diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..8ba25f4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.cache/ +node_modules/ +public/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c18f391 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM node:12-buster as build +RUN yarn global add gatsby-cli +WORKDIR /app +ADD pie-website ./ +RUN yarn +RUN gatsby build + +#Copy the built website over +FROM nginx:1.19.7 +EXPOSE 80 + +# Configure Nginx for http basic auth +COPY nginx/prod-nginx.conf /etc/nginx/nginx.conf + +# Add website contents +COPY --from=build /app/public /usr/share/nginx/html + +CMD nginx -g 'daemon off;' diff --git a/Dockerfile.staging b/Dockerfile.staging new file mode 100644 index 0000000..5c66f91 --- /dev/null +++ b/Dockerfile.staging @@ -0,0 +1,17 @@ +FROM gatsbyjs/gatsby:onbuild as build + +#Copy the built website over +FROM nginx:1.19.7 +EXPOSE 80 + +# Configure Nginx for http basic auth +COPY nginx/staging-nginx.conf /etc/nginx/nginx.conf +COPY nginx/http-basic-auth-start.sh /etc/nginx/http-basic-auth-start.sh + +# Add website contents +COPY --from=build /app/public /usr/share/nginx/html + +# Prevent web scrapers +RUN echo "User-agent: * Disallow: /" > /usr/share/nginx/html/robots.txt + +CMD /etc/nginx/http-basic-auth-start.sh diff --git a/nginx/http-basic-auth-start.sh b/nginx/http-basic-auth-start.sh new file mode 100755 index 0000000..1b04965 --- /dev/null +++ b/nginx/http-basic-auth-start.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Run the nginx server with http basic auth configured via env vars + +# Err if http basic auth is not configured via $HTPASSWD +if [[ -z "$HTPASSWD" ]]; then + echo "Must set HTPASSWD in environment" 1>&2 + exit 1 +fi + +# Copy http basic auth from env to file system +# $HTPASSWD contains the content of the file generated by htpasswd +mkdir /usr/share/nginx/auth +echo $HTPASSWD > /usr/share/nginx/auth/.htpasswd +echo "added .htpasswd to enable http basic auth" + +echo "starting nginx" +nginx -g 'daemon off;' + diff --git a/nginx/prod-nginx.conf b/nginx/prod-nginx.conf new file mode 100644 index 0000000..e08bc2f --- /dev/null +++ b/nginx/prod-nginx.conf @@ -0,0 +1,46 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + gzip on; + + server { + listen 80; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + +} + diff --git a/nginx/staging-nginx.conf b/nginx/staging-nginx.conf new file mode 100644 index 0000000..22d96eb --- /dev/null +++ b/nginx/staging-nginx.conf @@ -0,0 +1,48 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + gzip on; + + server { + listen 80; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + + auth_basic "PiE Website Staging"; + auth_basic_user_file "/usr/share/nginx/auth/.htpasswd"; +} +