hopewise/Dockerfile Secret

## Dockerfile
FROM ruby:3.0.5
#debian 11

RUN apt update -y
RUN apt install -y nginx
COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.6.1 /lambda-adapter /opt/extensions/lambda-adapter

RUN apt-get update -y
RUN apt-get --assume-yes install autoconf bison patch build-essential rustc libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libgmp-dev libncurses5-dev libffi-dev libgdbm6 libgdbm-dev libdb-dev uuid-dev


RUN apt-get install -y rubygems #ruby-dev
RUN gem install bundler -v '2.2.32'
RUN bundle config --local build.sassc --disable-march-tune-native

# UPDATE NODE:
RUN curl -sL https://deb.nodesource.com/setup_12.x |  bash -
RUN apt-get install -y nodejs
# YARN:
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt update && apt install yarn
# Fix issue with sassc gem
RUN bundle config --local build.sassc --disable-march-tune-native
RUN apt-get install -y awscli

RUN mkdir /app
COPY . /app
WORKDIR "/app"


RUN bundle install # --path=vendor
ENV RAILS_SERVE_STATIC_FILES false

ENV EXECJS_RUNTIME=Disabled
ENV WEBPACKER_PRECOMPILE=false
ENV NODE_ENV=production

RUN yarn config set ignore-engines true
RUN bundle exec rails assets:precompile

ARG GIT_REVISION_ARG
ENV GIT_REVISION=$GIT_REVISION_ARG

#Rails App
RUN rm -f /etc/service/nginx/down
RUN rm -f /etc/nginx/sites-enabled/default
ADD webapp.conf /etc/nginx/sites-enabled/webapp.conf

RUN chmod +x /app/entrypoint.sh

WORKDIR "/tmp"

ADD nginx/app/config/ /etc/nginx/
ADD nginx/app/images/ /usr/share/nginx/html/images
USER root

COPY ./entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

EXPOSE 80
USER app
ENTRYPOINT /app/entrypoint.sh


## entrypoint.sh
#!/bin/bash
# Start the server
nginx -g 'daemon off;'
cd /app
RAILS_ENV=proudction bundle exec rails server --pid /tmp/rails.pid -p 3000
service nginx stop
service nginx start

## nginx.conf
#nginx/app/config/nginx.conf
user       root root;

worker_processes  1;


error_log  /dev/stderr warn;
pid        /tmp/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /dev/stdout  main;

    client_body_temp_path /tmp 1 2;
    proxy_temp_path /tmp 1 2;
    fastcgi_temp_path /tmp 1 2;
    uwsgi_temp_path /tmp 1 2;
    scgi_temp_path /tmp 1 2;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.*;
    }


## webapp.conf
proxy_cache_path  /tmp/app_cache  levels=1:2    keys_zone=STATIC:10m
    inactive=24h  max_size=1g;
server {
    listen 80;
    server_name mydomain.com;
    # HSTS header https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    root /app/public;

    location = /blog {
     return 301 /blog/;
    }


    location /stylesheets {
        proxy_pass http://172.30.1.249;
        proxy_set_header Host dcaclab.com;
        proxy_set_header Connection "";
        proxy_buffering        on;
        proxy_cache            STATIC;
        proxy_cache_valid      200  1d;
        proxy_cache_use_stale  error timeout invalid_header updating
                               http_500 http_502 http_503 http_504;
    }

    location /images {
        proxy_pass http://172.30.1.249;
        proxy_set_header Host dcaclab.com;
        proxy_set_header Connection "";
        proxy_buffering        on;
        proxy_cache            STATIC;
        proxy_cache_valid      200  1d;
        proxy_cache_use_stale  error timeout invalid_header updating
                               http_500 http_502 http_503 http_504;
    }

    location /uploads {
        proxy_pass http://172.30.1.249;
        proxy_set_header Host dcaclab.com;
        proxy_set_header Connection "";
        proxy_buffering        on;
        proxy_cache            STATIC;
        proxy_cache_valid      200  1d;
        proxy_cache_use_stale  error timeout invalid_header updating
                               http_500 http_502 http_503 http_504;
    }

    location /forum {
        proxy_pass http://172.30.1.249;
        proxy_set_header Host dcaclab.com;
        proxy_set_header Connection "";
        proxy_buffering        on;
        proxy_cache            STATIC;
        proxy_cache_valid      200  1d;
        proxy_cache_use_stale  error timeout invalid_header updating
                               http_500 http_502 http_503 http_504;
    }

