mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fixing client

Browse Source
This commit is contained in:
stefan
2025-09-15 17:48:57 +02:00
parent f9d492c7e0
commit ea560fc221
30 changed files with 3632 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dockerfiles/clients/web-app/Dockerfile
+40 -155
View File
@@ -1,171 +1,56 @@
# syntax=docker/dockerfile:1.8
# ===================================================================
# Multi-stage Dockerfile for Meldestelle Compose for Web Application
# Features: BuildKit cache mounts, security hardening, optimal layer caching
# Version: 2.0.0 - Enhanced optimization and security
# Multi-Stage Dockerfile für Meldestelle Web-App (Kotlin/JS)
# ===================================================================
# === CENTRALIZED BUILD ARGUMENTS ===
# Values sourced from docker/versions.toml and docker/build-args/
# Global arguments (docker/build-args/global.env)
ARG GRADLE_VERSION
ARG JAVA_VERSION
ARG BUILD_DATE
ARG VERSION
# ===================================================================
# Stage 1: Build Stage - Kotlin/JS kompilieren
# ===================================================================
FROM gradle:8-jdk21-alpine AS builder
# Client-specific arguments (docker/build-args/clients.env)
ARG NGINX_VERSION
ARG NODE_VERSION
WORKDIR /app
# Kopiere Gradle-Konfiguration und Wrapper
COPY build.gradle.kts settings.gradle.kts gradle.properties ./
COPY gradle ./gradle
COPY gradlew ./
# Kopiere alle notwendigen Module für Multi-Modul-Projekt
COPY client ./client
COPY core ./core
COPY platform ./platform
COPY infrastructure ./infrastructure
COPY temp ./temp
COPY docs ./docs
# Setze Gradle-Wrapper Berechtigung
RUN chmod +x ./gradlew
# Dependencies downloaden (für besseres Caching)
RUN ./gradlew :client:dependencies --no-configure-on-demand
# Kotlin/JS Web-App kompilieren
RUN ./gradlew :client:jsBrowserDistribution --no-configure-on-demand
# ===================================================================
# Build Arguments for Client Configuration
# Stage 2: Runtime Stage - Nginx für Static Files + API Proxy
# ===================================================================
ARG CLIENT_PATH=client
ARG CLIENT_MODULE=client
FROM nginx:1.25-alpine
# ===================================================================
# Build Stage - Kotlin/JS (Compose for Web) Compilation
# ===================================================================
FROM gradle:${GRADLE_VERSION}-jdk${JAVA_VERSION}-alpine AS builder
# Installiere curl für Health-Checks
RUN apk add --no-cache curl
ARG CLIENT_PATH=client
ARG CLIENT_MODULE=client
ARG BUILD_DATE
ARG VERSION=1.0.0
# Kopiere kompilierte Web-App von Build-Stage
COPY --from=builder /app/client/build/dist/js/productionExecutable/ /usr/share/nginx/html/
# Enhanced metadata
LABEL stage=builder \
service="web-app" \
maintainer="Meldestelle Development Team" \
version="${VERSION}" \
build.date="${BUILD_DATE}"
# Set working directory
WORKDIR /build
# Gradle optimizations for containerized builds
ENV GRADLE_OPTS="-Dorg.gradle.caching=true \
-Dorg.gradle.daemon=false \
-Dorg.gradle.parallel=true \
-Dorg.gradle.configureondemand=true \
-Dorg.gradle.workers.max=2 \
-Dorg.gradle.jvmargs=-Xmx2g \
-XX:+UseParallelGC \
-XX:MaxMetaspaceSize=512m"
# Set Gradle user home for better caching
ENV GRADLE_USER_HOME=/home/gradle/.gradle
# Install Node.js for Kotlin/Wasm npm operations
#ARG NODE_VERSION
#RUN apk add --no-cache \
# nodejs \
# npm \
# curl && \
# # Verify installation \
# node --version && \
# npm --version && \
# # Create Gradle Node.js directory structure and symlinks \
# mkdir -p /home/gradle/.gradle/nodejs/node-v22.0.0-linux-x64/bin && \
# ln -sf /usr/bin/node /home/gradle/.gradle/nodejs/node-v22.0.0-linux-x64/bin/node && \
# ln -sf /usr/bin/npm /home/gradle/.gradle/nodejs/node-v22.0.0-linux-x64/bin/npm && \
# chown -R gradle:gradle /home/gradle/.gradle
# Copy Gradle files first for better layer caching
COPY gradle/ gradle/
COPY gradlew gradlew.bat gradle.properties settings.gradle.kts ./
COPY build.gradle.kts ./
# Copy version catalog
COPY gradle/libs.versions.toml gradle/libs.versions.toml
# Copy all source files needed for the build
# Core and platform modules (dependencies)
COPY core/ core/
COPY platform/ platform/
# Infrastructure modules (if needed)
COPY infrastructure/ infrastructure/
# Client modules
COPY client/ client/
# Copy any additional required directories
COPY temp/ temp/
COPY docs/ docs/
# Make Gradle wrapper executable
RUN chmod +x gradlew
# Download and cache dependencies with BuildKit cache mount
RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
--mount=type=cache,target=/home/gradle/.gradle/wrapper \
./gradlew ${CLIENT_MODULE}:dependencies --no-daemon --info
