# Dockerfile for Astro webapp with NGINX and API for content management # Stage 1: Build the Astro application # Fixed 'as' to 'AS' in the following line FROM node:20-alpine AS build WORKDIR /app # Copy root package files. Assumes API dependencies are in the root package.json. COPY package.json package-lock.json* ./ # Install ALL dependencies (including for API) from root package-lock.json RUN npm ci # Copy the rest of the application code # Ensure .dockerignore is properly set up to exclude node_modules etc. from host COPY . . # Build the Astro project (generates into /app/dist) RUN npm run build # Stage 2: Serve with NGINX and Node API FROM nginx:alpine # Create a non-root user and group RUN addgroup -S appgroup && adduser -S -G appgroup appuser # Install Node.js for the API server (su-exec is not strictly needed if USER appuser is used for CMD) RUN apk add --no-cache nodejs npm # su-exec can be removed if not used elsewhere # Set base working directory for the final stage WORKDIR /app # Copy built static files from build stage to NGINX html directory COPY --from=build /app/dist /usr/share/nginx/html RUN chown -R appuser:appgroup /usr/share/nginx/html && chmod -R 755 /usr/share/nginx/html # Copy API source files from build stage COPY --from=build /app/src/api /app/api RUN chown -R appuser:appgroup /app/api # Copy node_modules from the build stage (contains all dependencies) # The API running in /app/api will be able to resolve modules from /app/node_modules COPY --from=build --chown=appuser:appgroup /app/node_modules /app/node_modules # Copy custom NGINX configuration COPY nginx.conf /etc/nginx/conf.d/default.conf RUN chown appuser:appgroup /etc/nginx/conf.d/default.conf && chmod 644 /etc/nginx/conf.d/default.conf RUN mkdir -p /var/log/nginx && chown -R appuser:appgroup /var/log/nginx RUN mkdir -p /run/nginx && chown -R appuser:appgroup /run/nginx # For PID file # Copy start script from build stage COPY --from=build /app/start.sh /app/start.sh RUN chmod +x /app/start.sh && chown appuser:appgroup /app/start.sh # Create and set permissions for content directory # This WORKDIR /app is important for relative paths in start.sh if any WORKDIR /app RUN mkdir -p ./content/books && chown -R appuser:appgroup ./content # Expose port 80 (Nginx will listen on this port) EXPOSE 80 # Switch to non-root user for running the application USER appuser # Start NGINX and API server using the start script # Both processes will run as 'appuser' CMD ["/app/start.sh"]