From 05af5157887a07e1bc694dbb58ff1bdcec6a51c9 Mon Sep 17 00:00:00 2001 From: adjoly Date: Tue, 15 Jul 2025 14:09:22 +0200 Subject: [PATCH 1/6] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?= =?UTF-8?q?ip:=20Started=20docker=20setup=20-=20made=20node=20base=20image?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .dockerignore | 8 ++++++-- dev.js | 32 -------------------------------- docker/docker-compose.yml | 10 ++++++++++ docker/front/Dockerfile | 0 docker/node-base/Dockerfile | 21 +++++++++++++++++++++ docker/user-api/Dockerfile | 0 6 files changed, 37 insertions(+), 34 deletions(-) delete mode 100644 dev.js create mode 100644 docker/docker-compose.yml create mode 100644 docker/front/Dockerfile create mode 100644 docker/node-base/Dockerfile create mode 100644 docker/user-api/Dockerfile diff --git a/.dockerignore b/.dockerignore index 1a58c56..1c34354 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,10 @@ +# nix thing flake.nix flake.lock -docker/ - +# node thing node_modules/ + +# useless files in the docker +*.md +docker/ diff --git a/dev.js b/dev.js deleted file mode 100644 index a0ab584..0000000 --- a/dev.js +++ /dev/null @@ -1,32 +0,0 @@ -import Fastify from 'fastify'; -import authApi from './api/auth/default.js'; -import userApi from './api/user/default.js'; - -const loggerOption = { - transport: { - target: 'pino-pretty', - options: { - colorize: true, - translateTime: 'HH:MM:ss', - ignore: 'pid,hostname' - } - } -}; - -async function start() { - const auth = Fastify({ - logger: loggerOption - }); - auth.register(authApi); - await auth.listen({ port: 3001 }); - console.log('Auth API listening on http://localhost:3001'); - - const user = Fastify({ - logger: loggerOption - }); - user.register(userApi); - await user.listen({ port: 3002 }); - console.log('User data API listening on http://localhost:3002'); -} - -start().catch(console.error); diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 0000000..80d466d --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,10 @@ +services: + front: + image: owasp/modsecurity-crs:nginx-alpine + ports: + - 443:443 + # environment: + # - euuuh + user-api: + image: + cmd: diff --git a/docker/front/Dockerfile b/docker/front/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/docker/node-base/Dockerfile b/docker/node-base/Dockerfile new file mode 100644 index 0000000..7302e0e --- /dev/null +++ b/docker/node-base/Dockerfile @@ -0,0 +1,21 @@ +FROM node:lts-alpine AS builder + +# copy all the nessecary file to download the dependency +COPY package.json pnpm-lock.yaml pnpm-workspace.yaml /app/ + +# install all the dependency +RUN npm install -g pnpm +RUN cd /app \ + && pnpm install --prod + +FROM node:lts-alpine AS base + +# copy the source files +COPY src /app/src + +# copy the downloaded files +COPY --from=builder /app/node_modules /app/node_modules +COPY --from=builder /app/pnpm-lock.yaml /app/pnpm-lock.yaml +COPY --from=builder /app/package.json /app/package.json + +ENV NODE_ENV=production diff --git a/docker/user-api/Dockerfile b/docker/user-api/Dockerfile new file mode 100644 index 0000000..e69de29 From 59ee24b046de8c961bb01685bef48044ff7f27de Mon Sep 17 00:00:00 2001 From: adjoly Date: Tue, 15 Jul 2025 15:44:15 +0200 Subject: [PATCH 2/6] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?= =?UTF-8?q?ip:=20dev.js=20->=20start.js=20and=20working=20user=20api=20doc?= =?UTF-8?q?ker?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .dockerignore | 3 ++ docker/docker-compose.yml | 14 ++++++-- docker/user-api/Dockerfile | 6 ++++ src/dev.js => docker/user-api/start.js | 0 src/start.js | 46 ++++++++++++++++++++++++++ 5 files changed, 67 insertions(+), 2 deletions(-) rename src/dev.js => docker/user-api/start.js (100%) create mode 100644 src/start.js diff --git a/.dockerignore b/.dockerignore index 1c34354..a5f1a53 100644 --- a/.dockerignore +++ b/.dockerignore @@ -8,3 +8,6 @@ node_modules/ # useless files in the docker *.md docker/ + +# PLEASE NO +.env diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 80d466d..1cbef9e 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -6,5 +6,15 @@ services: # environment: # - euuuh user-api: - image: - cmd: + build: + dockerfile: docker/user-api/Dockerfile + context: .. + networks: + - transcendence + ports: + - 3000:3000 + +networks: + transcendence: + external: false + name: transcendence diff --git a/docker/user-api/Dockerfile b/docker/user-api/Dockerfile index e69de29..857aff4 100644 --- a/docker/user-api/Dockerfile +++ b/docker/user-api/Dockerfile @@ -0,0 +1,6 @@ +FROM node-base + +EXPOSE 3000 + +ENV API_TARGET="user" +CMD [ "node", "/app/src/start.js" ] diff --git a/src/dev.js b/docker/user-api/start.js similarity index 100% rename from src/dev.js rename to docker/user-api/start.js diff --git a/src/start.js b/src/start.js new file mode 100644 index 0000000..ae048c9 --- /dev/null +++ b/src/start.js @@ -0,0 +1,46 @@ +import Fastify from 'fastify'; +import authApi from './api/auth/default.js'; +import userApi from './api/user/default.js'; + +const loggerOption = { + transport: { + target: 'pino-pretty', + options: { + colorize: true, + translateTime: 'HH:MM:ss', + ignore: 'pid,hostname' + } + } +}; + +async function start() { + const target = process.env.API_TARGET || 'all'; + + if (target === 'auth' || target === 'all') { + const auth = Fastify({ logger: loggerOption }); + auth.register(authApi); + if (target !== 'all') { + await auth.listen({ port: 3000, host: '0.0.0.0' }); + console.log('Auth API listening on http://0.0.0.0:3000'); + } + else { + await auth.listen({ port: 3001, host: '127.0.0.1'}); + console.log('Auth API listening on http://localhost:3001'); + } + } + + if (target === 'user' || target === 'all') { + const user = Fastify({ logger: loggerOption }); + user.register(userApi); + if (target !== 'all') { + await user.listen({ port: 3000, host: '0.0.0.0' }); + console.log('User API listening on http://0.0.0.0:3000'); + } + else { + await user.listen({ port: 3002, host: '127.0.0.1'}); + console.log('User API listening on http://localhost:3002'); + } + } +} + +start().catch(console.error); From b5200e05ae1641e789c16a8099125dcd20d3c919 Mon Sep 17 00:00:00 2001 From: adjoly Date: Tue, 15 Jul 2025 15:46:06 +0200 Subject: [PATCH 3/6] =?UTF-8?q?=E3=80=8C=F0=9F=97=91=EF=B8=8F=E3=80=8D=20c?= =?UTF-8?q?lean:=20cleaned=20project.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/user-api/start.js | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 docker/user-api/start.js diff --git a/docker/user-api/start.js b/docker/user-api/start.js deleted file mode 100644 index a0ab584..0000000 --- a/docker/user-api/start.js +++ /dev/null @@ -1,32 +0,0 @@ -import Fastify from 'fastify'; -import authApi from './api/auth/default.js'; -import userApi from './api/user/default.js'; - -const loggerOption = { - transport: { - target: 'pino-pretty', - options: { - colorize: true, - translateTime: 'HH:MM:ss', - ignore: 'pid,hostname' - } - } -}; - -async function start() { - const auth = Fastify({ - logger: loggerOption - }); - auth.register(authApi); - await auth.listen({ port: 3001 }); - console.log('Auth API listening on http://localhost:3001'); - - const user = Fastify({ - logger: loggerOption - }); - user.register(userApi); - await user.listen({ port: 3002 }); - console.log('User data API listening on http://localhost:3002'); -} - -start().catch(console.error); From 86c740b284234fb2aadaf0ff5d532326c22f2bbe Mon Sep 17 00:00:00 2001 From: adjoly Date: Wed, 16 Jul 2025 09:49:23 +0200 Subject: [PATCH 4/6] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?= =?UTF-8?q?ip:=20justfile=20change?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Justfile | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/Justfile b/Justfile index f1a0830..6ea9623 100644 --- a/Justfile +++ b/Justfile @@ -1,21 +1,33 @@ -export FASTIFY_PRETTY_LOGS := "true" -export FASTIFY_PORT := "3001" -export FASTIFY_LOG_LEVEL := "info" +@default: + just -l -auth: +# For launching the authentification api +@auth $FASTIFY_LOG_LEVEL="info" $FASTIFY_PRETTY_LOGS="true": fastify start src/api/auth/default.js - -user: +# For launching the user data api +@user $FASTIFY_LOG_LEVEL="info" $FASTIFY_PRETTY_LOGS="true": fastify start src/api/user/default.js -apis: +# To launch all apis +@apis: node src/dev.js -front: +# To launch the front end +@front: vite +# To build the front end +@build-front: + @vite build -front-build: - vite build +# To build the base of the for the fastify docker images +@build-node-base: + docker build -t node-base -f docker/node-base/Dockerfile . -front-preview: - vite preview +@docker: build-node-base + docker compose -f docker/docker-compose.yml up -d user-api --build + +@clean-docker: + docker system prune -af + +@clean-compose: + docker compose -f docker/docker-compose.yml rm From a92100b7c00ee686d14edccfd88ae1c725ac9721 Mon Sep 17 00:00:00 2001 From: adjoly Date: Wed, 16 Jul 2025 13:46:39 +0200 Subject: [PATCH 5/6] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?