From e91925e1d7643e8c5d0076830e13f5bd4609be94 Mon Sep 17 00:00:00 2001 From: barrfalk Date: Fri, 29 Mar 2024 08:05:55 -0700 Subject: [PATCH] Adding caddy --- backend/Dockerfile | 24 ++++++++++------- frontend/Caddyfile | 55 ++++++++++++++++++++++++++++++++++++++ frontend/Dockerfile | 42 +++++++---------------------- frontend/package.json | 5 +--- frontend/public/index.html | 1 + 5 files changed, 80 insertions(+), 47 deletions(-) create mode 100644 frontend/Caddyfile diff --git a/backend/Dockerfile b/backend/Dockerfile index 6b04c837..044e8f8d 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,18 +1,18 @@ -# RedHat UBI 8 with an updated version of Node.js -FROM registry.access.redhat.com/ubi8/ubi as builder - -RUN dnf module enable -y nodejs:16 && dnf install -y nodejs +# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1 +FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder # Install packages, build and keep only prod packages +USER root WORKDIR /app -COPY . ./ -RUN npm ci --only=prod && \ +COPY *.json ./ +COPY ./src /app/src +RUN npm ci --omit=dev && \ npm run build # Deployment container -FROM registry.access.redhat.com/ubi8/ubi-micro +FROM registry.access.redhat.com/ubi8/ubi-micro:8.7-6@sha256:af0a83c2fb7db1b63a5655c85f3f37d32b114443b8969fd8a40d47429cd87016 -# Set node to production +# Set node to production ENV NODE_ENV production # Node packages and dependencies @@ -31,8 +31,12 @@ WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/dist ./dist -# Expose port - mostly a convention, for readability +# Port and health check EXPOSE 3000 +HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000 + +# Non-privileged user +USER app # Start up command -ENTRYPOINT ["node", "dist/src/main"] +ENTRYPOINT ["node", "dist/main"] diff --git a/frontend/Caddyfile b/frontend/Caddyfile new file mode 100644 index 00000000..8ea96a8a --- /dev/null +++ b/frontend/Caddyfile @@ -0,0 +1,55 @@ +{ + auto_https off + admin off +} +:3000 { + log { + output stdout + format console { + time_format iso8601 + level_format color + } + level {$LOG_LEVEL} + } + handle /static/js/config.js { + header { + Content-Type text/javascript + } + respond `window.REACT_APP_KEYCLOAK_URL="{$KEYCLOAK_URL}"; + window.REACT_APP_KEYCLOAK_REALM="standard"; + window.REACT_APP_KEYCLOAK_CLIENT_ID="ticdi-4133"; + window.REACT_APP_API_URL="{$BACKEND_URL}";` + } + + root * /app/dist + encode zstd gzip + file_server + @spa_router { + not path /api/* /static/js/config.js + file { + try_files {path} /index.html + } + } + rewrite @spa_router {http.matchers.file.relative} + # Proxy requests to API service + reverse_proxy /api/* {$BACKEND_URL} { + header_up Host {http.reverse_proxy.upstream.hostport} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + } + header { + X-Frame-Options "SAMEORIGIN" + X-XSS-Protection "1;mode=block" + Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" + X-Content-Type-Options "nosniff" + Strict-Transport-Security "max-age=31536000" + Content-Security-Policy "default-src 'self' https://*.gov.bc.ca data:; script-src https://*.gov.bc.ca 'self' 'unsafe-eval' https://www2.gov.bc.ca ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://fonts.googleapis.com http://www.w3.org https://*.gov.bc.ca https://*.tile.openstreetmap.org" + Referrer-Policy "same-origin" + Feature-Policy "fullscreen 'self'; camera 'none'; microphone 'none'" + } +} +:3001 { + handle /health { + respond "OK" + } +} diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 3c7bc272..a6edf3cb 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,38 +1,14 @@ -# RedHat UBI 8 with nodejs 16 -FROM registry.access.redhat.com/ubi8/ubi as builder +FROM node:19-bullseye AS build -RUN dnf module enable -y nodejs:16 && dnf install -y nodejs - -# Install packages, build and keep only prod packages WORKDIR /app -COPY . ./ -RUN npm ci --only=prod && \ +COPY . . +RUN npm ci --omit=dev && \ npm run build -# Deployment container -FROM registry.access.redhat.com/ubi8/ubi-micro - -# Set node to production -ENV NODE_ENV production - -# Node packages and dependencies -COPY --from=builder /usr/bin/node /usr/bin/ -COPY --from=builder /usr/lib64/libz.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlidec.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlienc.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libstdc++.so.6 /usr/lib64/ -COPY --from=builder /usr/lib64/libgcc_s.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlicommon.so.1 /usr/lib64/ - -# Copy over app -WORKDIR /app -COPY --from=builder /app/node_modules ./node_modules -COPY --from=builder /app/build ./dist - -# Expose port - mostly a convention, for readability -EXPOSE 3000 +FROM caddy:2.6.4-alpine AS deploy +COPY --from=build /app/Caddyfile /etc/caddy/Caddyfile +COPY --from=build /app/build /app/dist -# Start up command -ENTRYPOINT ["node", "dist/src/main"] +EXPOSE 3000 3001 +USER 1001 +HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3001/health || exit 1 diff --git a/frontend/package.json b/frontend/package.json index 786411a9..a12df4d0 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -35,13 +35,10 @@ "sass": "^1.71.1" }, "scripts": { - "prebuild": "rimraf dist", "start": "react-scripts start", "build": "react-scripts build", "test": "react-scripts test", - "eject": "react-scripts eject", - "start:prod": "node dist/main" - }, + "eject": "react-scripts eject" }, "eslintConfig": { "extends": [ "react-app", diff --git a/frontend/public/index.html b/frontend/public/index.html index fcfe4c1c..47406c35 100644 --- a/frontend/public/index.html +++ b/frontend/public/index.html @@ -16,6 +16,7 @@ TICDI +