From a92100b7c00ee686d14edccfd88ae1c725ac9721 Mon Sep 17 00:00:00 2001
From: adjoly <contact@adjoly.fr>
Date: Wed, 16 Jul 2025 13:46:39 +0200
Subject: [PATCH] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20wip:?=
 =?UTF-8?q?=20nginx=20and=20modsec=20working?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .dockerignore                             |  2 +-
 Justfile                                  | 20 ++++++---
 docker/{node-base => api-base}/Dockerfile |  3 ++
 docker/docker-compose.yml                 | 53 ++++++++++++++++++-----
 docker/front/Dockerfile                   | 29 +++++++++++++
 docker/front/config/default.conf.template | 42 ++++++++++++++++++
 docker/front/entry/ssl-cert.sh            | 10 +++++
 docker/user-api/Dockerfile                |  6 ---
 8 files changed, 141 insertions(+), 24 deletions(-)
 rename docker/{node-base => api-base}/Dockerfile (91%)
 create mode 100644 docker/front/config/default.conf.template
 create mode 100644 docker/front/entry/ssl-cert.sh
 delete mode 100644 docker/user-api/Dockerfile

diff --git a/.dockerignore b/.dockerignore
index a5f1a53..e01f101 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -7,7 +7,7 @@ node_modules/
 
 # useless files in the docker
 *.md
-docker/
+# docker/
 
 # PLEASE NO
 .env
diff --git a/Justfile b/Justfile
index 6ea9623..24966fa 100644
--- a/Justfile
+++ b/Justfile
@@ -21,13 +21,23 @@
 
 # To build the base of the for the fastify docker images
 @build-node-base:
-	docker build -t node-base -f docker/node-base/Dockerfile .
+	docker build -t node-base -f docker/api-base/Dockerfile .
 
-@docker: build-node-base
-	docker compose -f docker/docker-compose.yml up -d user-api --build
+# To launch the docker compose
+@docker: 
+	docker compose -f docker/docker-compose.yml up -d --build
 
-@clean-docker:
+# To stop the docker compose
+@stop-docker: 
+	docker compose -f docker/docker-compose.yml down
+
+# To rebuild fully the docker (use it with caution)
+@re-docker: clean-docker docker
+
+# To completely docker
+@clean-docker: clean-compose
 	docker system prune -af
 
-@clean-compose:
+# To clean only the container launched by the compose
+@clean-compose: stop-docker
 	docker compose -f docker/docker-compose.yml rm
diff --git a/docker/node-base/Dockerfile b/docker/api-base/Dockerfile
similarity index 91%
rename from docker/node-base/Dockerfile
rename to docker/api-base/Dockerfile
index 7302e0e..7e4437a 100644
--- a/docker/node-base/Dockerfile
+++ b/docker/api-base/Dockerfile
@@ -19,3 +19,6 @@ COPY		--from=builder /app/pnpm-lock.yaml /app/pnpm-lock.yaml
 COPY		--from=builder /app/package.json /app/package.json
 
 ENV			NODE_ENV=production
+EXPOSE		3000
+
+CMD			[ "node", "/app/src/start.js" ]
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 1cbef9e..15819d1 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,20 +1,49 @@
 services:
   front:
-    image: owasp/modsecurity-crs:nginx-alpine
-    ports:
-      - 443:443
-    # environment:
-    #   - euuuh
-  user-api:
+    container_name: transcendence-front
     build:
-      dockerfile: docker/user-api/Dockerfile
+      dockerfile: docker/front/Dockerfile
+      context: ..
+    ports:
+      - 8443:443
+    environment:
+      SERVER_NAME: localhost
+    depends_on:
+      user-api:
+        condition: service_started
+      auth-api:
+        condition: service_started
+    networks:
+      - front
+  user-api:
+    container_name: transcendence-api-user
+    build:
+      dockerfile: docker/api-base/Dockerfile
+      context: ..
+      tags:
+        - api-base
+    networks:
+      - front
+      - back
+    environment:
+      - API_TARGET=user
+  auth-api:
+    container_name: transcendence-api-auth
+    build:
+      dockerfile: docker/api-base/Dockerfile
       context: ..
     networks:
-      - transcendence
-    ports:
-      - 3000:3000
+      - front
+      - back
+    environment:
+      - API_TARGET=auth
+  
+  
 
 networks:
-  transcendence:
+  front:
     external: false
-    name: transcendence
+    name: front-backend
+  back:
+    external: false
+    name: trans-backend
diff --git a/docker/front/Dockerfile b/docker/front/Dockerfile
index e69de29..f5e1207 100644
--- a/docker/front/Dockerfile
+++ b/docker/front/Dockerfile
@@ -0,0 +1,29 @@
+FROM		node:lts-alpine AS builder
+
+RUN			npm install -g pnpm
+
+WORKDIR		/app
+
+COPY		package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+
+RUN			pnpm install --frozen-lockfile
+
+COPY		vite.config.js tailwind.config.js ./
+COPY		src ./src
+
+RUN			pnpm vite build
+
+FROM		owasp/modsecurity-crs:nginx-alpine
+
+RUN			mkdir -p /etc/nginx/modsecurity.d \
+			&& cp /etc/modsecurity.d/unicode.mapping /etc/nginx/modsecurity.d/unicode.mapping
+
+COPY		docker/front/config/default.conf.template \
+			/etc/nginx/templates/conf.d/default.conf.template
+
+COPY		--chmod=755 docker/front/entry/ssl-cert.sh /docker-entrypoint.d/ssl-cert.sh
+
+COPY		--from=builder /app/dist /usr/share/nginx/html
+
+EXPOSE		80 443
+STOPSIGNAL	SIGINT
diff --git a/docker/front/config/default.conf.template b/docker/front/config/default.conf.template
new file mode 100644
index 0000000..15de225
--- /dev/null
+++ b/docker/front/config/default.conf.template
@@ -0,0 +1,42 @@
+server {
+    listen 443 ssl;
+    server_name example.com;  # Replace with your domain or handle env vars externally
+
+    ssl_certificate     /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    modsecurity on;
+#    modsecurity_rules_file /etc/nginx/modsecurity.d/modsecurity.conf;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location /api/v1/user/ {
+        proxy_pass http://transcendence-api-user:3000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /api/v1/auth/ {
+        proxy_pass http://transcendence-api-auth:3000/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 80;
+    server_name example.com;
+    return 301 https://$host$request_uri;
+}
diff --git a/docker/front/entry/ssl-cert.sh b/docker/front/entry/ssl-cert.sh
new file mode 100644
index 0000000..5c2a073
--- /dev/null
+++ b/docker/front/entry/ssl-cert.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if [ ! -f /etc/nginx/certs/fullchain.pem ] || [ ! -f /etc/nginx/certs/privkey.pem ]; then
+  echo "Generating self-signed certs..."
+  mkdir -p /etc/nginx/certs
+  openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout /etc/nginx/certs/privkey.pem \
+    -out /etc/nginx/certs/fullchain.pem \
+    -subj "/C=FR/ST=IDF/L=Angouleme/O=42/OU=42/CN=trans.kanel.ovh/UID=adjoly"
+fi
diff --git a/docker/user-api/Dockerfile b/docker/user-api/Dockerfile
deleted file mode 100644
index 857aff4..0000000
--- a/docker/user-api/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM		node-base
-
-EXPOSE		3000
-
-ENV			API_TARGET="user"
-CMD			[ "node", "/app/src/start.js" ]