88 lines
2.5 KiB
Docker
88 lines
2.5 KiB
Docker
# Dockerfile Master pour lecoffre_node - Architecture autonome complète
|
|
FROM debian:bookworm-slim
|
|
|
|
# Métadonnées
|
|
LABEL maintainer="4NK Team" \
|
|
description="LeCoffre Node - Master Container avec Nginx intégré" \
|
|
version="1.0.0"
|
|
|
|
# Variables d'environnement
|
|
ENV DEBIAN_FRONTEND=noninteractive \
|
|
TZ=Europe/Paris \
|
|
NGINX_VERSION=1.22.1 \
|
|
DOCKER_COMPOSE_VERSION=2.21.0
|
|
|
|
# Installation des dépendances système
|
|
RUN apt-get update && apt-get upgrade -y && \
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
wget \
|
|
git \
|
|
jq \
|
|
python3 \
|
|
python3-pip \
|
|
docker.io \
|
|
docker-compose \
|
|
nginx \
|
|
supervisor \
|
|
cron \
|
|
logrotate \
|
|
openssl \
|
|
&& \
|
|
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
|
|
|
# Installation de Docker Compose
|
|
RUN curl -L "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" \
|
|
-o /usr/local/bin/docker-compose && \
|
|
chmod +x /usr/local/bin/docker-compose
|
|
|
|
# Création des utilisateurs
|
|
RUN useradd -m -u 1000 appuser && \
|
|
useradd -m -u 10000 lecoffreuser && \
|
|
usermod -aG docker appuser
|
|
|
|
# Répertoire de travail
|
|
WORKDIR /app
|
|
|
|
# Copie des fichiers de configuration
|
|
COPY conf/nginx/ /etc/nginx/sites-available/
|
|
COPY conf/nginx/nginx.conf /etc/nginx/nginx.conf
|
|
COPY conf/supervisor/ /etc/supervisor/conf.d/
|
|
COPY scripts/ /app/scripts/
|
|
COPY web/ /var/www/lecoffre/
|
|
COPY docker-compose.yml /app/
|
|
COPY .env /app/.env
|
|
|
|
# Configuration Nginx autonome et génération des certificats SSL
|
|
RUN mkdir -p /var/www/lecoffre/status /var/www/lecoffre/assets && \
|
|
ln -sf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/ && \
|
|
rm -f /etc/nginx/sites-enabled/default && \
|
|
/app/scripts/generate-ssl-certs.sh && \
|
|
nginx -t && \
|
|
chown -R www-data:www-data /var/www/lecoffre
|
|
|
|
# Configuration Supervisor
|
|
RUN mkdir -p /var/log/supervisor && \
|
|
chown -R appuser:appuser /app
|
|
|
|
# Scripts d'initialisation
|
|
RUN chmod +x /app/scripts/*.sh
|
|
|
|
# Ports exposés
|
|
EXPOSE 80 443 3000
|
|
|
|
# Volumes pour persistance
|
|
VOLUME ["/app/data", "/app/logs", "/var/lib/docker"]
|
|
|
|
# Utilisateur non-root
|
|
USER appuser
|
|
|
|
# Healthcheck
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
|
|
CMD curl -f http://localhost/status/ || exit 1
|
|
|
|
# Point d'entrée
|
|
ENTRYPOINT ["/app/scripts/entrypoint.sh"]
|
|
CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]
|