= =?UTF-8?q?ip:=20nginx=20and=20modsec=20working?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .dockerignore | 2 +- Justfile | 20 ++++++--- docker/{node-base => api-base}/Dockerfile | 3 ++ docker/docker-compose.yml | 53 ++++++++++++++++++----- docker/front/Dockerfile | 29 +++++++++++++ docker/front/config/default.conf.template | 42 ++++++++++++++++++ docker/front/entry/ssl-cert.sh | 10 +++++ docker/user-api/Dockerfile | 6 --- 8 files changed, 141 insertions(+), 24 deletions(-) rename docker/{node-base => api-base}/Dockerfile (91%) create mode 100644 docker/front/config/default.conf.template create mode 100644 docker/front/entry/ssl-cert.sh delete mode 100644 docker/user-api/Dockerfile diff --git a/.dockerignore b/.dockerignore index a5f1a53..e01f101 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,7 +7,7 @@ node_modules/ # useless files in the docker *.md -docker/ +# docker/ # PLEASE NO .env diff --git a/Justfile b/Justfile index 6ea9623..24966fa 100644 --- a/Justfile +++ b/Justfile @@ -21,13 +21,23 @@ # To build the base of the for the fastify docker images @build-node-base: - docker build -t node-base -f docker/node-base/Dockerfile . + docker build -t node-base -f docker/api-base/Dockerfile . -@docker: build-node-base - docker compose -f docker/docker-compose.yml up -d user-api --build +# To launch the docker compose +@docker: + docker compose -f docker/docker-compose.yml up -d --build -@clean-docker: +# To stop the docker compose +@stop-docker: + docker compose -f docker/docker-compose.yml down + +# To rebuild fully the docker (use it with caution) +@re-docker: clean-docker docker + +# To completely docker +@clean-docker: clean-compose docker system prune -af -@clean-compose: +# To clean only the container launched by the compose +@clean-compose: stop-docker docker compose -f docker/docker-compose.yml rm diff --git a/docker/node-base/Dockerfile b/docker/api-base/Dockerfile similarity index 91% rename from docker/node-base/Dockerfile rename to docker/api-base/Dockerfile index 7302e0e..7e4437a 100644 --- a/docker/node-base/Dockerfile +++ b/docker/api-base/Dockerfile @@ -19,3 +19,6 @@ COPY --from=builder /app/pnpm-lock.yaml /app/pnpm-lock.yaml COPY --from=builder /app/package.json /app/package.json ENV NODE_ENV=production +EXPOSE 3000 + +CMD [ "node", "/app/src/start.js" ] diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 1cbef9e..15819d1 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,20 +1,49 @@ services: front: - image: owasp/modsecurity-crs:nginx-alpine - ports: - - 443:443 - # environment: - # - euuuh - user-api: + container_name: transcendence-front build: - dockerfile: docker/user-api/Dockerfile + dockerfile: docker/front/Dockerfile + context: .. + ports: + - 8443:443 + environment: + SERVER_NAME: localhost + depends_on: + user-api: + condition: service_started + auth-api: + condition: service_started + networks: + - front + user-api: + container_name: transcendence-api-user + build: + dockerfile: docker/api-base/Dockerfile + context: .. + tags: + - api-base + networks: + - front + - back + environment: + - API_TARGET=user + auth-api: + container_name: transcendence-api-auth + build: + dockerfile: docker/api-base/Dockerfile context: .. networks: - - transcendence - ports: - - 3000:3000 + - front + - back + environment: + - API_TARGET=auth + + networks: - transcendence: + front: external: false - name: transcendence + name: front-backend + back: + external: false + name: trans-backend diff --git a/docker/front/Dockerfile b/docker/front/Dockerfile index e69de29..f5e1207 100644 --- a/docker/front/Dockerfile +++ b/docker/front/Dockerfile @@ -0,0 +1,29 @@ +FROM node:lts-alpine AS builder + +RUN npm install -g