#     location /blog-private {
#     proxy_pass http://172.30.0.75/blog;
#     proxy_set_header Host blog.dcaclab.com;
#     proxy_set_header Connection "";
#     proxy_buffering        on;
#     proxy_cache            STATIC;
#     proxy_cache_valid      200  1d;
#     proxy_cache_use_stale  error timeout invalid_header updating
#                            http_500 http_502 http_503 http_504;
#     }

    location /blog {
    #proxy_pass https://blog.dcaclab.com/blog;
    proxy_pass http://172.30.0.75/blog;
    proxy_set_header Host blog.dcaclab.com;
    proxy_set_header Connection "";
    proxy_buffering        on;
    proxy_cache            STATIC;
    proxy_cache_valid      200  1d;
    proxy_cache_use_stale  error timeout invalid_header updating
                           http_500 http_502 http_503 http_504;
    }

    location = /pages {
     return 301 /pages/;
    }
    location /pages {
    proxy_pass https://blog.dcaclab.com/pages;
    proxy_set_header Host blog.dcaclab.com;
    proxy_set_header Connection "";
    proxy_buffering        on;
    proxy_cache            STATIC;
    proxy_cache_valid      200  1d;
    proxy_cache_use_stale  error timeout invalid_header updating
                           http_500 http_502 http_503 http_504;
    }


    #https://github.com/ericallam/font_assets#important
    location / {
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain; charset=utf-8';
            add_header 'Content-Length' 0;
            return 204;
        }
        if ($request_method = 'POST') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        }
        if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        }
        proxy_pass http://127.0.0.1:3000;


    }

}
	FROM ruby:3.0.5
	#debian 11

	RUN apt update -y
	RUN apt install -y nginx
	COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.6.1 /lambda-adapter /opt/extensions/lambda-adapter

	RUN apt-get update -y
	RUN apt-get --assume-yes install autoconf bison patch build-essential rustc libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libgmp-dev libncurses5-dev libffi-dev libgdbm6 libgdbm-dev libdb-dev uuid-dev



	RUN apt-get install -y rubygems #ruby-dev
	RUN gem install bundler -v '2.2.32'
	RUN bundle config --local build.sassc --disable-march-tune-native

	# UPDATE NODE:
	RUN curl -sL https://deb.nodesource.com/setup_12.x \| bash -
	RUN apt-get install -y nodejs
	# YARN:
	RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg \| apt-key add -
	RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" \| tee /etc/apt/sources.list.d/yarn.list
	RUN apt update && apt install yarn
	# Fix issue with sassc gem
	RUN bundle config --local build.sassc --disable-march-tune-native
	RUN apt-get install -y awscli

	RUN mkdir /app
	COPY . /app
	WORKDIR "/app"



	RUN bundle install # --path=vendor
	ENV RAILS_SERVE_STATIC_FILES false

	ENV EXECJS_RUNTIME=Disabled
	ENV WEBPACKER_PRECOMPILE=false
	ENV NODE_ENV=production

	RUN yarn config set ignore-engines true
	RUN bundle exec rails assets:precompile

	ARG GIT_REVISION_ARG
	ENV GIT_REVISION=$GIT_REVISION_ARG

	#Rails App
	RUN rm -f /etc/service/nginx/down
	RUN rm -f /etc/nginx/sites-enabled/default
	ADD webapp.conf /etc/nginx/sites-enabled/webapp.conf

	RUN chmod +x /app/entrypoint.sh

	WORKDIR "/tmp"

	ADD nginx/app/config/ /etc/nginx/
	ADD nginx/app/images/ /usr/share/nginx/html/images
	USER root

