ARG POSTHOG_HOST=https://app.posthog.com ARG POSTHOG_API_KEY=posthog-api-key ARG INTERCOM_ID=intercom-id ARG CAPTCHA_SITE_KEY=captcha-site-key FROM node:20-slim AS base FROM base AS frontend-dependencies WORKDIR /app COPY frontend/package.json frontend/package-lock.json ./ # Install dependencies RUN npm ci --only-production --ignore-scripts # Rebuild the source code only when needed FROM base AS frontend-builder WORKDIR /app # Copy dependencies COPY --from=frontend-dependencies /app/node_modules ./node_modules # Copy all files COPY /frontend . ENV NODE_ENV production ARG POSTHOG_HOST ENV VITE_POSTHOG_HOST $POSTHOG_HOST ARG POSTHOG_API_KEY ENV VITE_POSTHOG_API_KEY $POSTHOG_API_KEY ARG INTERCOM_ID ENV VITE_INTERCOM_ID $INTERCOM_ID ARG INFISICAL_PLATFORM_VERSION ENV VITE_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION ARG CAPTCHA_SITE_KEY ENV VITE_CAPTCHA_SITE_KEY $CAPTCHA_SITE_KEY # Build RUN npm run build # Production image FROM base AS frontend-runner WORKDIR /app RUN groupadd --system --gid 1001 nodejs RUN useradd --system --uid 1001 --gid nodejs non-root-user COPY --from=frontend-builder --chown=non-root-user:nodejs /app/dist ./ USER non-root-user ## ## BACKEND ## FROM base AS backend-build WORKDIR /app # Install all required dependencies for build RUN apt-get update && apt-get install -y \ python3 \ make \ g++ \ unixodbc \ freetds-bin \ unixodbc-dev \ libc-dev \ freetds-dev \ && rm -rf /var/lib/apt/lists/* RUN groupadd --system --gid 1001 nodejs RUN useradd --system --uid 1001 --gid nodejs non-root-user COPY backend/package*.json ./ RUN npm ci --only-production COPY /backend . COPY --chown=non-root-user:nodejs standalone-entrypoint.sh standalone-entrypoint.sh RUN npm i -D tsconfig-paths RUN npm run build # Production stage FROM base AS backend-runner WORKDIR /app # Install all required dependencies for runtime RUN apt-get update && apt-get install -y \ python3 \ make \ g++ \ unixodbc \ freetds-bin \ unixodbc-dev \ libc-dev \ freetds-dev \ && rm -rf /var/lib/apt/lists/* # Configure ODBC RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini COPY backend/package*.json ./ RUN npm ci --only-production COPY --from=backend-build /app . RUN mkdir frontend-build # Production stage FROM base AS production RUN apt-get update && apt-get install -y \ ca-certificates \ bash \ curl \ git \ python3 \ make \ g++ \ unixodbc \ freetds-bin \ unixodbc-dev \ libc-dev \ freetds-dev \ wget \ openssh-client \ && rm -rf /var/lib/apt/lists/* # Install Infisical CLI RUN curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \ && apt-get update && apt-get install -y infisical=0.31.1 \ && rm -rf /var/lib/apt/lists/* WORKDIR / # Configure ODBC in production RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini # Setup user permissions RUN groupadd --system --gid 1001 nodejs \ && useradd --system --uid 1001 --gid nodejs non-root-user # Give non-root-user permission to update SSL certs RUN chown -R non-root-user /etc/ssl/certs RUN chown non-root-user /etc/ssl/certs/ca-certificates.crt RUN chmod -R u+rwx /etc/ssl/certs RUN chmod u+rw /etc/ssl/certs/ca-certificates.crt RUN chown non-root-user /usr/sbin/update-ca-certificates RUN chmod u+rx /usr/sbin/update-ca-certificates ## set pre baked keys ARG POSTHOG_API_KEY ENV POSTHOG_API_KEY=$POSTHOG_API_KEY ARG INTERCOM_ID=intercom-id ENV INTERCOM_ID=$INTERCOM_ID ARG CAPTCHA_SITE_KEY ENV CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY COPY --from=backend-runner /app /backend COPY --from=frontend-runner /app ./backend/frontend-build ARG INFISICAL_PLATFORM_VERSION ENV INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION ENV PORT 8080 ENV HOST=0.0.0.0 ENV HTTPS_ENABLED false ENV NODE_ENV production ENV STANDALONE_BUILD true ENV STANDALONE_MODE true WORKDIR /backend ENV TELEMETRY_ENABLED true EXPOSE 8080 EXPOSE 443 USER non-root-user CMD ["./standalone-entrypoint.sh"]