Skip to content

Commit

Permalink
Refactored DockerFile to improve efficiency (#2607)
Browse files Browse the repository at this point in the history
* Refactored dockerfile for production

* updated eslintignore to include nginx.conf

* updated devdependencies

* Updated docker-compose and dockerfile

* Fixed potential security vulnerabilities

* Improve security in nginx.conf

* Fixed nginx.conf

* Moved nginx.conf to config/docker/setup
  • Loading branch information
adithyanotfound authored Dec 7, 2024
1 parent f9e10b8 commit 4bef093
Show file tree
Hide file tree
Showing 6 changed files with 103 additions and 116 deletions.
3 changes: 3 additions & 0 deletions .eslintignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ src/components/CheckIn/tagTemplate.ts
package.json
package-lock.json
tsconfig.json
docker-compose.yml
Dockerfile
nginx.conf
19 changes: 13 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,15 +1,22 @@
FROM node:20.10.0 AS build

WORKDIR /usr/src/app
# Step 1: Build Stage
FROM node:20.10.0-alpine AS builder
WORKDIR /talawa-admin

COPY package*.json ./

RUN npm install

COPY . .

ENV NODE_ENV=production

RUN npm run build

EXPOSE 4321
#Step 2: Production
FROM nginx:1.27.3-alpine AS production

ENV NODE_ENV=production

CMD ["npm", "run", "serve"]
COPY config/docker/setup/nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=builder /talawa-admin/build /usr/share/nginx/html
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
48 changes: 48 additions & 0 deletions config/docker/setup/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
server {
listen 80;
server_name ${NGINX_SERVER_NAME};

# TODO: Add SSL configuration
# listen 443 ssl;
# ssl_certificate /etc/nginx/ssl/cert.pem;
# ssl_certificate_key /etc/nginx/ssl/key.pem;

root /usr/share/nginx/html;
index index.html;

add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self' https://api.com;";


location / {
try_files $uri /index.html;
}

location /graphql/ {
proxy_pass http://127.0.0.1:4000/graphql/;
# CORS should be made strict before deployment (currently allows access from any origin)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}

# Gzip Compression for better loading of Static Files
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_min_length 256;
gzip_vary on;

error_page 404 /index.html;

}
18 changes: 18 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
services:
app:
build:
context: .
ports:
- '${PORT}:80'
environment:
- REACT_APP_TALAWA_URL=${REACT_APP_TALAWA_URL}
- REACT_APP_BACKEND_WEBSOCKET_URL=${REACT_APP_BACKEND_WEBSOCKET_URL}
- PORT=${PORT}
- REACT_APP_USE_RECAPTCHA=${REACT_APP_USE_RECAPTCHA}
- REACT_APP_RECAPTCHA_SITE_KEY=${REACT_APP_RECAPTCHA_SITE_KEY}
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:80']
interval: 30s
timeout: 10s
retries: 3
restart: unless-stopped
Loading

0 comments on commit 4bef093

Please sign in to comment.