soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
96c8abbeb3587168dbb94092d34f7ddded6f5264
HokmPlay/server/Dockerfile
T
soroush.asadi 96c8abbeb3
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 6m21s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m3s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Failing after 1s
Details
CI/Docker: use SSL-free Nexus endpoints (mirror serves partial chain) 
The HTTPS Nexus serves an incomplete cert chain that container trust stores
reject (NU1301 PartialChain / UNABLE_TO_GET_ISSUER), failing CI restore/install.
- NuGet has no strict-ssl flag → point CI + Dockerfile + compose at the plain-HTTP
  Nexus (http://171.22.25.73:8081, allowInsecureConnections) — no TLS, no cert check.
- npm: add --strict-ssl=false to the CI web-check install (Dockerfile already had it);
  Docker npm registry default also moved to the HTTP Nexus.
- ENV_FILE.example documents NUGET_INDEX/NPM_REGISTRY overrides.

Local dev (Windows trusts the cert) + image base pulls (Docker trusts it) are
unaffected — only in-container package feeds switch to HTTP.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 08:53:46 +03:30

40 lines
2.0 KiB
Docker
Raw Blame History

# Hokm.Server (.NET 10 ASP.NET Core + SignalR)
# Build context = ./server (so Hokm.Engine + Hokm.Server are both in scope)
FROM mirror.soroushasadi.com/dotnet/sdk:10.0 AS build
WORKDIR /src
# NuGet feed. Default = HTTPS Nexus (CI runner trusts the cert). Override with
# NUGET_INDEX=http://<nexus-ip>:8081/repository/nuget-group/index.json for hosts
# whose trust store lacks the mirror's intermediate (PartialChain) — e.g. local
# Docker Desktop. allowInsecureConnections lets .NET 10 use the HTTP feed.
ARG NUGET_INDEX=http://171.22.25.73:8081/repository/nuget-group/index.json
RUN printf '%s\n' \
'<?xml version="1.0" encoding="utf-8"?>' \
'<configuration>' \
' <packageSources>' \
' <clear />' \
" <add key=\"nexus\" value=\"${NUGET_INDEX}\" protocolVersion=\"3\" allowInsecureConnections=\"true\" />" \
' </packageSources>' \
' <config>' \
' <add key="http_retry_count" value="8" />' \
' <add key="http_retry_delay_milliseconds" value="1000" />' \
' </config>' \
'</configuration>' > /tmp/nuget.config
COPY Directory.Build.props ./
COPY src/ ./src/
RUN dotnet restore src/Hokm.Server/Hokm.Server.csproj --configfile /tmp/nuget.config
RUN dotnet publish src/Hokm.Server/Hokm.Server.csproj -c Release -o /out --no-restore
FROM mirror.soroushasadi.com/dotnet/aspnet:10.0
WORKDIR /app
# aspnet image ships no wget/curl — borrow busybox so the healthcheck has wget.
COPY --from=mirror.soroushasadi.com/busybox:1.36 /bin/busybox /usr/bin/wget
COPY --from=build /out ./
# Bind all interfaces. appsettings.json pins "Urls=http://localhost:5005" (dev),
# which wins over ASPNETCORE_URLS — so force 0.0.0.0 via command-line args, which
# have the highest config precedence. Otherwise the server is loopback-only inside
# the container and the published port returns "empty reply".
EXPOSE 5005
HEALTHCHECK --interval=10s --timeout=5s --retries=12 --start-period=20s \
CMD wget -q -O- http://127.0.0.1:5005/ || exit 1
ENTRYPOINT ["dotnet", "Hokm.Server.dll", "--urls", "http://0.0.0.0:5005"]
Reference in New Issue View Git Blame Copy Permalink