diff --git a/.dockerignore b/.dockerignore index 41e0a30..cb6063a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,4 @@ target -dockerfile .dockerignore .git .gitignore diff --git a/.gitignore b/.gitignore index d9c8632..36ca27a 100644 --- a/.gitignore +++ b/.gitignore @@ -21,5 +21,6 @@ node_modules/ *.db uploads/ +database/ assets/static/css/main.css .env \ No newline at end of file diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..666c725 --- /dev/null +++ b/compose.yml @@ -0,0 +1,14 @@ +services: + website: + build: . + container_name: gabrielkaszewski-website + restart: unless-stopped + ports: + - "80:5150" + volumes: + - ./database:/app/db + - ./uploads:/app/uploads + environment: + - JWT_SECRET=your_super_secret_production_jwt_key_here + - HOST=https://your-domain.com + - BINDING=0.0.0.0 diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index a293a48..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -services: - web: - build: . - volumes: - - uploads_volume:/usr/app/uploads - environment: - - HOST=${HOST} - - DATABASE_URL=${DATABASE_URL} - - JWT_SECRET=${JWT_SECRET} - - LOGGER_LEVEL=${LOGGER_LEVEL} - - BINDING=${BINDING} - depends_on: - db: - condition: service_healthy - expose: - - 5150 - db: - image: postgres:latest - volumes: - - postgres_data:/var/lib/postgresql/data - environment: - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_DB=${POSTGRES_DB} - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] - interval: 10s - timeout: 5s - retries: 5 -volumes: - postgres_data: - uploads_volume: \ No newline at end of file diff --git a/dockerfile b/dockerfile index 695ac84..35ac98c 100644 --- a/dockerfile +++ b/dockerfile @@ -1,17 +1,51 @@ -FROM rust:1.88-slim as builder +# ================================================================= +# Stage 1: Build the Rust application +# ================================================================= +FROM rust:1.89-slim-bookworm AS builder -WORKDIR /usr/src/ +RUN apt-get update && apt-get install -y libsqlite3-dev pkg-config build-essential -COPY . . +WORKDIR /app +COPY Cargo.toml Cargo.lock ./ +COPY .cargo ./.cargo/ +COPY migration ./migration + +RUN mkdir -p src/bin && \ + echo "fn main() {}" > src/bin/main.rs && \ + echo "fn main() {}" > src/bin/tool.rs RUN cargo build --release -FROM debian:bookworm-slim +COPY src ./src +COPY assets ./assets +COPY config ./config +RUN cargo build --release -WORKDIR /usr/app +# ================================================================= +# Stage 2: Create the final, lightweight runtime image +# ================================================================= +FROM debian:bookworm-slim AS runtime -COPY --from=builder /usr/src/assets /usr/app/assets -COPY --from=builder /usr/src/config /usr/app/config -COPY --from=builder /usr/src/target/release/gabrielkaszewski_rs-cli /usr/app/gabrielkaszewski_rs-cli +RUN apt-get update && apt-get install -y libsqlite3-0 libssl3 gosu && rm -rf /var/lib/apt/lists/* -ENTRYPOINT ["/usr/app/gabrielkaszewski_rs-cli", "start"] \ No newline at end of file +RUN addgroup --system nonroot && adduser --system --ingroup nonroot nonroot + +WORKDIR /app + +COPY --from=builder /app/target/release/gabrielkaszewski_rs-cli ./server + +COPY assets ./assets +COPY config ./config + +RUN mkdir -p /app/db /app/uploads && chown -R nonroot:nonroot /app/db /app/uploads + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh + +ENV LOCO_ENV=production +ENV DATABASE_URL=sqlite:///app/db/production.db?mode=rwc + +EXPOSE 5150 + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["./server", "start"] \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..2dc4897 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +chown -R nonroot:nonroot /app/db /app/uploads + +exec gosu nonroot "$@" \ No newline at end of file