pnpm + +WORKDIR /app + +COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./ + +RUN pnpm install --frozen-lockfile + +COPY vite.config.js tailwind.config.js ./ +COPY src ./src + +RUN pnpm vite build + +FROM owasp/modsecurity-crs:nginx-alpine + +RUN mkdir -p /etc/nginx/modsecurity.d \ + && cp /etc/modsecurity.d/unicode.mapping /etc/nginx/modsecurity.d/unicode.mapping + +COPY docker/front/config/default.conf.template \ + /etc/nginx/templates/conf.d/default.conf.template + +COPY --chmod=755 docker/front/entry/ssl-cert.sh /docker-entrypoint.d/ssl-cert.sh + +COPY --from=builder /app/dist /usr/share/nginx/html + +EXPOSE 80 443 +STOPSIGNAL SIGINT diff --git a/docker/front/config/default.conf.template b/docker/front/config/default.conf.template new file mode 100644 index 0000000..15de225 --- /dev/null +++ b/docker/front/config/default.conf.template @@ -0,0 +1,42 @@ +server { + listen 443 ssl; + server_name example.com; # Replace with your domain or handle env vars externally + + ssl_certificate /etc/nginx/certs/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + + root /usr/share/nginx/html; + index index.html; + + modsecurity on; +# modsecurity_rules_file /etc/nginx/modsecurity.d/modsecurity.conf; + + location / { + try_files $uri $uri/ =404; + } + + location /api/v1/user/ { + proxy_pass http://transcendence-api-user:3000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /api/v1/auth/ { + proxy_pass http://transcendence-api-auth:3000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + listen 80; + server_name example.com; + return 301 https://$host$request_uri; +} diff --git a/docker/front/entry/ssl-cert.sh b/docker/front/entry/ssl-cert.sh new file mode 100644 index 0000000..5c2a073 --- /dev/null +++ b/docker/front/entry/ssl-cert.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +if [ ! -f /etc/nginx/certs/fullchain.pem ] || [ ! -f /etc/nginx/certs/privkey.pem ]; then + echo "Generating self-signed certs..." + mkdir -p /etc/nginx/certs + openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ + -keyout /etc/nginx/certs/privkey.pem \ + -out /etc/nginx/certs/fullchain.pem \ + -subj "/C=FR/ST=IDF/L=Angouleme/O=42/OU=42/CN=trans.kanel.ovh/UID=adjoly" +fi diff --git a/docker/user-api/Dockerfile b/docker/user-api/Dockerfile deleted file mode 100644 index 857aff4..0000000 --- a/docker/user-api/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -FROM node-base - -EXPOSE 3000 - -ENV API_TARGET="user" -CMD [ "node", "/app/src/start.js" ] From 6c3bf35c68cb1c13c087e95446287d7fb7624f88 Mon Sep 17 00:00:00 2001 From: adjoly Date: Thu, 17 Jul 2025 14:17:25 +0200 Subject: [PATCH 6/6] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20w?= =?UTF-8?q?ip:=20work=20in=20progress,=20not=20done=20yet.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/front/config/default.conf.template | 1 - package.json | 4 ++-- pnpm-lock.yaml | 6 +++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/docker/front/config/default.conf.template b/docker/front/config/default.conf.template index 15de225..68b9e75 100644 --- a/docker/front/config/default.conf.template +++ b/docker/front/config/default.conf.template @@ -12,7 +12,6 @@ server { index index.html; modsecurity on; -# modsecurity_rules_file /etc/nginx/modsecurity.d/modsecurity.conf; location / { try_files $uri $uri/ =404; diff --git a/package.json b/package.json index a9dd300..839ae51 100644 --- a/package.json +++ b/package.json @@ -6,11 +6,11 @@ "bcrypt": "^6.0.0", "better-sqlite3": "^12.2.0", "fastify": "^5.4.0", - "fastify-cli": "^7.4.0", - "typescript": "^5.8.3" + "fastify-cli": "^7.4.0" }, "type": "module", "devDependencies": { + "typescript": "^5.8.3", "tailwindcss": "^4.1.11", "@tailwindcss/vite": "^4.1.11", "pino-pretty": "^13.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c1018d4..4a38815 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -29,9 +29,6 @@ importers: fastify-cli: specifier: ^7.4.0 version: 7.4.0 - typescript: - specifier: ^5.8.3 - version: 5.8.3 devDependencies: '@tailwindcss/vite': specifier: ^4.1.11 @@ -42,6 +39,9 @@ importers: tailwindcss: specifier: ^4.1.11 version: 4.1.11 + typescript: + specifier: ^5.8.3 + version: 5.8.3 vite: specifier: ^6.3.5 version: 6.3.5(jiti@2.4.2)(lightningcss@1.30.1)