-
-
Notifications
You must be signed in to change notification settings - Fork 720
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactored DockerFile to improve efficiency (#2607)
* Refactored dockerfile for production * updated eslintignore to include nginx.conf * updated devdependencies * Updated docker-compose and dockerfile * Fixed potential security vulnerabilities * Improve security in nginx.conf * Fixed nginx.conf * Moved nginx.conf to config/docker/setup
- Loading branch information
1 parent
f9e10b8
commit 4bef093
Showing
6 changed files
with
103 additions
and
116 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,22 @@ | ||
FROM node:20.10.0 AS build | ||
|
||
WORKDIR /usr/src/app | ||
# Step 1: Build Stage | ||
FROM node:20.10.0-alpine AS builder | ||
WORKDIR /talawa-admin | ||
|
||
COPY package*.json ./ | ||
|
||
RUN npm install | ||
|
||
COPY . . | ||
|
||
ENV NODE_ENV=production | ||
|
||
RUN npm run build | ||
|
||
EXPOSE 4321 | ||
#Step 2: Production | ||
FROM nginx:1.27.3-alpine AS production | ||
|
||
ENV NODE_ENV=production | ||
|
||
CMD ["npm", "run", "serve"] | ||
COPY config/docker/setup/nginx.conf /etc/nginx/conf.d/default.conf | ||
COPY --from=builder /talawa-admin/build /usr/share/nginx/html | ||
EXPOSE 80 | ||
CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
server { | ||
listen 80; | ||
server_name ${NGINX_SERVER_NAME}; | ||
|
||
# TODO: Add SSL configuration | ||
# listen 443 ssl; | ||
# ssl_certificate /etc/nginx/ssl/cert.pem; | ||
# ssl_certificate_key /etc/nginx/ssl/key.pem; | ||
|
||
root /usr/share/nginx/html; | ||
index index.html; | ||
|
||
add_header X-Frame-Options "DENY"; | ||
add_header X-Content-Type-Options "nosniff"; | ||
add_header X-XSS-Protection "1; mode=block"; | ||
add_header Referrer-Policy "strict-origin-when-cross-origin"; | ||
# add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self' https://api.com;"; | ||
|
||
|
||
location / { | ||
try_files $uri /index.html; | ||
} | ||
|
||
location /graphql/ { | ||
proxy_pass http://127.0.0.1:4000/graphql/; | ||
# CORS should be made strict before deployment (currently allows access from any origin) | ||
add_header Access-Control-Allow-Origin *; | ||
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; | ||
add_header Access-Control-Allow-Headers "Content-Type, Authorization"; | ||
proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection "upgrade"; | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_cache_bypass $http_upgrade; | ||
} | ||
|
||
# Gzip Compression for better loading of Static Files | ||
gzip on; | ||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; | ||
gzip_min_length 256; | ||
gzip_vary on; | ||
|
||
error_page 404 /index.html; | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
services: | ||
app: | ||
build: | ||
context: . | ||
ports: | ||
- '${PORT}:80' | ||
environment: | ||
- REACT_APP_TALAWA_URL=${REACT_APP_TALAWA_URL} | ||
- REACT_APP_BACKEND_WEBSOCKET_URL=${REACT_APP_BACKEND_WEBSOCKET_URL} | ||
- PORT=${PORT} | ||
- REACT_APP_USE_RECAPTCHA=${REACT_APP_USE_RECAPTCHA} | ||
- REACT_APP_RECAPTCHA_SITE_KEY=${REACT_APP_RECAPTCHA_SITE_KEY} | ||
healthcheck: | ||
test: ['CMD', 'curl', '-f', 'http://localhost:80'] | ||
interval: 30s | ||
timeout: 10s | ||
retries: 3 | ||
restart: unless-stopped |
Oops, something went wrong.