Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions .docker/Dockerfile.customer
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# ─────────────────────────────────────────────────────────────────────────────
# MULTI-STAGE BUILD con turbo prune
#
# Stage 1 (pruner): turbo prune isola SOLO i file di customer-service
# → out/json/ = package.json dei package necessari
# → out/full/ = sorgente completo (app + deps locali)
# → out/pnpm-lock.yaml = lockfile potato
#
# Stage 2 (deps): copia solo out/json/ + lockfile, installa dipendenze
# → layer Docker stabile: si ricostruisce solo se lockfile cambia
#
# Stage 3 (builder): copia sorgente, compila TypeScript
#
# Stage 4 (runner): immagine finale minimale — solo dist/ + node_modules
# niente devDependencies, niente sorgente TypeScript
# ─────────────────────────────────────────────────────────────────────────────

FROM node:24-alpine AS base
RUN npm install -g pnpm@11.5.1
WORKDIR /app

# ── Stage 1: prune ────────────────────────────────────────────────────────────
# Unico stage che vede tutta la codebase. turbo prune la taglia.
FROM base AS pruner
RUN npm install -g turbo
COPY . .
RUN turbo prune --scope=customer-service --docker

# ── Stage 2: deps ─────────────────────────────────────────────────────────────
# Solo package.json + lockfile → layer cachato separato dal sorgente.
# Se cambia solo il codice (non le dipendenze), questo layer non si ricostruisce.
FROM base AS deps
COPY --from=pruner /app/out/json/ .
COPY --from=pruner /app/out/pnpm-lock.yaml ./pnpm-lock.yaml
RUN pnpm install --frozen-lockfile

# ── Stage 3: builder ──────────────────────────────────────────────────────────
FROM base AS builder
COPY --from=deps /app/node_modules ./node_modules
COPY --from=pruner /app/out/full/ .
# prisma generate non richiede DATABASE_URL — legge solo lo schema e genera il client
RUN pnpm exec prisma generate --schema packages/database/prisma/schema.prisma
RUN pnpm --filter customer-service build

# ── Stage 4: runner ───────────────────────────────────────────────────────────
# Immagine production: solo runtime, no devDeps, no sorgente TypeScript.
FROM node:24-alpine AS runner
WORKDIR /app

# Utente non-root per sicurezza
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

COPY --from=builder /app/apps/customer-service/dist ./dist
COPY --from=builder /app/node_modules ./node_modules

USER appuser
EXPOSE 3001
CMD ["node", "dist/main"]
61 changes: 61 additions & 0 deletions .docker/Dockerfile.web
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# ─────────────────────────────────────────────────────────────────────────────
# MULTI-STAGE BUILD per Next.js standalone
#
# Stage 1 (pruner): turbo prune isola solo i file di web + sue dipendenze locali
#
# Stage 2 (deps): installa dipendenze dal lockfile potato
#
# Stage 3 (builder): compila Next.js in modalità standalone
# output in apps/web/.next/standalone/ — server.js auto-contenuto
#
# Stage 4 (runner): immagine finale minimale
# .next/standalone → server runtime
# .next/static → asset statici (JS/CSS bundles)
# public/ → file pubblici (favicon, immagini)
#
# NOTA: standalone non include .next/static e public/ — vanno copiati separatamente.
# In production si usa nginx davanti per servire gli static e fare reverse proxy.
# ─────────────────────────────────────────────────────────────────────────────

FROM node:24-alpine AS base
RUN npm install -g pnpm@11.5.1
WORKDIR /app

# ── Stage 1: prune ────────────────────────────────────────────────────────────
FROM base AS pruner
RUN npm install -g turbo
COPY . .
RUN turbo prune --scope=web --docker

# ── Stage 2: deps ─────────────────────────────────────────────────────────────
FROM base AS deps
COPY --from=pruner /app/out/json/ .
COPY --from=pruner /app/out/pnpm-lock.yaml ./pnpm-lock.yaml
RUN pnpm install --frozen-lockfile

