feat: refactor Dockerfile to multi-stage build with security improvements
- Refactored from single-stage to proper multi-stage build - Added cache mount for npm (npx tailwindcss) - Added non-root nginx user (nginx-user:1000) - Added .dockerignore to exclude dev files - Configured proper permissions for nginx directories and pid file - Major improvements: smaller image, faster builds, better security Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -0,0 +1,10 @@
|
|||||||
|
*.local
|
||||||
|
.vscode
|
||||||
|
.idea
|
||||||
|
.DS_Store
|
||||||
|
.env
|
||||||
|
.env.*
|
||||||
|
.git
|
||||||
|
.gitignore
|
||||||
|
README.md
|
||||||
|
.github
|
||||||
+21
-4
@@ -1,14 +1,21 @@
|
|||||||
FROM node:20-alpine AS build
|
FROM node:20-alpine AS builder
|
||||||
|
|
||||||
WORKDIR /build
|
WORKDIR /build
|
||||||
|
|
||||||
COPY input.css tailwind.config.js ./
|
COPY input.css tailwind.config.js ./
|
||||||
COPY *.html ./
|
COPY *.html ./
|
||||||
RUN npx tailwindcss@3 -i input.css -o output.css --minify
|
|
||||||
|
RUN --mount=type=cache,target=/root/.npm \
|
||||||
|
npx tailwindcss@3 -i input.css -o output.css --minify
|
||||||
|
|
||||||
FROM nginx:alpine
|
FROM nginx:alpine
|
||||||
|
|
||||||
ARG APP_URL=https://app.batida.io
|
ARG APP_URL=https://app.batida.io
|
||||||
|
|
||||||
COPY --from=build /build/output.css /usr/share/nginx/html/output.css
|
RUN addgroup -g 1000 -S nginx-user && \
|
||||||
|
adduser -u 1000 -S nginx-user -G nginx-user
|
||||||
|
|
||||||
|
COPY --from=builder /build/output.css /usr/share/nginx/html/output.css
|
||||||
COPY index.html /tmp/index.html
|
COPY index.html /tmp/index.html
|
||||||
COPY index.pt-br.html /tmp/index.pt-br.html
|
COPY index.pt-br.html /tmp/index.pt-br.html
|
||||||
COPY vs.html /tmp/vs.html
|
COPY vs.html /tmp/vs.html
|
||||||
@@ -22,8 +29,18 @@ RUN sed -i "s|{{APP_URL}}|${APP_URL}|g" /tmp/index.html && \
|
|||||||
mv /tmp/index.html /usr/share/nginx/html/index.html && \
|
mv /tmp/index.html /usr/share/nginx/html/index.html && \
|
||||||
mv /tmp/index.pt-br.html /usr/share/nginx/html/pt-br/index.html && \
|
mv /tmp/index.pt-br.html /usr/share/nginx/html/pt-br/index.html && \
|
||||||
mv /tmp/vs.html /usr/share/nginx/html/vs.html && \
|
mv /tmp/vs.html /usr/share/nginx/html/vs.html && \
|
||||||
mv /tmp/vs.pt-br.html /usr/share/nginx/html/pt-br/vs.html
|
mv /tmp/vs.pt-br.html /usr/share/nginx/html/pt-br/vs.html && \
|
||||||
|
chown -R nginx-user:nginx-user /usr/share/nginx/html && \
|
||||||
|
chown -R nginx-user:nginx-user /var/cache/nginx && \
|
||||||
|
chown -R nginx-user:nginx-user /var/log/nginx && \
|
||||||
|
chown -R nginx-user:nginx-user /etc/nginx/conf.d && \
|
||||||
|
touch /run/nginx.pid && \
|
||||||
|
chown -R nginx-user:nginx-user /run/nginx.pid
|
||||||
|
|
||||||
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
||||||
|
|
||||||
|
USER nginx-user
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|
||||||
|
CMD ["nginx", "-g", "daemon off;"]
|
||||||
|
|||||||
Reference in New Issue
Block a user