payload cms docker

README.md

enabling build

• docker-compose.yml must expose your database, in my example it's mongo exposed on 27018
• docker-compose.yml must include network: host in the payload build: section so it can access the db
• Dockerfile overrides the .env database with the host-relative connection string: ENV DATABASE_URI="mongodb://127.0.0.1:27018/payload"

still problematic

• nextcache is not right, i get errors about permission denied, mkdir '/app/.next/cache/fetch-cache.
  • next bulid happens as root but runtime we're not root. should probably just chown it in build and not volume mount
  • if mounting, should be .next/cache and writable by 1001:1001

docker-compose.yml

services:
  payload:
    build:
      context: .
      dockerfile: Dockerfile
      network: host
    # ports:
    #   - '3000:3000'
    depends_on:
      - mongo
    env_file:
      - .env
    volumes:
      - ./public/media:/app/public/media
      - nextcache:/app/.next/cache/images
    restart: always

  mongo:
    image: mongo:latest
    ports:
      - '27018:27017' # required to be available on host
    command:
      - --storageEngine=wiredTiger
    volumes:
      - data:/data/db
      - ./backups:/backups
    restart: always
    logging:
      driver: none

volumes:
  data:
  nextcache:

Dockerfile

# To use this Dockerfile, you have to set `output: 'standalone'` in your next.config.js file.
# From https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile

# FROM node:22.12.0-alpine AS base
FROM node:23-alpine AS base

# Install dependencies only when needed
FROM base AS deps
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apk add --no-cache libc6-compat
WORKDIR /app

# Install dependencies based on the preferred package manager
COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* .npmrc* ./
COPY . .
RUN \
  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
  elif [ -f package-lock.json ]; then npm ci; \
  elif [ -f pnpm-lock.yaml ]; then pnpm i --frozen-lockfile; \
  else echo "Lockfile not found." && exit 1; \
  fi

# Rebuild the source code only when needed
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .

# Next.js collects completely anonymous telemetry data about general usage.
# Learn more here: https://nextjs.org/telemetry
# Uncomment the following line in case you want to disable telemetry during the build.
ENV NEXT_TELEMETRY_DISABLED 1

# hacky build step mongo
ENV DATABASE_URI="mongodb://127.0.0.1:27018/payload"

RUN \
  if [ -f yarn.lock ]; then yarn run build; \
  elif [ -f package-lock.json ]; then npm run build; \
  elif [ -f pnpm-lock.yaml ]; then pnpm run build; \
  else echo "Lockfile not found." && exit 1; \
  fi

# Production image, copy all the files and run next
FROM base AS runner
WORKDIR /app

ENV NODE_ENV production
# Uncomment the following line in case you want to disable telemetry during runtime.
# ENV NEXT_TELEMETRY_DISABLED 1

RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs

# Remove this line if you do not have this folder
COPY --from=builder /app/public ./public

# Set the correct permission for prerender cache
RUN mkdir .next
RUN chown nextjs:nodejs .next

# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

USER nextjs

EXPOSE 3000

ENV PORT 3000

# server.js is created by next build from the standalone output
# https://nextjs.org/docs/pages/api-reference/next-config-js/output
CMD HOSTNAME="0.0.0.0" node server.js