「🏗️」 wip: should be ready to prod

docker/front/Dockerfile

@@ -1,4 +1,17 @@
-FROM		node:lts-alpine AS builder
+FROM		alpine:3.22 AS builder
+
+ENV			PKGS=true
+ENV			TTY=true
+
+RUN			apk add --no-cache bash clang make git
+
+RUN			git clone --recurse-submodules https://github.com/keyzox71/webserv /build \
+			&& cd /build && git checkout prod
+
+RUN			cd /build \
+			&& CXXFLAGS="-std=c++98" PKGS=true make -j re
+
+FROM		node:lts-alpine AS builder-vite
 
 RUN			npm install -g pnpm
 
@@ -13,23 +26,21 @@ COPY		src ./src
 
 RUN			pnpm vite build
 
-FROM		owasp/modsecurity-crs:nginx-alpine
 
-RUN			mkdir -p /etc/nginx/modsecurity.d \
-			&& cp /etc/modsecurity.d/unicode.mapping /etc/nginx/modsecurity.d/unicode.mapping
+FROM		alpine:3.22
 
-COPY		docker/front/config/default.conf.template \
-			/etc/nginx/templates/conf.d/default.conf.template
+RUN			apk add --no-cache libstdc++ tzdata
 
-COPY		--chmod=755 docker/front/entry/ssl-cert.sh /docker-entrypoint.d/ssl-cert.sh
+COPY		--from=builder /build/webserv /bin/webserv
 
-COPY		--from=builder /app/dist /usr/share/nginx/html
+RUN			chmod +x /bin/webserv
+RUN			mkdir -p /usr/share/webserv
+RUN			chmod 777 /usr/share/webserv
 
-USER		root
-RUN			mkdir -p /var/log/front
-RUN			touch /var/log/front/err.log /var/log/front/log.log
-RUN			chmod -R 777 /var/log/front
-USER		nginx
+COPY		--chmod=644 docker/front/config.toml /config.toml
 
-EXPOSE		80 443
-STOPSIGNAL	SIGINT
+COPY		--from=builder-vite /app/dist /usr/share/webserv
+
+WORKDIR		/
+
+CMD			[ "/bin/webserv", "/config.toml" ]

docker/front/compose.yml

@@ -1,20 +1,11 @@
 services:
-  front:
-    container_name: transcendence-front
+  webserv:
+    container_name: transcendence-webserv
     build:
       dockerfile: docker/front/Dockerfile
       context: ../../
-    ports:
-      - ${OUT_PORT}:443
-    volumes:
-      - log-nginx:/var/log/front
     environment:
       - TZ=Europe/Paris
-    depends_on:
-      user-api:
-        condition: service_started
-      auth-api:
-        condition: service_started
     networks:
       - front
     restart: unless-stopped

docker/front/config.toml

@@ -0,0 +1,7 @@
+[server]
+host = "0.0.0.0"
+port = 80
+
+[server.location./]
+methods = { "GET" }
+root = "/usr/share/webserv"

docker/front/config/default.conf.template

@@ -1,57 +0,0 @@
-server {
-	error_log /var/log/front/err.log warn;
-	access_log /var/log/front/log.log;
-
-    listen 443 ssl;
-    server_name example.com;  # Replace with your domain or handle env vars externally
-
-    ssl_certificate     /etc/nginx/certs/fullchain.pem;
-    ssl_certificate_key /etc/nginx/certs/privkey.pem;
-
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers HIGH:!aNULL:!MD5;
-
-    root /usr/share/nginx/html;
-    index index.html;
-
-    modsecurity on;
-
-    location / {
-        try_files $uri $uri/ =404;
-    }
-
-    location /api/v1/user/ {
-        proxy_pass http://transcendence-api-user:3000/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-	location /api/v1/user/metrics {
-		return 403;
-	}
-
-    location /api/v1/auth/ {
-        proxy_pass http://transcendence-api-auth:3000/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-	location /api/v1/auth/metrics {
-		return 403;
-	}
-}
-
-server {
-    listen 80;
-    server_name example.com;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 8080;
-    location /nginx_status {
-        stub_status;
-    }
-}

docker/front/entry/ssl-cert.sh

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-if [ ! -f /etc/nginx/certs/fullchain.pem ] || [ ! -f /etc/nginx/certs/privkey.pem ]; then
-  echo "Generating self-signed certs..."
-  mkdir -p /etc/nginx/certs
-  openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-    -keyout /etc/nginx/certs/privkey.pem \
-    -out /etc/nginx/certs/fullchain.pem \
-    -subj "/C=FR/ST=IDF/L=Angouleme/O=42/OU=42/CN=trans.kanel.ovh/UID=adjoly"
-fi