Initial commit: ROA2WEB - FastAPI + Vue.js + Telegram Bot
Modern ERP Reports Application with microservices architecture Tech Stack: - Backend: FastAPI + python-oracledb (Oracle DB integration) - Frontend: Vue.js 3 + PrimeVue + Vite - Telegram Bot: python-telegram-bot + SQLite - Infrastructure: Shared database pool, JWT authentication, SSH tunnel Features: - FastAPI backend with async Oracle connection pool - Vue.js 3 responsive frontend with PrimeVue components - Telegram bot alternative interface - Microservices architecture with shared components - Complete deployment support (Linux Docker + Windows IIS) - Comprehensive testing (Playwright E2E + pytest) Repository Structure: - reports-app/ - Main application (backend, frontend, telegram-bot) - shared/ - Shared components (database pool, auth, utils) - deployment/ - Deployment scripts (Linux & Windows) - docs/ - Project documentation - security/ - Security scanning and git hooks
This commit is contained in:
51
nginx/Dockerfile
Normal file
51
nginx/Dockerfile
Normal file
@@ -0,0 +1,51 @@
|
||||
FROM nginx:1.25-alpine
|
||||
|
||||
# Install necessary packages for SSL and security
|
||||
RUN apk add --no-cache \
|
||||
tini \
|
||||
openssl \
|
||||
certbot \
|
||||
certbot-nginx \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
# Create non-root user
|
||||
RUN addgroup -g 1001 -S nginx-user && \
|
||||
adduser -S -D -H -u 1001 -h /var/cache/nginx -s /sbin/nologin -G nginx-user nginx-user
|
||||
|
||||
# Create directories
|
||||
RUN mkdir -p /etc/nginx/conf.d \
|
||||
/etc/nginx/sites-enabled \
|
||||
/var/log/nginx \
|
||||
/etc/letsencrypt \
|
||||
/var/www/certbot
|
||||
|
||||
# Copy configuration files
|
||||
COPY conf/nginx.conf /etc/nginx/nginx.conf
|
||||
COPY conf/sites-enabled/ /etc/nginx/sites-enabled/
|
||||
COPY conf/ssl.conf /etc/nginx/conf.d/ssl.conf
|
||||
COPY conf/upstream.conf /etc/nginx/conf.d/upstream.conf
|
||||
COPY conf/security.conf /etc/nginx/conf.d/security.conf
|
||||
|
||||
# Copy SSL maintenance scripts
|
||||
COPY scripts/ssl-renew.sh /usr/local/bin/ssl-renew.sh
|
||||
RUN chmod +x /usr/local/bin/ssl-renew.sh
|
||||
|
||||
# Set proper permissions
|
||||
RUN chown -R nginx-user:nginx-user /var/cache/nginx \
|
||||
/var/log/nginx \
|
||||
/etc/nginx/conf.d \
|
||||
/etc/nginx/sites-enabled \
|
||||
/var/www/certbot
|
||||
|
||||
# Health check
|
||||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||||
CMD wget --no-verbose --tries=1 --spider http://localhost/health || exit 1
|
||||
|
||||
# Expose ports
|
||||
EXPOSE 80 443
|
||||
|
||||
# Use tini as init system
|
||||
ENTRYPOINT ["/sbin/tini", "--"]
|
||||
|
||||
# Start Nginx (run as root for port binding, nginx will drop privileges)
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
||||
Reference in New Issue
Block a user