matthias.lotz
6332b82c6a
- replace bearer auth with session+CSRF flow and add admin user directory - update frontend moderation flow, force password change gate, and new CLI - refresh changelog/docs/feature plan + ensure swagger dev experience
50 lines
1.5 KiB
Docker
50 lines
1.5 KiB
Docker
FROM node:18-bullseye
|
|
|
|
# Install nginx and bash
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends nginx procps bash ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create a non-root user for dev
|
|
RUN useradd -m appuser || true
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy package files first to leverage Docker cache for npm install
|
|
COPY frontend/package*.json ./
|
|
|
|
# Copy environment configuration
|
|
COPY docker/dev/frontend/config/env.sh ./env.sh
|
|
COPY docker/dev/frontend/config/.env ./.env
|
|
|
|
# Make env.sh executable
|
|
RUN chmod +x ./env.sh
|
|
|
|
# Copy nginx configuration for development
|
|
COPY docker/dev/frontend/nginx.conf /etc/nginx/conf.d/default.conf
|
|
|
|
# Make /app owned by the non-root user, then run npm as that user so
|
|
# node_modules are created with the correct owner and we avoid an expensive
|
|
# recursive chown later.
|
|
RUN chown appuser:appuser /app || true
|
|
USER appuser
|
|
|
|
# Install dependencies as non-root (faster overall because we avoid chown -R)
|
|
# Use npm ci without legacy peer deps to get a clean, reproducible install
|
|
RUN npm ci --no-audit --no-fund
|
|
|
|
# Switch back to root to add the start script and adjust nginx paths
|
|
USER root
|
|
COPY docker/dev/frontend/start.sh /start.sh
|
|
RUN chmod +x /start.sh
|
|
|
|
# Ensure nginx log/lib dirs are writable by the app user (small set)
|
|
RUN chown -R appuser:appuser /var/lib/nginx /var/log/nginx || true
|
|
# Remove default Debian nginx site so our dev config becomes the active default
|
|
RUN rm -f /etc/nginx/sites-enabled/default || true
|
|
|
|
USER appuser
|
|
|
|
EXPOSE 80 3000
|
|
|
|
CMD ["/start.sh"] |