# Build client application with BuildKit cache mount
# For Compose Multiplatform Web (WASM), wasmJsBrowserDistribution produces static assets
RUN --mount=type=cache,target=/home/gradle/.gradle/caches \
--mount=type=cache,target=/home/gradle/.gradle/wrapper \
echo "Building ${CLIENT_MODULE} module..." && \
./gradlew ${CLIENT_MODULE}:wasmJsBrowserDistribution --no-daemon --stacktrace --info
# ===================================================================
# Production Stage - Nginx Static File Server
# ===================================================================
FROM nginx:${NGINX_VERSION} AS production
ARG CLIENT_PATH=client
ARG BUILD_DATE
ARG VERSION=1.0.0
# Enhanced metadata
LABEL service="web-app" \
version="${VERSION}" \
environment="production" \
description="Meldestelle Compose for Web Application served via Nginx" \
maintainer="Meldestelle Development Team" \
build.date="${BUILD_DATE}" \
org.opencontainers.image.title="Meldestelle Web App" \
org.opencontainers.image.description="Kotlin Multiplatform Web application with WASM" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.created="${BUILD_DATE}"
# Enhanced Alpine setup with security hardening
RUN apk update && \
apk upgrade && \
apk add --no-cache \
curl \
tzdata && \
rm -rf /var/cache/apk/* && \
addgroup -g 1001 -S nginx-group && \
adduser -S -D -H -u 1001 -h /var/cache/nginx -s /sbin/nologin -G nginx-group -g nginx nginx-user
# Copy built distribution files from builder stage (WASM build output)
COPY --from=builder /build/${CLIENT_PATH}/build/dist/wasmJs/productionExecutable/ /usr/share/nginx/html/
COPY --from=builder /build/${CLIENT_PATH}/src/wasmJsMain/resources/ /usr/share/nginx/html/
# Copy custom nginx configuration
# Kopiere Nginx-Konfiguration
COPY dockerfiles/clients/web-app/nginx.conf /etc/nginx/nginx.conf
# Create log directories and set permissions
RUN mkdir -p /var/log/nginx && \
chown -R nginx-user:nginx-group /var/log/nginx && \
chown -R nginx-user:nginx-group /var/cache/nginx && \
chown -R nginx-user:nginx-group /usr/share/nginx/html
# Health check endpoint
RUN echo '{"status":"ok","service":"web-app"}' > /usr/share/nginx/html/health
# Switch to non-root user
USER nginx-user
# Expose port
# Exponiere Port 4000 (statt Standard 80)
EXPOSE 4000
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl --fail http://localhost:4000/health || exit 1
# Health-Check für Container
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
CMD curl -f http://localhost:4000/ || exit 1
# Start nginx
# Starte Nginx
CMD ["nginx", "-g", "daemon off;"]
dockerfiles/clients/web-app/nginx.conf
+36 -57
View File
@@ -1,33 +1,24 @@
# Running as non-root user defined by container user; omit nginx "user" directive
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /tmp/nginx.pid;
# ===================================================================
# Nginx-Konfiguration für Meldestelle Web-App
# Static Files + API Proxy zu Gateway
# ===================================================================
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
# Gzip Settings
# Gzip Kompression für bessere Performance
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 1024;
gzip_types
text/plain
text/css
@@ -35,67 +26,55 @@ http {
text/javascript
application/javascript
application/xml+rss
application/json
image/svg+xml;
application/json;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Upstream für API Gateway
upstream api-gateway {
server api-gateway:8081;
}
# Server-Block für Web-App
server {
listen 4000;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
# Main application route
# Serve static files (Kotlin/JS compiled files)
location / {
try_files $uri $uri/ /index.html;
# Cache static assets
# Cache-Headers für statische Assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Source maps - no cache for development
location ~* \.map$ {
expires off;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
}
# Handle webpack development paths (return 404 gracefully)
location ~* ^/webpack:// {
return 404;
}
# Health check endpoint
location /health {
access_log off;
add_header Content-Type application/json;
return 200 '{"status":"ok","service":"web-app"}\n';
}
# API proxy (if needed for backend communication)
# Proxy API calls zu Gateway
location /api/ {
proxy_pass http://api-gateway:8081/;
proxy_pass http://api-gateway;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS Headers für API-Calls
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Handle preflight requests
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Error pages
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
# Health-Check Endpoint
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
}