42_adjoly/knl_meowscendence
1
0
Fork 0
mirror of https://github.com/KeyZox71/knl_meowscendence.git synced 2025-10-13 18:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

🏗️」 wip: separted prod from dev

Browse Source
This commit is contained in:
Adam JOLY
2025-08-27 16:56:58 +02:00
parent 27cdfa1644
commit 26e4653bb7
5 changed files with 105 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker/docker-compose.prod.yml
View File

@ -4,10 +4,9 @@ include:
- ./volumes.yml
- ./networks.yml
- ./front/compose.yml
- ./proxy/compose.yml
- ./proxy/compose.prod.yml
- ./monitoring/compose.yml
- ./api-base/compose.yml
# - ./front/compose.yml
- ./ELK/compose.yml
services:

35
docker/proxy/Dockerfile.prod Normal file
View File

@ -0,0 +1,35 @@
FROM node:lts-alpine AS builder
RUN npm install -g pnpm
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
RUN pnpm install --frozen-lockfile
COPY vite.config.js tailwind.config.js ./
COPY src ./src
RUN pnpm vite build
FROM owasp/modsecurity-crs:nginx-alpine
RUN mkdir -p /etc/nginx/modsecurity.d \
&& cp /etc/modsecurity.d/unicode.mapping /etc/nginx/modsecurity.d/unicode.mapping
COPY docker/proxy/config/default.prod.conf.template \
/etc/nginx/templates/conf.d/default.conf.template
COPY --chmod=755 docker/proxy/entry/ssl-cert.sh /docker-entrypoint.d/ssl-cert.sh
COPY --from=builder /app/dist /usr/share/nginx/html
USER root
RUN mkdir -p /var/log/front
RUN touch /var/log/front/err.log /var/log/front/log.log
RUN chmod -R 777 /var/log/front
USER nginx
EXPOSE 80 443
STOPSIGNAL SIGINT

20
docker/proxy/compose.prod.yml Normal file
View File

@ -0,0 +1,20 @@
services:
front:
container_name: transcendence-front
build:
dockerfile: docker/front/Dockerfile.prod
context: ../../
ports:
- ${OUT_PORT}:443
volumes:
- log-nginx:/var/log/front
environment:
- TZ=Europe/Paris
depends_on:
user-api:
condition: service_started
auth-api:
condition: service_started
networks:
- front
restart: unless-stopped

2
docker/proxy/config/default.conf.template
View File

@ -2,7 +2,7 @@ server {
error_log /var/log/front/err.log warn;
access_log /var/log/front/log.log;
listen 80;
listen 443 ssl;
modsecurity on;

48
docker/proxy/config/default.prod.conf.template Normal file
View File

@ -0,0 +1,48 @@
server {
error_log /var/log/front/err.log warn;
access_log /var/log/front/log.log;
listen 80;
modsecurity on;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
location / {
proxy_pass http://transcendence-webserv:80/;
proxy_http_version 1.1;
}
location /api/v1/user/ {
proxy_pass http://transcendence-api-user:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/v1/user/metrics {
return 403;
}
location /api/v1/auth/ {
proxy_pass http://transcendence-api-auth:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/v1/auth/metrics {
return 403;
}
}
server {
listen 8080;
location /nginx_status {
stub_status;
}
}