soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1fba9c2f96d61e71095f4dc748df34d7e8298646
HokmPlay/Dockerfile
T
soroush.asadi 96c8abbeb3
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 6m21s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m3s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Failing after 1s
Details
CI/Docker: use SSL-free Nexus endpoints (mirror serves partial chain) 
The HTTPS Nexus serves an incomplete cert chain that container trust stores
reject (NU1301 PartialChain / UNABLE_TO_GET_ISSUER), failing CI restore/install.
- NuGet has no strict-ssl flag → point CI + Dockerfile + compose at the plain-HTTP
  Nexus (http://171.22.25.73:8081, allowInsecureConnections) — no TLS, no cert check.
- npm: add --strict-ssl=false to the CI web-check install (Dockerfile already had it);
  Docker npm registry default also moved to the HTTP Nexus.
- ENV_FILE.example documents NUGET_INDEX/NPM_REGISTRY overrides.

Local dev (Windows trusts the cert) + image base pulls (Docker trusts it) are
unaffected — only in-container package feeds switch to HTTP.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 08:53:46 +03:30

31 lines
1.5 KiB
Docker
Raw Blame History

# Barg-e Vasat web (Next.js 16 static export → nginx)
# The app is output:"export" (fully client-side), so we build the static `out/`
# and serve it with nginx. NEXT_PUBLIC_* are baked at build time.
# npm ci (deterministic, installs the exact musl optional binaries from the
# lockfile) — `npm install` crashes here ("Exit handler never called") resolving
# Next SWC + Tailwind v4 native deps.
FROM mirror.soroushasadi.com/node:20-alpine AS build
WORKDIR /app
COPY package*.json ./
# npm registry. Default = HTTPS Nexus (CI runner trusts the cert). Override with
# NPM_REGISTRY=http://<nexus-ip>:8081/repository/npm-group/ for hosts whose trust
# store lacks the mirror's intermediate (PartialChain) — e.g. local Docker Desktop.
# strict-ssl=false also tolerates the partial chain when HTTPS is used.
ARG NPM_REGISTRY=http://171.22.25.73:8081/repository/npm-group/
RUN npm ci --legacy-peer-deps --strict-ssl=false --no-audit --no-fund \
--registry "${NPM_REGISTRY}"
COPY . .
# Live mode + the API origin the BROWSER will use (host-mapped port / LAN IP).
ARG NEXT_PUBLIC_USE_SERVER=1
ARG NEXT_PUBLIC_SERVER_URL=http://localhost:1505
ENV NEXT_PUBLIC_USE_SERVER=$NEXT_PUBLIC_USE_SERVER
ENV NEXT_PUBLIC_SERVER_URL=$NEXT_PUBLIC_SERVER_URL
RUN npm run build
FROM mirror.soroushasadi.com/nginx:alpine
COPY --from=build /app/out /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
HEALTHCHECK --interval=10s --timeout=5s --retries=6 --start-period=10s \
CMD wget -q -O- http://127.0.0.1/ || exit 1
Reference in New Issue View Git Blame Copy Permalink