diff --git a/Dockerfile b/Dockerfile index f8d8572..f874355 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.1 -ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.1 +ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.2 +ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.2 FROM $BUILDER_IMAGE AS builder @@ -35,11 +35,20 @@ RUN rm -f /etc/apk/repositories \ ENV BACKEND_URL=http://localhost:8080 ENV CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api -COPY config/nginx.conf /etc/nginx/nginx.conf -COPY --from=builder /app/frontend/dist /usr/share/nginx/html -COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar -COPY --from=builder /app/config-data-executor/target/*.jar /home/app/cde.jar EXPOSE 80 +RUN addgroup --system --gid 1002 app \ + && adduser -S app -u 1002 -G app \ + && adduser -S cde -u 1003 -G app + +COPY config/nginx.conf /etc/nginx/nginx.conf +COPY --from=builder /app/frontend/dist /usr/share/nginx/html +COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar +COPY --from=builder /app/config-data-executor/target/*.jar /home/cde/cde.jar + +USER app + +WORKDIR /home/app + ENTRYPOINT ["java", "-jar", "/home/app/backend.jar"] diff --git a/config-data-executor/Dockerfile b/config-data-executor/Dockerfile deleted file mode 100644 index 0aaea2c..0000000 --- a/config-data-executor/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM bellsoft/liberica-openjdk-alpine:17-cds -COPY target/*.jar app.jar - -CMD ["java", "-jar", "app.jar"] \ No newline at end of file diff --git a/config/.env b/config/.env index 5c4558f..714e737 100644 --- a/config/.env +++ b/config/.env @@ -1 +1 @@ -IMAGE=eks-app:latest +IMAGE=eks-app:1.1.5 diff --git a/config/docker-compose.yaml b/config/docker-compose.yaml index 4e02b55..f609344 100644 --- a/config/docker-compose.yaml +++ b/config/docker-compose.yaml @@ -14,6 +14,8 @@ services: eks-backend: image: ${IMAGE:-eks-app:latest} + user: app + working_dir: /home/app depends_on: - db entrypoint: ["java", "-jar", "/home/app/backend.jar"] @@ -25,6 +27,7 @@ services: eks-frontend: image: ${IMAGE:-eks-app:latest} + user: "101:102" depends_on: - eks-backend ports: @@ -35,7 +38,9 @@ services: eks-cde: image: ${IMAGE:-eks-app:latest} - entrypoint: ["java", "-jar", "/home/app/cde.jar"] + user: cde + working_dir: /home/cde + entrypoint: ["java", "-jar", "/home/cde/cde.jar"] volumes: - ./cde-xml:/cde-xml environment: diff --git a/config/nginx.conf b/config/nginx.conf index 76c1450..ec0a5c1 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -19,16 +19,10 @@ http { gzip on; gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml; - log_format nginx_main - '$remote_addr - $remote_user [$time_local] $request ' - '"$status" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '"$request_filename" "$gzip_ratio" $upstream_response_time server: $host : $document_root $fastcgi_script_name '; - server { listen 80 default; - access_log /var/log/nginx/access.log nginx_main; + access_log /var/log/nginx/access.log combined; error_log /var/log/nginx/error.log error; root /usr/share/nginx/html; @@ -74,7 +68,6 @@ http { proxy_pass http://eks-backend:8080/ervu-eks/; proxy_set_header Accept application/json; add_header Content-Type application/json; - proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }