evan/evanpage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deploy: switch frontend to standalone production build

Browse Source 
Frontend Dockerfile becomes multi-stage (deps/builder/production/dev)
with a Next.js standalone runtime and a 1GB heap cap to fit this host.
Compose targets the production stage, binds the frontend to
127.0.0.1:3001 for the 1Panel openresty proxy, drops dev volume
mounts and the publicly exposed postgres/backend ports, and passes
AUTH_URL/NEXTAUTH_URL/AUTH_TRUST_HOST so NextAuth works behind the
reverse proxy.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Evan Sun
2026-05-03 01:52:06 +08:00
parent 37cecaa1ce
commit 487b4c42c4
2 changed files with 32 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docker-compose.yml
View File

@@ -6,8 +6,6 @@ services:
POSTGRES_USER: ${POSTGRES_USER:-evan} POSTGRES_USER: ${POSTGRES_USER:-evan}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-evanpass} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-evanpass}
POSTGRES_DB: ${POSTGRES_DB:-evanpage} POSTGRES_DB: ${POSTGRES_DB:-evanpage}
ports:
- "5432:5432"
volumes: volumes:
- pgdata:/var/lib/postgresql/data - pgdata:/var/lib/postgresql/data
healthcheck: healthcheck:
@@ -31,8 +29,6 @@ services:
AUTH_KEYCLOAK_ISSUER: ${AUTH_KEYCLOAK_ISSUER:-} AUTH_KEYCLOAK_ISSUER: ${AUTH_KEYCLOAK_ISSUER:-}
AUTH_KEYCLOAK_ID: ${AUTH_KEYCLOAK_ID:-} AUTH_KEYCLOAK_ID: ${AUTH_KEYCLOAK_ID:-}
AUTH_KEYCLOAK_SECRET: ${AUTH_KEYCLOAK_SECRET:-} AUTH_KEYCLOAK_SECRET: ${AUTH_KEYCLOAK_SECRET:-}
ports:
- "8080:8080"
volumes: volumes:
- ./backend:/app - ./backend:/app
- /app/tmp - /app/tmp
@@ -45,6 +41,7 @@ services:
frontend: frontend:
build: build:
context: ./frontend context: ./frontend
target: production
container_name: evanpage-frontend container_name: evanpage-frontend
environment: environment:
SERVER_API_URL: ${SERVER_API_URL:-http://backend:8080} SERVER_API_URL: ${SERVER_API_URL:-http://backend:8080}
@@ -53,11 +50,11 @@ services:
AUTH_KEYCLOAK_ISSUER: ${AUTH_KEYCLOAK_ISSUER:-} AUTH_KEYCLOAK_ISSUER: ${AUTH_KEYCLOAK_ISSUER:-}
AUTH_KEYCLOAK_ID: ${AUTH_KEYCLOAK_ID:-} AUTH_KEYCLOAK_ID: ${AUTH_KEYCLOAK_ID:-}
AUTH_KEYCLOAK_SECRET: ${AUTH_KEYCLOAK_SECRET:-} AUTH_KEYCLOAK_SECRET: ${AUTH_KEYCLOAK_SECRET:-}
AUTH_URL: ${AUTH_URL:-https://www.liukersun.com}
NEXTAUTH_URL: ${NEXTAUTH_URL:-https://www.liukersun.com}
AUTH_TRUST_HOST: ${AUTH_TRUST_HOST:-true}
ports: ports:
- "3000:3000" - "127.0.0.1:3001:3000"
volumes:
- ./frontend:/app
- /app/node_modules
depends_on: depends_on:
- backend - backend
networks: networks:

32
frontend/Dockerfile
View File

@@ -1,15 +1,37 @@
FROM node:20-alpine FROM node:20-alpine AS deps
WORKDIR /app WORKDIR /app
COPY package*.json ./
RUN npm ci
FROM node:20-alpine AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_OPTIONS=--max-old-space-size=1024
RUN npm run build
FROM node:20-alpine AS production
WORKDIR /app
ENV NODE_ENV=production
ENV PORT=3000
ENV HOSTNAME=0.0.0.0
ENV NEXT_TELEMETRY_DISABLED=1
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
EXPOSE 3000
CMD ["node", "server.js"]
FROM node:20-alpine AS dev
WORKDIR /app
COPY package*.json ./ COPY package*.json ./
RUN npm install RUN npm install
COPY . . COPY . .
EXPOSE 3000 EXPOSE 3000
ENV NODE_ENV=development ENV NODE_ENV=development
ENV PORT=3000 ENV PORT=3000
ENV HOSTNAME=0.0.0.0 ENV HOSTNAME=0.0.0.0
CMD ["npm", "run", "dev"] CMD ["npm", "run", "dev"]