# ── Stage 3: builder ──────────────────────────────────────────────────────────
FROM base AS builder
COPY --from=deps /app/node_modules ./node_modules
COPY --from=pruner /app/out/full/ .
ENV NEXT_TELEMETRY_DISABLED=1
RUN pnpm --filter web build

# ── Stage 4: runner ───────────────────────────────────────────────────────────
FROM node:24-alpine AS runner
WORKDIR /app

RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# standalone contiene server.js + node_modules minimale (solo runtime deps)
COPY --from=builder /app/apps/web/.next/standalone ./
# static assets e public vanno copiati separatamente (non inclusi in standalone)
COPY --from=builder /app/apps/web/.next/static ./apps/web/.next/static
COPY --from=builder /app/apps/web/public ./apps/web/public

USER appuser
EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME=0.0.0.0
ENV NEXT_TELEMETRY_DISABLED=1
# server.js generato da Next.js standalone si trova nella root dello standalone
CMD ["node", "apps/web/server.js"]
110 changes: 110 additions & 0 deletions .docker/docker-compose.production.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
# ─────────────────────────────────────────────────────────────────────────────
# DOCKER COMPOSE — template per server di produzione/staging
#
# COME USARE:
# 1. Copia questo file sul server come ~/visit-notebook/docker-compose.yml
# 2. Crea ~/visit-notebook/.env con le variabili reali (non committare mai .env)
# 3. Crea ~/visit-notebook/nginx.conf (vedi sotto per un template base)
# 4. Sostituisci <owner> con il tuo GitHub username
#
# AGGIORNARE LE IMMAGINI:
# docker compose pull && docker compose up -d --remove-orphans
# (questo è esattamente quello che fa deploy.yml via SSH)
# ─────────────────────────────────────────────────────────────────────────────

services:

postgres:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 5

customer-service:
image: ghcr.io/<owner>/customer-service:main
restart: unless-stopped
environment:
NODE_ENV: production
DATABASE_URL: ${DATABASE_URL}
JWT_SECRET: ${JWT_SECRET}
NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL}
depends_on:
postgres:
condition: service_healthy
expose:
- "3001"

web:
image: ghcr.io/<owner>/web:main
restart: unless-stopped
environment:
NODE_ENV: production
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL}
expose:
- "3000"

# ─────────────────────────────────────────────────────────────────────────
# NGINX — reverse proxy
# Espone solo le porte 80/443 all'esterno.
# web e customer-service non hanno porte host: accessibili solo via nginx.
# ─────────────────────────────────────────────────────────────────────────
nginx:
image: nginx:alpine
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./certs:/etc/nginx/certs:ro # certificati TLS (es. Let's Encrypt)
depends_on:
- web
- customer-service

volumes:
postgres_data:

# ─────────────────────────────────────────────────────────────────────────────
# TEMPLATE .env (crea sul server, non nel repo)
# ─────────────────────────────────────────────────────────────────────────────
# POSTGRES_DB=notebook_prod
# POSTGRES_USER=notebook
# POSTGRES_PASSWORD=<strong-password>
# DATABASE_URL=postgresql://notebook:<strong-password>@postgres:5432/notebook_prod
# JWT_SECRET=<long-random-string>
# NEXT_PUBLIC_API_URL=https://api.tuodominio.com/api
# NEXT_PUBLIC_APP_URL=https://tuodominio.com
#
# ─────────────────────────────────────────────────────────────────────────────
# TEMPLATE nginx.conf (base, senza TLS — aggiungi certbot/Let's Encrypt dopo)
# ─────────────────────────────────────────────────────────────────────────────
# events {}
# http {
# server {
# listen 80;
# server_name tuodominio.com;
# location / {
# proxy_pass http://web:3000;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# }
# server {
# listen 80;
# server_name api.tuodominio.com;
# location / {
# proxy_pass http://customer-service:3001;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# }
# }
Loading
Loading