-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
89 lines (69 loc) · 3.42 KB
/
Copy pathDockerfile
File metadata and controls
89 lines (69 loc) · 3.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Multi-stage build: compile SvelteKit frontend, build Brotli modules,
# then assemble the final Nginx image with envsubst template support.
ARG NGINX_VERSION=1.27.4
# ============================================================
# Stage 1 — Build SvelteKit frontend
# ============================================================
FROM node:24-slim AS frontend
WORKDIR /app
COPY package.json package-lock.json .env ./
RUN npm ci
COPY src/ src/
COPY static/ static/
COPY svelte.config.js vite.config.ts tsconfig.json ./
RUN npx svelte-kit sync && npm run build
# ============================================================
# Stage 2 — Build brotli dynamic modules
# ============================================================
FROM debian:bookworm-slim AS builder
ARG NGINX_VERSION
ARG NGX_BROTLI_COMMIT=a71f9312c2deb28875acc7bacfdd5695a111aa53
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential cmake git libpcre2-dev libssl-dev zlib1g-dev wget ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Clone ngx_brotli and build its brotli C library
WORKDIR /usr/local/src
RUN git clone https://github.com/google/ngx_brotli.git \
&& cd ngx_brotli \
&& git checkout ${NGX_BROTLI_COMMIT} \
&& git submodule update --init --recursive
WORKDIR /usr/local/src/ngx_brotli/deps/brotli
RUN cmake -B out -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF \
&& cmake --build out --config Release --target brotlienc -j$(nproc)
# Download nginx source and build only the brotli dynamic modules
WORKDIR /usr/local/src
RUN wget -q http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \
&& tar -xzf nginx-${NGINX_VERSION}.tar.gz
WORKDIR /usr/local/src/nginx-${NGINX_VERSION}
RUN ./configure --with-compat --add-dynamic-module=/usr/local/src/ngx_brotli \
&& make modules -j$(nproc)
RUN mkdir -p /tmp/modules \
&& cp objs/ngx_http_brotli_filter_module.so /tmp/modules/ \
&& cp objs/ngx_http_brotli_static_module.so /tmp/modules/
# ============================================================
# Stage 2 — Runtime
# ============================================================
FROM nginx:${NGINX_VERSION}
# Install brotli modules
COPY --from=builder /tmp/modules/ngx_http_brotli_filter_module.so /usr/lib/nginx/modules/
COPY --from=builder /tmp/modules/ngx_http_brotli_static_module.so /usr/lib/nginx/modules/
# Remove default nginx site config
RUN rm /etc/nginx/conf.d/default.conf
# Copy nginx base config (global settings + brotli)
COPY docker/nginx.conf /etc/nginx/nginx.conf
# Copy nginx server template (envsubst processes this at startup)
COPY docker/default.conf.template /etc/nginx/templates/default.conf.template
# Copy entrypoint script for SPA env var replacement
COPY docker/entrypoint.sh /docker-entrypoint.d/40-substitute-env-vars.sh
RUN chmod +x /docker-entrypoint.d/40-substitute-env-vars.sh
# Bundle the addon-sync script + a Node binary so the running container can
# self-refresh PostGuard addon downloads (see /docker-entrypoint.d/50-…).
# We pull the binary from node:24-slim — same debian-bookworm base as nginx,
# so the runtime libs match without an apt install.
COPY --from=node:24-slim /usr/local/bin/node /usr/local/bin/node
COPY scripts/sync-addons.mjs /opt/sync-addons/sync-addons.mjs
COPY docker/sync-addons-loop.sh /docker-entrypoint.d/50-sync-addons.sh
RUN chmod +x /docker-entrypoint.d/50-sync-addons.sh
# Copy frontend built in Stage 1
COPY --from=frontend /app/build /usr/share/nginx/html/postguard
EXPOSE 80