	COPY ./entrypoint.sh /app/entrypoint.sh
	RUN chmod +x /app/entrypoint.sh

	EXPOSE 80
	USER app
	ENTRYPOINT /app/entrypoint.sh
	#!/bin/bash
	# Start the server
	nginx -g 'daemon off;'
	cd /app
	RAILS_ENV=proudction bundle exec rails server --pid /tmp/rails.pid -p 3000
	service nginx stop
	service nginx start
	#nginx/app/config/nginx.conf
	user root root;

	worker_processes 1;


	error_log /dev/stderr warn;
	pid /tmp/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /dev/stdout main;

	client_body_temp_path /tmp 1 2;
	proxy_temp_path /tmp 1 2;
	fastcgi_temp_path /tmp 1 2;
	uwsgi_temp_path /tmp 1 2;
	scgi_temp_path /tmp 1 2;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	gzip on;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/.;
	}
	proxy_cache_path /tmp/app_cache levels=1:2 keys_zone=STATIC:10m
	inactive=24h max_size=1g;
	server {
	listen 80;
	server_name mydomain.com;
	# HSTS header https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

	root /app/public;

	location = /blog {
	return 301 /blog/;
	}


	location /stylesheets {
	proxy_pass http://172.30.1.249;
	proxy_set_header Host dcaclab.com;
	proxy_set_header Connection "";
	proxy_buffering on;
	proxy_cache STATIC;
	proxy_cache_valid 200 1d;
	proxy_cache_use_stale error timeout invalid_header updating
	http_500 http_502 http_503 http_504;
	}

	location /images {
	proxy_pass http://172.30.1.249;
	proxy_set_header Host dcaclab.com;
	proxy_set_header Connection "";
	proxy_buffering on;
	proxy_cache STATIC;
	proxy_cache_valid 200 1d;
	proxy_cache_use_stale error timeout invalid_header updating
	http_500 http_502 http_503 http_504;
	}

	location /uploads {
	proxy_pass http://172.30.1.249;
	proxy_set_header Host dcaclab.com;
	proxy_set_header Connection "";
	proxy_buffering on;
	proxy_cache STATIC;
	proxy_cache_valid 200 1d;
	proxy_cache_use_stale error timeout invalid_header updating
	http_500 http_502 http_503 http_504;
	}

	location /forum {
	proxy_pass http://172.30.1.249;
	proxy_set_header Host dcaclab.com;
	proxy_set_header Connection "";
	proxy_buffering on;
	proxy_cache STATIC;
	proxy_cache_valid 200 1d;
	proxy_cache_use_stale error timeout invalid_header updating
	http_500 http_502 http_503 http_504;
	}

	# location /blog-private {
	# proxy_pass http://172.30.0.75/blog;
	# proxy_set_header Host blog.dcaclab.com;
	# proxy_set_header Connection "";
	# proxy_buffering on;
	# proxy_cache STATIC;
	# proxy_cache_valid 200 1d;
	# proxy_cache_use_stale error timeout invalid_header updating
	# http_500 http_502 http_503 http_504;
	# }

	location /blog {
	#proxy_pass https://blog.dcaclab.com/blog;
	proxy_pass http://172.30.0.75/blog;
	proxy_set_header Host blog.dcaclab.com;
	proxy_set_header Connection "";
	proxy_buffering on;
	proxy_cache STATIC;
	proxy_cache_valid 200 1d;
	proxy_cache_use_stale error timeout invalid_header updating
	http_500 http_502 http_503 http_504;
	}

	location = /pages {
	return 301 /pages/;
	}
	location /pages {
	proxy_pass https://blog.dcaclab.com/pages;
	proxy_set_header Host blog.dcaclab.com;
	proxy_set_header Connection "";
	proxy_buffering on;
	proxy_cache STATIC;
	proxy_cache_valid 200 1d;
	proxy_cache_use_stale error timeout invalid_header updating
	http_500 http_502 http_503 http_504;
	}


	#https://github.com/ericallam/font_assets#important
	location / {
	if ($request_method = 'OPTIONS') {
	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

	add_header 'Access-Control-Max-Age' 1728000;
	add_header 'Content-Type' 'text/plain; charset=utf-8';
	add_header 'Content-Length' 0;
	return 204;
	}
	if ($request_method = 'POST') {
	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
	add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
	}
	if ($request_method = 'GET') {
	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
	add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
	}
	proxy_pass http://127.0.0.1:3000;


	}

	}