diff --git a/.dockerignore b/.dockerignore index 12355e32..007bac4f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,5 @@ -./** \ No newline at end of file +# Ignore everything +./** + +# Whitelist +!./docker-entrypoint.sh diff --git a/Dockerfile.42-node b/Dockerfile.42-node index 3f0b51f6..b4fa4f4c 100644 --- a/Dockerfile.42-node +++ b/Dockerfile.42-node @@ -1,12 +1,21 @@ -FROM node:16-alpine3.14 +FROM node:16-alpine3.15 -RUN apk add --no-cache curl zsh git emacs vim; +RUN apk add --no-cache su-exec curl zsh git emacs vim; # https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#global-npm-dependencies ENV NPM_CONFIG_PREFIX=/home/node/.npm-global ENV PATH=$PATH:/home/node/.npm-global/bin -# node:node is 1000:1000 so good for us +# set up specific uid and gid : https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#non-root-user +ARG HOST_UID=1000 +ARG HOST_GID=1000 + +RUN deluser --remove-home node \ + && addgroup -S node -g $HOST_GID \ + && adduser -u $HOST_UID -G node -SD -s /bin/sh node \ + && mkdir -p /app \ + && chown -R node:node /app + USER node ARG OH_MY_ZSH_THEME=cloud @@ -18,6 +27,13 @@ RUN set -eux; \ @vue/cli@next \ typeorm-cli; + +VOLUME /app WORKDIR /app +USER root + +COPY docker-entrypoint.sh /usr/local/bin +ENTRYPOINT ["docker-entrypoint.sh"] + CMD [ "zsh" ] diff --git a/README.md b/README.md index 0402f053..f5567c4c 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,20 @@ git clone https://github.com/Working-From-Home/ft_transcendence.git && cd ft_tra Create a `.env` file, template example: ``` ACCESS_TOKEN_SECRET=my_secret -REFRESH_TOKEN_SECRET=my_secret2 # expressed in seconds or a string describing a time span zeit/ms. Eg: 60, "2 days", "10h", "7d" -ACCESS_TOKEN_EXPIRATION=3200s -REFRESH_TOKEN_EXPIRATION=15d - +ACCESS_TOKEN_EXPIRATION=7d + +# Must change thoses two variables BEFORE BUILD AND RUN if +# running on 42's linux dump. +# Type the command `id` to get your `uid` and `gid`) +# Also it only works ouside `NFS`, like `/goinfre` or `/tmp`, +# thus, it doesn't works inside `/sgoinfre`, or your home `~/`. +# (PS: pretty useless because docker rootless set "random" uid:gid) +HOST_UID=1000 +HOST_GID=1000 + +HOSTNAME=e2r10p17 +FRONTEND_PORT=8080 # localhost can be replaced by the hostname or ip of the computer to # make the website available from others computers. # example: http://e2r5p13:3000 or http://10.05.155.14:3000 diff --git a/docker-compose.yml b/docker-compose.yml index 388f05bd..acbe2a50 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: "3.8" +version: "3.3" services: frontend: restart: always @@ -6,16 +6,24 @@ services: build: context: ./ dockerfile: Dockerfile.42-node + args: + - HOST_UID=${HOST_UID-1000} + - HOST_GID=${HOST_GID-1000} volumes: - ./frontend/:/app - ./shared/:/shared environment: - NODE_ENV=${NODE_ENV-development} - VUE_APP_BACKEND_SERVER_URI=${BACKEND_SERVER_URI} + - VUE_APP_HOSTNAME=${HOSTNAME} + - VUE_APP_FRONTEND_PORT=${FRONTEND_PORT} ports: - - 8080:8080 + - ${FRONTEND_PORT}:${FRONTEND_PORT} networks: - - mynet + # - mynet + mynet: + aliases: + - ${HOSTNAME} command: sh -c 'npm install && npm run serve' backend: @@ -26,8 +34,6 @@ services: environment: - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET} - ACCESS_TOKEN_EXPIRATION=${ACCESS_TOKEN_EXPIRATION} - - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET} - - REFRESH_TOKEN_EXPIRATION=${REFRESH_TOKEN_EXPIRATION} - BACKEND_SERVER_URI=${BACKEND_SERVER_URI} - OAUTH_REDIRECT_URI=${OAUTH_REDIRECT_URI} - FORTY_TWO_CLIENT_ID=${FORTY_TWO_CLIENT_ID} @@ -50,10 +56,10 @@ services: - 3000:3000 - 9229:9229 networks: - - mynet - # mynet: - # aliases: - # - ${DOMAIN} + # - mynet + mynet: + aliases: + - ${HOSTNAME} # command: sh -c 'npm install && npm run start:dev' command: sh -c 'npm install && npm run start:debug' @@ -65,7 +71,7 @@ services: - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - PGPORT= ${POSTGRES_PORT} ports: - - 5432:${POSTGRES_PORT} + - 5454:${POSTGRES_PORT} # default postgres (5432) port already in use in school's linux dump networks: - mynet volumes: diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 00000000..f3c44ffd --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +set -x + +BOLD="\e[1m" +RESET="\e[0m" +LIGHT_RED="\e[91m" +LIGHT_GREEN="\e[92m" +LIGHT_CYAN="\e[96m" + +logging(){ + local type=$1; shift + printf "${LIGHT_CYAN}${BOLD}Entrypoint${RESET} [%b] : %b\n" "$type" "$*" +} +log_info(){ + logging "${LIGHT_GREEN}info${RESET}" "$@" +} +log_error(){ + logging "${LIGHT_RED}error${RESET}" "$@" >&2 + exit 1 +} + +log_info "Entrypoint script started..." +if [ "$(id -u)" = "0" ]; then + log_info "Switch from root:root to node:node, aka $(id -u node):$(id -g node) " + chown -R node:node /app + exec su-exec node "$0" "$@" +fi + +exec "$@" \ No newline at end of file diff --git a/frontend/vue.config.js b/frontend/vue.config.js index 6331f9e8..d755cdf4 100644 --- a/frontend/vue.config.js +++ b/frontend/vue.config.js @@ -1,4 +1,8 @@ module.exports = { + devServer: { + host: process.env.VUE_APP_HOSTNAME, + port: process.env.VUE_APP_FRONTEND_PORT, + }, css: { loaderOptions: { sass: { @@ -11,4 +15,4 @@ module.exports = { }, }, }, -}; \ No newline at end of file +}; diff --git a/frontend/webpack.config.js b/frontend/webpack.config.js index fd4dc8ae..4e74a3b8 100644 --- a/frontend/webpack.config.js +++ b/frontend/webpack.config.js @@ -24,4 +24,4 @@ module.exports = { }, }, }, - }; \ No newline at end of file + };