batida/batida-landing
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: refactor Dockerfile to multi-stage build with security improvements

Browse Source 
- Refactored from single-stage to proper multi-stage build
- Added cache mount for npm (npx tailwindcss)
- Added non-root nginx user (nginx-user:1000)
- Added .dockerignore to exclude dev files
- Configured proper permissions for nginx directories and pid file
- Major improvements: smaller image, faster builds, better security

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Mário Idival
2026-05-22 21:54:37 -03:00
parent 1ebfc0e310
commit de85066688
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.dockerignore
+10
View File
@@ -0,0 +1,10 @@
*.local
.vscode
.idea
.DS_Store
.env
.env.*
.git
.gitignore
README.md
.github
Dockerfile
+21 -4
View File
@@ -1,14 +1,21 @@
FROM node:20-alpine AS build
FROM node:20-alpine AS builder
WORKDIR /build
COPY input.css tailwind.config.js ./
COPY *.html ./
RUN npx tailwindcss@3 -i input.css -o output.css --minify
RUN --mount=type=cache,target=/root/.npm \
npx tailwindcss@3 -i input.css -o output.css --minify
FROM nginx:alpine
ARG APP_URL=https://app.batida.io
COPY --from=build /build/output.css /usr/share/nginx/html/output.css
RUN addgroup -g 1000 -S nginx-user && \
adduser -u 1000 -S nginx-user -G nginx-user
COPY --from=builder /build/output.css /usr/share/nginx/html/output.css
COPY index.html /tmp/index.html
COPY index.pt-br.html /tmp/index.pt-br.html
COPY vs.html /tmp/vs.html
@@ -22,8 +29,18 @@ RUN sed -i "s|{{APP_URL}}|${APP_URL}|g" /tmp/index.html && \
mv /tmp/index.html /usr/share/nginx/html/index.html && \
mv /tmp/index.pt-br.html /usr/share/nginx/html/pt-br/index.html && \
mv /tmp/vs.html /usr/share/nginx/html/vs.html && \
mv /tmp/vs.pt-br.html /usr/share/nginx/html/pt-br/vs.html
mv /tmp/vs.pt-br.html /usr/share/nginx/html/pt-br/vs.html && \
chown -R nginx-user:nginx-user /usr/share/nginx/html && \
chown -R nginx-user:nginx-user /var/cache/nginx && \
chown -R nginx-user:nginx-user /var/log/nginx && \
chown -R nginx-user:nginx-user /etc/nginx/conf.d && \
touch /run/nginx.pid && \
chown -R nginx-user:nginx-user /run/nginx.pid
COPY nginx.conf /etc/nginx/conf.d/default.conf
USER nginx-user
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]