - "5000:5000" - depends_on: - - db - links: - - db - - web: - build: - target: development - args: - AUTH_ENABLED: $AUTH_ENABLED - AUTH_SCOPE: $AUTH_SCOPE - CLIENT_ID: $CLIENT_ID - TENANT_ID: $TENANT_ID - image: template-web-dev - stdin_open: true - volumes: - - ./web/src:/code/src - env_file: - - .env - environment: - - NODE_ENV=development - - db: - volumes: - - database:/data/db - env_file: - - .env - environment: - MONGO_INITDB_ROOT_USERNAME: $MONGODB_USERNAME - MONGO_INITDB_ROOT_PASSWORD: $MONGODB_PASSWORD - -volumes: - database: - - # db-ui: - # image: mongo-express:0.49 - # restart: unless-stopped - # ports: - # - "8081:8081" - # env_file: - # - .env - # environment: - # ME_CONFIG_MONGODB_SERVER: db - # ME_CONFIG_MONGODB_ADMINUSERNAME: $MONGODB_USERNAME - # ME_CONFIG_MONGODB_ADMINPASSWORD: $MONGODB_PASSWORD - # ME_CONFIG_MONGODB_ENABLE_ADMIN: "true" +version: "3.8" + +services: + + api: + build: + target: development + image: template-api-dev + volumes: + - ./api/src/:/code/src + env_file: + - .env + environment: + ENVIRONMENT: local + LOGGING_LEVEL: debug + MONGODB_DATABASE: $MONGODB_DATABASE + MONGODB_USERNAME: $MONGODB_USERNAME + MONGODB_PASSWORD: $MONGODB_PASSWORD + AUTH_ENABLED: $AUTH_ENABLED + MONGODB_HOSTNAME: db + MONGODB_PORT: $MONGODB_PORT + OAUTH_TOKEN_ENDPOINT: $OAUTH_TOKEN_ENDPOINT + OAUTH_AUTH_ENDPOINT: $OAUTH_AUTH_ENDPOINT + OAUTH_WELL_KNOWN: $OAUTH_WELL_KNOWN + OAUTH_AUDIENCE: $OAUTH_AUDIENCE + OAUTH_AUTH_SCOPE: $AUTH_SCOPE + OAUTH_CLIENT_ID: $CLIENT_ID + SECRET_KEY: $SECRET_KEY + ports: + - "5000:5000" + depends_on: + - db + links: + - db + + nginx: + build: + target: nginx-dev + + web: + restart: unless-stopped + build: + target: development + context: ./web + args: + AUTH_ENABLED: $AUTH_ENABLED + AUTH_SCOPE: $AUTH_SCOPE + CLIENT_ID: $CLIENT_ID + TENANT_ID: $TENANT_ID + image: template-web-dev + stdin_open: true + volumes: + - ./web/src:/code/src + env_file: + - .env + environment: + - NODE_ENV=development + + db: + volumes: + - database:/data/db + env_file: + - .env + environment: + MONGO_INITDB_ROOT_USERNAME: $MONGODB_USERNAME + MONGO_INITDB_ROOT_PASSWORD: $MONGODB_PASSWORD + +volumes: + database: + + # db-ui: + # image: mongo-express:0.49 + # restart: unless-stopped + # ports: + # - "8081:8081" + # env_file: + # - .env + # environment: + # ME_CONFIG_MONGODB_SERVER: db + # ME_CONFIG_MONGODB_ADMINUSERNAME: $MONGODB_USERNAME + # ME_CONFIG_MONGODB_ADMINPASSWORD: $MONGODB_PASSWORD + # ME_CONFIG_MONGODB_ENABLE_ADMIN: "true" diff --git a/docker-compose.yml b/docker-compose.yml index 5072f086..662817e2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,12 +3,13 @@ version: "3.8" services: nginx: restart: unless-stopped - build: ./nginx + build: + target: nginx-prod + context: ./web image: boilerplate.azurecr.io/nginx:latest ports: - "80:8080" links: - - web - api api: @@ -18,11 +19,6 @@ services: depends_on: - db - web: - build: ./web - image: ghcr.io/equinor/template-fastapi-react/web - restart: unless-stopped - db: image: mongo:5.0.9 restart: unless-stopped diff --git a/nginx/Dockerfile b/nginx/Dockerfile deleted file mode 100644 index eef499db..00000000 --- a/nginx/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -FROM nginx:1.22.0-alpine - -RUN apk upgrade --update-cache - -# Run as non-root -RUN deluser nginx -RUN adduser --disabled-password --no-create-home --gecos "" --uid 1000 nginx - -# Copy configs -COPY nginx.conf /etc/nginx/nginx.conf -COPY config/ /etc/nginx/config - -# Remove default nginx config -RUN rm /etc/nginx/conf.d/default.conf - -# Copy sites-available into sites-enabled -COPY sites-available/default.conf /etc/nginx/sites-enabled/default.conf - -# Create log directory if not present, set permissions -RUN mkdir -p /var/log/nginx && \ - chown -R nginx:nginx /var/log/nginx - -# Create tmp directory if not present, set permissions -RUN mkdir -p /tmp/nginx && \ - chown -R nginx:nginx /tmp/nginx - -# Create pidfile, set permissions -RUN touch /var/run/nginx.pid && \ - chown -R nginx:nginx /var/run/nginx.pid - -# Run master process as non-root user -USER 1000 \ No newline at end of file diff --git a/radixconfig.yaml b/radixconfig.yaml index 72ae0389..9d83e7c5 100644 --- a/radixconfig.yaml +++ b/radixconfig.yaml @@ -11,20 +11,6 @@ spec: build: from: main components: - - name: web - image: ghcr.io/equinor/template-fastapi-react/web:{imageTagName} - alwaysPullImageOnDeploy: true - environmentConfig: - - environment: prod - imageTagName: production - - environment: test - imageTagName: latest - variables: - AUTH_ENABLED: "True" - ports: - - name: http - port: 3000 - - name: api image: ghcr.io/equinor/template-fastapi-react/api:{imageTagName} alwaysPullImageOnDeploy: true @@ -71,10 +57,12 @@ spec: image: ghcr.io/equinor/template-fastapi-react/nginx:{imageTagName} alwaysPullImageOnDeploy: true environmentConfig: - - environment: prod + - environment: nginx-prod imageTagName: production - environment: test imageTagName: latest + variables: + AUTH_ENABLED: "True" ports: - name: nginx port: 8080 diff --git a/web/Dockerfile b/web/Dockerfile index e7441f4e..ee855e56 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,3 +1,36 @@ +FROM nginx:1.22.0-alpine AS server + +RUN apk upgrade --update-cache + +# Run as non-root +RUN deluser nginx +RUN adduser --disabled-password --no-create-home --gecos "" --uid 1000 nginx + +# Copy configs +COPY nginx/nginx.conf /etc/nginx/nginx.conf +COPY nginx/config/ /etc/nginx/config + +# Remove default nginx config +RUN rm /etc/nginx/conf.d/default.conf + +# Copy sites-available into sites-enabled +COPY nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf + +# Create log directory if not present, set permissions +RUN mkdir -p /var/log/nginx && \ + chown -R nginx:nginx /var/log/nginx + +# Create tmp directory if not present, set permissions +RUN mkdir -p /tmp/nginx && \ + chown -R nginx:nginx /tmp/nginx + +# Create pidfile, set permissions +RUN touch /var/run/nginx.pid && \ + chown -R nginx:nginx /var/run/nginx.pid + +# Run master process as non-root user +USER 1000 + # Fails to build styled-common with node 18 FROM node:16 as base ARG AUTH_ENABLED=0 @@ -22,12 +55,12 @@ RUN yarn install --immutable --immutable-cache FROM base as development CMD ["yarn", "start"] +FROM server AS nginx-dev +COPY nginx/environments/web.dev.conf /etc/nginx/environments/ + FROM base as build RUN yarn build -FROM node:18-alpine as prod -RUN npm install -g serve -COPY --from=build /code/build /code/build -USER 1000 -CMD ["serve", "--single", "/code/build", "--listen", "3000"] -EXPOSE 3000 +FROM server AS nginx-prod +COPY nginx/environments/web.prod.conf /etc/nginx/environments/ +COPY --from=build /code/build /data/www diff --git a/nginx/config/general.conf b/web/nginx/config/general.conf similarity index 100% rename from nginx/config/general.conf rename to web/nginx/config/general.conf diff --git a/nginx/config/proxy.conf b/web/nginx/config/proxy.conf similarity index 100% rename from nginx/config/proxy.conf rename to web/nginx/config/proxy.conf diff --git a/nginx/config/security.conf b/web/nginx/config/security.conf similarity index 100% rename from nginx/config/security.conf rename to web/nginx/config/security.conf diff --git a/nginx/config/websocket.conf b/web/nginx/config/websocket.conf similarity index 100% rename from nginx/config/websocket.conf rename to web/nginx/config/websocket.conf diff --git a/web/nginx/environments/web.dev.conf b/web/nginx/environments/web.dev.conf new file mode 100644 index 00000000..fda2d265 --- /dev/null +++ b/web/nginx/environments/web.dev.conf @@ -0,0 +1,5 @@ +proxy_pass http://web:3000/; + +include /etc/nginx/config/general.conf; +include /etc/nginx/config/proxy.conf; +include /etc/nginx/config/websocket.conf; diff --git a/web/nginx/environments/web.prod.conf b/web/nginx/environments/web.prod.conf new file mode 100644 index 00000000..a95e2b0d --- /dev/null +++ b/web/nginx/environments/web.prod.conf @@ -0,0 +1,3 @@ +root /data/www/; +include /etc/nginx/config/general.conf; +include /etc/nginx/config/websocket.conf; diff --git a/nginx/nginx.conf b/web/nginx/nginx.conf similarity index 100% rename from nginx/nginx.conf rename to web/nginx/nginx.conf diff --git a/nginx/sites-available/default.conf b/web/nginx/sites-available/default.conf similarity index 79% rename from nginx/sites-available/default.conf rename to web/nginx/sites-available/default.conf index 6a30ff7d..dc59d50c 100644 --- a/nginx/sites-available/default.conf +++ b/web/nginx/sites-available/default.conf @@ -25,10 +25,6 @@ server { include /etc/nginx/config/websocket.conf; } location / { - proxy_pass http://web:3000/; - - include /etc/nginx/config/general.conf; - include /etc/nginx/config/proxy.conf; - include /etc/nginx/config/websocket.conf; + include /etc/nginx/environments/*.conf; } } \ No newline at end of file