| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 |
- # Stage 1: Dependencies
- FROM node:18-alpine AS deps
- WORKDIR /app
- # 安装 pnpm
- RUN npm install -g pnpm
- # 安装 bash 和其他必要的工具
- RUN apk add --no-cache libc6-compat bash
- # 复制 package.json 和 pnpm-lock.yaml(如果有的话)
- COPY package.json pnpm-lock.yaml* ./
- # 安装依赖
- RUN pnpm install --no-frozen-lockfile
- # Stage 2: Builder
- FROM node:18-alpine AS builder
- WORKDIR /app
- # 安装 pnpm 和 bash
- RUN npm install -g pnpm
- RUN apk add --no-cache bash
- # 复制所有文件
- COPY . .
- # 复制 node_modules
- COPY --from=deps /app/node_modules ./node_modules
- # 构建应用
- RUN pnpm build
- # Stage 3: Runner
- FROM node:18-alpine AS runner
- WORKDIR /app
- ENV NODE_ENV production
- ENV JWT_SECRET=${JWT_SECRET}
- ENV MONGODB_URI=${MONGODB_URI}
- # 安装 bash
- RUN apk add --no-cache bash
- # 创建非 root 用户
- # RUN addgroup --system --gid 1001 nodejs
- # RUN adduser --system --uid 1001 nextjs
- # 创建非 root 用户和组
- RUN addgroup -S -g 1001 nodejs && adduser -S -u 1001 -G nodejs nextjs
- # 复制必要文件
- COPY --from=builder /app/public ./public
- COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next
- COPY --from=builder /app/node_modules ./node_modules
- COPY --from=builder /app/package.json ./package.json
- # 设置权限
- RUN mkdir -p /app/public/uploads
- RUN chown -R nextjs:nodejs /app/public
- RUN chown -R nextjs:nodejs /app/public/uploads
- # RUN chmod 2775 /app/public/uploads
- # RUN usermod -a -G nodejs nextjs
- # 临时提升权限以允许写入上传目录
- USER root
- RUN chmod 777 /app/public/uploads
- # 设置 umask
- # RUN echo "umask 0002" >> /home/nextjs/.bashrc
- # 设置为非 root 用户
- USER nextjs
- # 暴露端口
- EXPOSE 3000
- ENV PORT 3000
- # 使用 bash 启动应用
- CMD ["/bin/bash", "-c", "node_modules/.bin/next start"]
|
