From 40568eb4672f25ab0796ba96460102f5e6aea57c Mon Sep 17 00:00:00 2001 From: Pavel Zilke Date: Tue, 25 Nov 2025 21:00:15 +0300 Subject: [PATCH 1/4] update config/.env --- config/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/.env b/config/.env index 5c4558f..714e737 100644 --- a/config/.env +++ b/config/.env @@ -1 +1 @@ -IMAGE=eks-app:latest +IMAGE=eks-app:1.1.5 From 47a3233265e9df58c1eec14be71d8280af4257c7 Mon Sep 17 00:00:00 2001 From: Pavel Zilke Date: Tue, 25 Nov 2025 22:38:55 +0300 Subject: [PATCH 2/4] fix --- Dockerfile | 24 ++++++++++++++++++------ config/docker-compose.yaml | 7 ++++++- config/nginx.conf | 9 +-------- 3 files changed, 25 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index f8d8572..37538f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.1 -ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.1 +ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.2 +ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/alpine:3.22.2 FROM $BUILDER_IMAGE AS builder @@ -35,11 +35,23 @@ RUN rm -f /etc/apk/repositories \ ENV BACKEND_URL=http://localhost:8080 ENV CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api -COPY config/nginx.conf /etc/nginx/nginx.conf -COPY --from=builder /app/frontend/dist /usr/share/nginx/html -COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar -COPY --from=builder /app/config-data-executor/target/*.jar /home/app/cde.jar EXPOSE 80 +RUN addgroup --system --gid 1002 app \ + && adduser -S appuser -u 1002 -G app \ + && adduser -S cdeuser -u 1003 -G app \ + && mkdir -p /home/app/transaction-logs && chown appuser:app /home/app \ + && mkdir -p /home/cde/transaction-logs && chown cdeuser:app /home/cde + +COPY config/nginx.conf /etc/nginx/nginx.conf +COPY --from=builder /app/frontend/dist /usr/share/nginx/html +COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar +COPY --from=builder /app/config-data-executor/target/*.jar /home/cde/cde.jar + + +USER appuser + +WORKDIR /home/app + ENTRYPOINT ["java", "-jar", "/home/app/backend.jar"] diff --git a/config/docker-compose.yaml b/config/docker-compose.yaml index 4e02b55..420fa11 100644 --- a/config/docker-compose.yaml +++ b/config/docker-compose.yaml @@ -14,6 +14,8 @@ services: eks-backend: image: ${IMAGE:-eks-app:latest} + user: appuser + working_dir: /home/app depends_on: - db entrypoint: ["java", "-jar", "/home/app/backend.jar"] @@ -25,6 +27,7 @@ services: eks-frontend: image: ${IMAGE:-eks-app:latest} + user: "101:102" depends_on: - eks-backend ports: @@ -35,7 +38,9 @@ services: eks-cde: image: ${IMAGE:-eks-app:latest} - entrypoint: ["java", "-jar", "/home/app/cde.jar"] + user: cdeuser + working_dir: /home/cde + entrypoint: ["java", "-jar", "/home/cde/cde.jar"] volumes: - ./cde-xml:/cde-xml environment: diff --git a/config/nginx.conf b/config/nginx.conf index 76c1450..ec0a5c1 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -19,16 +19,10 @@ http { gzip on; gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml; - log_format nginx_main - '$remote_addr - $remote_user [$time_local] $request ' - '"$status" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '"$request_filename" "$gzip_ratio" $upstream_response_time server: $host : $document_root $fastcgi_script_name '; - server { listen 80 default; - access_log /var/log/nginx/access.log nginx_main; + access_log /var/log/nginx/access.log combined; error_log /var/log/nginx/error.log error; root /usr/share/nginx/html; @@ -74,7 +68,6 @@ http { proxy_pass http://eks-backend:8080/ervu-eks/; proxy_set_header Accept application/json; add_header Content-Type application/json; - proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } From b5d1982b63da1718067c562b0036a10300b37737 Mon Sep 17 00:00:00 2001 From: Pavel Zilke Date: Tue, 25 Nov 2025 23:15:20 +0300 Subject: [PATCH 3/4] fix --- Dockerfile | 9 +++------ config/docker-compose.yaml | 4 ++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 37538f6..f874355 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,18 +39,15 @@ ENV CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api EXPOSE 80 RUN addgroup --system --gid 1002 app \ - && adduser -S appuser -u 1002 -G app \ - && adduser -S cdeuser -u 1003 -G app \ - && mkdir -p /home/app/transaction-logs && chown appuser:app /home/app \ - && mkdir -p /home/cde/transaction-logs && chown cdeuser:app /home/cde + && adduser -S app -u 1002 -G app \ + && adduser -S cde -u 1003 -G app COPY config/nginx.conf /etc/nginx/nginx.conf COPY --from=builder /app/frontend/dist /usr/share/nginx/html COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar COPY --from=builder /app/config-data-executor/target/*.jar /home/cde/cde.jar - -USER appuser +USER app WORKDIR /home/app diff --git a/config/docker-compose.yaml b/config/docker-compose.yaml index 420fa11..f609344 100644 --- a/config/docker-compose.yaml +++ b/config/docker-compose.yaml @@ -14,7 +14,7 @@ services: eks-backend: image: ${IMAGE:-eks-app:latest} - user: appuser + user: app working_dir: /home/app depends_on: - db @@ -38,7 +38,7 @@ services: eks-cde: image: ${IMAGE:-eks-app:latest} - user: cdeuser + user: cde working_dir: /home/cde entrypoint: ["java", "-jar", "/home/cde/cde.jar"] volumes: From 809df2b6bc5aa059b868a5475c30b759a84f2197 Mon Sep 17 00:00:00 2001 From: Pavel Zilke Date: Tue, 25 Nov 2025 23:44:49 +0300 Subject: [PATCH 4/4] delete old cde Dockerfile --- config-data-executor/Dockerfile | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 config-data-executor/Dockerfile diff --git a/config-data-executor/Dockerfile b/config-data-executor/Dockerfile deleted file mode 100644 index 0aaea2c..0000000 --- a/config-data-executor/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM bellsoft/liberica-openjdk-alpine:17-cds -COPY target/*.jar app.jar - -CMD ["java", "-jar", "app.jar"] \ No newline at end of file