Last active
September 15, 2018 17:35
-
-
Save daliborgogic/e9da361f5e6657e17430878906d2fec6 to your computer and use it in GitHub Desktop.
DevOops Multi Stage Build
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM mhart/alpine-node:10.10.0 as full | |
| WORKDIR /app | |
| ENV HOST 0.0.0.0 | |
| COPY . . | |
| RUN npm ci | |
| RUN npm run build | |
| RUN rm -rf node_modules | |
| # Magic! | |
| RUN npm ci nuxt-start-edge debug --production | |
| # base- images are statically compiled, so may not work if you have native npm module dependencies. | |
| FROM mhart/alpine-node:base-10.10.0 as mnml | |
| WORKDIR /app | |
| ENV NODE_ENV production | |
| ENV HOST 0.0.0.0 | |
| COPY package.json . | |
| COPY nuxt.config.js . | |
| COPY --from=full ./app/node_modules ./node_modules | |
| COPY --from=full ./app/.nuxt ./.nuxt | |
| COPY --from=full ./app/static ./static | |
| EXPOSE 3000 | |
| CMD ["node_modules/nuxt-start-edge/bin/nuxt-start"] | |
| FROM alpine:3.8 | |
| ENV NGINX_VERSION 1.15.3 | |
| RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ | |
| && CONFIG="\ | |
| --prefix=/etc/nginx \ | |
| --sbin-path=/usr/sbin/nginx \ | |
| --modules-path=/usr/lib/nginx/modules \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| --error-log-path=/var/log/nginx/error.log \ | |
| --http-log-path=/var/log/nginx/access.log \ | |
| --pid-path=/var/run/nginx.pid \ | |
| --lock-path=/var/run/nginx.lock \ | |
| --http-client-body-temp-path=/var/cache/nginx/client_temp \ | |
| --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ | |
| --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ | |
| --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ | |
| --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ | |
| --user=nginx \ | |
| --group=nginx \ | |
| --with-http_ssl_module \ | |
| --with-http_realip_module \ | |
| --with-http_addition_module \ | |
| --with-http_sub_module \ | |
| --with-http_dav_module \ | |
| --with-http_flv_module \ | |
| --with-http_mp4_module \ | |
| --with-http_gunzip_module \ | |
| --with-http_gzip_static_module \ | |
| --with-http_random_index_module \ | |
| --with-http_secure_link_module \ | |
| --with-http_stub_status_module \ | |
| --with-http_auth_request_module \ | |
| --with-http_xslt_module=dynamic \ | |
| --with-http_image_filter_module=dynamic \ | |
| --with-http_geoip_module=dynamic \ | |
| --with-threads \ | |
| --with-stream \ | |
| --with-stream_ssl_module \ | |
| --with-stream_ssl_preread_module \ | |
| --with-stream_realip_module \ | |
| --with-stream_geoip_module=dynamic \ | |
| --with-http_slice_module \ | |
| --with-mail \ | |
| --with-mail_ssl_module \ | |
| --with-compat \ | |
| --with-file-aio \ | |
| --with-http_v2_module \ | |
| --add-module=/tmp/ngx_brotli \ | |
| " \ | |
| && addgroup -S nginx \ | |
| && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ | |
| && apk add --no-cache --virtual .build-deps \ | |
| gcc \ | |
| libc-dev \ | |
| make \ | |
| openssl-dev \ | |
| pcre-dev \ | |
| zlib-dev \ | |
| linux-headers \ | |
| curl \ | |
| gnupg \ | |
| libxslt-dev \ | |
| gd-dev \ | |
| geoip-dev \ | |
| git \ | |
| && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ | |
| && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ | |
| && git clone https://github.com/eustas/ngx_brotli.git /tmp/ngx_brotli \ | |
| && export GNUPGHOME="$(mktemp -d)" \ | |
| && found=''; \ | |
| for server in \ | |
| ha.pool.sks-keyservers.net \ | |
| hkp://keyserver.ubuntu.com:80 \ | |
| hkp://p80.pool.sks-keyservers.net:80 \ | |
| pgp.mit.edu \ | |
| ; do \ | |
| echo "Fetching GPG key $GPG_KEYS from $server"; \ | |
| gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ | |
| done; \ | |
| test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ | |
| gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ | |
| && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ | |
| && mkdir -p /usr/src \ | |
| && tar -zxC /usr/src -f nginx.tar.gz \ | |
| && rm nginx.tar.gz \ | |
| && cd /tmp/ngx_brotli \ | |
| && git submodule update --init \ | |
| && cd /usr/src/nginx-$NGINX_VERSION \ | |
| && ./configure $CONFIG --with-debug \ | |
| && make -j$(getconf _NPROCESSORS_ONLN) \ | |
| && mv objs/nginx objs/nginx-debug \ | |
| && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ | |
| && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ | |
| && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ | |
| && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ | |
| && ./configure $CONFIG \ | |
| && make -j$(getconf _NPROCESSORS_ONLN) \ | |
| && make install \ | |
| && rm -rf /etc/nginx/html/ \ | |
| && mkdir /etc/nginx/conf.d/ \ | |
| && mkdir -p /usr/share/nginx/html/ \ | |
| && install -m644 html/index.html /usr/share/nginx/html/ \ | |
| && install -m644 html/50x.html /usr/share/nginx/html/ \ | |
| && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ | |
| && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ | |
| && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ | |
| && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ | |
| && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ | |
| && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ | |
| && strip /usr/sbin/nginx* \ | |
| && strip /usr/lib/nginx/modules/*.so \ | |
| && rm -rf /usr/src/nginx-$NGINX_VERSION /tmp/ngx_brotli \ | |
| \ | |
| # Bring in gettext so we can get `envsubst`, then throw | |
| # the rest away. To do this, we need to install `gettext` | |
| # then move `envsubst` out of the way so `gettext` can | |
| # be deleted completely, then move `envsubst` back. | |
| && apk add --no-cache --virtual .gettext gettext \ | |
| && mv /usr/bin/envsubst /tmp/ \ | |
| \ | |
| && runDeps="$( \ | |
| scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ | |
| | tr ',' '\n' \ | |
| | sort -u \ | |
| | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ | |
| )" \ | |
| && apk add --no-cache --virtual .nginx-rundeps $runDeps \ | |
| && apk del .build-deps \ | |
| && apk del .gettext \ | |
| && mv /tmp/envsubst /usr/local/bin/ \ | |
| \ | |
| # Bring in tzdata so users could set the timezones through the environment | |
| # variables | |
| && apk add --no-cache tzdata \ | |
| \ | |
| # forward request and error logs to docker log collector | |
| && ln -sf /dev/stdout /var/log/nginx/access.log \ | |
| && ln -sf /dev/stderr /var/log/nginx/error.log | |
| COPY nginx.conf /etc/nginx/nginx.conf | |
| COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf | |
| COPY certs /etc/nginx/certs | |
| COPY --from=mnml . /usr/share/nginx/html | |
| EXPOSE 80 443 | |
| RUN chown nginx.nginx /usr/share/nginx/html/ -R | |
| STOPSIGNAL SIGTERM | |
| CMD ["nginx", "-g", "daemon off;"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment