feat: enhance docker process by claude

SCAICT · Nov 27, 2024 · c8cc685 · c8cc685
1 parent ea9a60b
commit c8cc685
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 51 deletions.
diff --git a/.docker/bot/Dockerfile b/.docker/bot/Dockerfile
@@ -1,9 +1,22 @@
 # syntax=docker/dockerfile:1.4
-FROM --platform=$BUILDPLATFORM python:3.11-alpine AS builder
+FROM python:3.11-slim-bullseye AS builder
 
-WORKDIR /code
-COPY ../.. .
-RUN --mount=type=cache,target=/root/.cache/pip \
-pip3 install -r requirements.txt
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+FROM python:3.11-slim-bullseye AS production
+
+WORKDIR /app
+
+COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+COPY . .
 
 CMD ["python3", "main.py"]
diff --git a/.docker/nginx/conf b/.docker/nginx/conf
@@ -1,13 +1,28 @@
+# server {
+#     listen 80;
+#     server_name localhost;
+#     return 301 https://$server_name$request_uri;
+# }
+
 server {
-    listen       80;
-    server_name  localhost;
+    listen 80;
+    server_name localhost;
+    # listen 443 ssl http2;
+    # server_name localhos
+    # ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    # ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    # ssl_protocols TLSv1.2 TLSv1.3;
+    # ssl_prefer_server_ciphers on;
+    # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 
     location / {
-        proxy_pass   http://web:5000;
+        proxy_pass http://web:5000;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-}
+    # access_log /var/log/nginx/access.log;
+    # error_log /var/log/nginx/error.log;
+}
diff --git a/.docker/web/Dockerfile b/.docker/web/Dockerfile
@@ -1,33 +1,29 @@
 # syntax=docker/dockerfile:1.4
-FROM --platform=$BUILDPLATFORM python:3.11-alpine AS builder
+FROM python:3.11-slim-bullseye AS builder
 
-WORKDIR /code
-COPY ../.. .
-RUN --mount=type=cache,target=/root/.cache/pip \
-    pip3 install -r requirements.txt
+WORKDIR /app
 
-ENV FLASK_APP app.py
-ENV FLASK_ENV development
-ENV FLASK_RUN_PORT 5000
-ENV FLASK_RUN_HOST 0.0.0.0
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    && rm -rf /var/lib/apt/lists/*
 
-EXPOSE 5000
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+FROM python:3.11-slim-bullseye AS production
 
-CMD ["flask", "run"]
+WORKDIR /app
 
-FROM builder AS dev-envs
+COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
 
-RUN <<EOF
-apk update
-apk add git
-EOF
+COPY . .
 
-RUN <<EOF
-addgroup -S docker
-adduser -S --shell /bin/bash --ingroup docker vscode
-EOF
+ENV FLASK_APP=app.py
+ENV FLASK_ENV=production
+ENV FLASK_RUN_PORT=5000
+ENV FLASK_RUN_HOST=0.0.0.0
 
-# install Docker tools (cli, buildx, compose)
-COPY --from=gloursdocker/docker / /
+EXPOSE 5000
 
-CMD ["flask", "run"]
+CMD ["flask", "run"]
diff --git a/.env.example b/.env.example
@@ -10,6 +10,7 @@ HOST=資料庫主機位址
 
 # Docker MySQL Initialization
 MYSQL_ROOT_PASSWORD=資料庫root密碼(Docker用戶必填)
+FLASK_ENV=production
 
 # Global configuration
 DISCORD_TOKEN=Discord機器人token

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,68 +1,75 @@
+version: '3.8'
+
 services:
   db:
-    # We use a mariadb image which supports both amd64 & arm64 architecture
-    # image: mariadb:10-focal
-    # If you really want to use MySQL, uncomment the following line
-    image: mysql:8
-    # command: '--default-authentication-plugin=mysql_native_password'
-    restart: always
+    image: mysql:8.0
+    restart: unless-stopped
     healthcheck:
-      test: ['CMD-SHELL', 'mysqladmin ping --password="password" --silent']
-      interval: 3s
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "${MYSQL_USER}", "--password=${MYSQL_PASSWORD}"]
+      interval: 10s
+      timeout: 5s
       retries: 5
-      start_period: 90s
+      start_period: 600s
     volumes:
       - db-data:/var/lib/mysql
-      - ./static:/docker-entrypoint-initdb.d
+      - ./init-scripts:/docker-entrypoint-initdb.d
     networks:
       - backnet
     env_file:
       - .env
     expose:
       - 3306
-      - 33060
 
   web:
     build:
       context: .
       dockerfile: .docker/web/Dockerfile
-      target: builder
-    restart: always
+      target: production
+    restart: unless-stopped
     ports:
-      - 5000:5000
+      - "127.0.0.1:5000:5000"
     networks:
       - backnet
       - frontnet
     depends_on:
       db:
         condition: service_healthy
+    env_file:
+      - .env
 
   bot:
     build:
       context: .
       dockerfile: .docker/bot/Dockerfile
-      target: builder
-    restart: always
+      target: production
+    restart: unless-stopped
     networks:
       - backnet
     depends_on:
       db:
         condition: service_healthy
+    env_file:
+      - .env
 
   nginx:
     build:
       context: .docker/nginx
-    restart: always
+    restart: unless-stopped
     ports:
-      - 8080:80
+      - "80:80"
+      - "443:443"
     depends_on: 
       - web
     networks:
       - frontnet
+    # volumes:
+    #   - ./ssl:/etc/nginx/ssl:ro
+    #   - ./nginx-logs:/var/log/nginx
 
 volumes:
   db-data:
 
 networks:
   backnet:
-  frontnet:
+    internal: true
+  frontnet: