jamesf/Perplexica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(docker): reduce Docker size + improve security

Browse source
This commit is contained in:
Damien Laureaux 2024-10-24 16:22:27 +02:00
parent 18529391f4
commit 652e665726
No known key found for this signature in database
GPG key ID: 3802EADA1C1C604D
3 changed files with 70 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
app.dockerfile
View file

@ -1,15 +1,36 @@
FROM node:alpine #############################
# Build stage
#############################
ARG NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001 FROM node:22-alpine AS builder
ARG NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL}
ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}
WORKDIR /home/perplexica WORKDIR /app
COPY ui /home/perplexica/ # Copy package.json and yarn.lock
COPY ui/package.json ui/yarn.lock ./
RUN yarn install --frozen-lockfile # Copy the rest of the application code
RUN yarn build COPY ui .
# Install dependencies & build the application
RUN yarn install --frozen-lockfile && yarn build
#############################
# Production stage
#############################
FROM node:22-alpine
WORKDIR /app
# Copy built assets from the builder stage
COPY --from=builder /app/.next ./.next
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json
COPY --from=builder /app/public ./public
# Run the Docker image as node instead of root
USER node
# Start the application
CMD ["yarn", "start"] CMD ["yarn", "start"]

47
backend.dockerfile
View file

@ -1,16 +1,45 @@
#############################
# Build stage
#############################
FROM node:18-slim AS builder
WORKDIR /app
# Copy package.json and yarn.lock
COPY package.json yarn.lock ./
# Copy the rest of the application code
COPY tsconfig.json drizzle.config.ts ./
COPY src ./src
# Install dependencies & build the application
RUN yarn install --frozen-lockfile --network-timeout 600000 && yarn build
#############################
# Production stage
#############################
FROM node:18-slim FROM node:18-slim
WORKDIR /home/perplexica WORKDIR /app
COPY src /home/perplexica/src # Copy built assets and necessary files from the builder stage
COPY tsconfig.json /home/perplexica/ COPY --chown=node:node --from=builder /app/dist ./dist
COPY drizzle.config.ts /home/perplexica/ COPY --chown=node:node --from=builder /app/node_modules ./node_modules
COPY package.json /home/perplexica/
COPY yarn.lock /home/perplexica/
RUN mkdir /home/perplexica/data # Copy the rest of the application code
COPY --chown=node:node ./drizzle.config.ts ./
COPY --chown=node:node ./tsconfig.json ./
COPY --chown=node:node ./src/db/schema.ts ./src/db/schema.ts
COPY --chown=node:node ./package.json ./package.json
RUN yarn install --frozen-lockfile --network-timeout 600000 # Create data directory & set permissions to node user
RUN yarn build RUN mkdir /app/data && \
chown -R node:node /app/data
# Run the Docker image as node instead of root
USER node
# Start the application
CMD ["yarn", "start"] CMD ["yarn", "start"]

4
docker-compose.yaml
View file

@ -21,8 +21,8 @@ services:
ports: ports:
- 3001:3001 - 3001:3001
volumes: volumes:
- backend-dbstore:/home/perplexica/data - backend-dbstore:/app/data:rw
- ./config.toml:/home/perplexica/config.toml - ./config.toml:/app/config.toml:rw
extra_hosts: extra_hosts:
- 'host.docker.internal:host-gateway' - 'host.docker.internal:host-gateway'
networks: networks: