f76315a874
Some checks are pending
gitleaks 密钥泄露扫描 / gitleaks (push) Waiting to run
- 将 docker-deploy.sh 中的容器端口从 3000 改为 4000,避免端口冲突 - 优化 start.sh 中的环境变量加载逻辑,仅在 AUTH_SECRET 未注入时回退加载 .env.production - 在 Dockerfile 构建阶段确保数据库文件存在,并移除不必要的 .env.production 复制
62 lines
1.4 KiB
Docker
62 lines
1.4 KiB
Docker
# 多阶段构建 - 基础镜像
|
|
FROM node:20-alpine AS base
|
|
|
|
# 安装依赖阶段
|
|
FROM base AS deps
|
|
RUN apk add --no-cache libc6-compat
|
|
WORKDIR /app
|
|
|
|
# 复制依赖文件
|
|
COPY package.json package-lock.json* ./
|
|
RUN npm ci
|
|
|
|
# 构建阶段
|
|
FROM base AS builder
|
|
WORKDIR /app
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
COPY . .
|
|
|
|
# 设置环境变量
|
|
ENV NEXT_TELEMETRY_DISABLED=1
|
|
ENV NODE_ENV=production
|
|
|
|
# 构建应用
|
|
RUN mkdir -p /app/data && if [ ! -f /app/data/prod.db ]; then : > /app/data/prod.db; fi
|
|
RUN npm run build
|
|
|
|
# 运行阶段 - 使用 standalone 输出
|
|
FROM base AS runner
|
|
WORKDIR /app
|
|
|
|
ENV NODE_ENV=production
|
|
ENV NEXT_TELEMETRY_DISABLED=1
|
|
ENV AUTH_TRUST_HOST=true
|
|
ENV DATABASE_URL=file:./data/prod.db
|
|
|
|
# 创建非 root 用户
|
|
RUN addgroup --system --gid 1001 nodejs
|
|
RUN adduser --system --uid 1001 nextjs
|
|
|
|
# 只复制 standalone 输出
|
|
COPY --from=builder /app/public ./public
|
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
|
|
|
# 创建数据和日志目录
|
|
RUN mkdir -p /app/data /app/logs && chown -R nextjs:nodejs /app/data /app/logs
|
|
|
|
# 复制本地初始化好的数据库
|
|
COPY --from=builder --chown=nextjs:nodejs /app/data/prod.db /app/data/prod.db
|
|
|
|
# 复制启动脚本
|
|
COPY --from=builder --chown=nextjs:nodejs /app/scripts/start.sh ./start.sh
|
|
RUN chmod +x ./start.sh
|
|
|
|
USER nextjs
|
|
|
|
EXPOSE 4000
|
|
|
|
ENV PORT=4000
|
|
ENV HOSTNAME="0.0.0.0"
|
|
|
|
CMD ["./start.sh"]
|
