From ab10baf9835c08b15407f07a3ed2273c16bbe639 Mon Sep 17 00:00:00 2001 From: MUIS1436 Date: Sat, 31 Jan 2026 11:06:16 +0500 Subject: [PATCH] chore(docker): optimize Dockerfiles and add healthchecks for Coolify deployment - Add build arguments and environment variables for OAuth client IDs in frontend Dockerfile - Install wget and add HEALTHCHECK commands to frontend and backend Dockerfiles - Create non-root user in backend Dockerfile for improved security - Update docker-compose.yml with healthcheck configurations and dynamic port/environment variable support - Add network configuration and restart policies to docker-compose services - Expand .env.example with additional OAuth secrets, ports, and environment variables for Coolify - Enhance README.md with detailed Coolify deployment instructions and required environment variables table --- .env.example | 32 ++++++++++++++++++++++++++++++-- Dockerfile | 18 +++++++++++++++++- README.md | 35 +++++++++++++++++++++++++++++++++++ docker-compose.yml | 37 +++++++++++++++++++++++++++++++------ server/Dockerfile | 13 ++++++++++++- 5 files changed, 125 insertions(+), 10 deletions(-) diff --git a/.env.example b/.env.example index b18b244..717ab0c 100644 --- a/.env.example +++ b/.env.example @@ -1,10 +1,38 @@ +# CloudStream Transfer - Environment Variables +# Copy this file to .env and fill in your values + +# ====================== +# OAuth Credentials +# ====================== + # Microsoft Azure AD OAuth Configuration # Get your client ID from: https://portal.azure.com -> Azure Active Directory -> App registrations VITE_MS_CLIENT_ID=your_microsoft_client_id_here +MS_CLIENT_SECRET=your_microsoft_client_secret_here -# Google Cloud OAuth Configuration +# Google Cloud OAuth Configuration # Get your client ID from: https://console.cloud.google.com -> APIs & Services -> Credentials VITE_GOOGLE_CLIENT_ID=your_google_client_id_here +GOOGLE_CLIENT_SECRET=your_google_client_secret_here -# Note: Redirect URI should be set to your domain + /auth/callback +# ====================== +# URLs & Redirects +# ====================== + +# For Coolify: Use your domain (e.g., https://cloudstream.yourdomain.com/auth/callback) # For local development: http://localhost:5173/auth/callback +REDIRECT_URI=http://localhost:5173/auth/callback + +# Optional: Override API URL if backend is on different domain +# VITE_API_URL=https://api.yourdomain.com + +# ====================== +# Ports (Coolify will override these) +# ====================== +FRONTEND_PORT=80 +BACKEND_PORT=3001 + +# ====================== +# Environment +# ====================== +NODE_ENV=production diff --git a/Dockerfile b/Dockerfile index 2e8f765..67739ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,18 @@ -# Frontend Dockerfile +# Frontend Dockerfile (Coolify Optimized) FROM node:20-alpine AS builder WORKDIR /app +# Build arguments for environment variables +ARG VITE_MS_CLIENT_ID +ARG VITE_GOOGLE_CLIENT_ID +ARG VITE_API_URL + +# Set as environment variables for build +ENV VITE_MS_CLIENT_ID=$VITE_MS_CLIENT_ID +ENV VITE_GOOGLE_CLIENT_ID=$VITE_GOOGLE_CLIENT_ID +ENV VITE_API_URL=$VITE_API_URL + # Copy package files COPY package*.json ./ @@ -18,6 +28,9 @@ RUN npm run build # Production stage FROM nginx:alpine +# Install wget for healthcheck +RUN apk add --no-cache wget + # Copy built assets COPY --from=builder /app/dist /usr/share/nginx/html @@ -26,4 +39,7 @@ COPY nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 80 +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD wget -q --spider http://localhost:80 || exit 1 + CMD ["nginx", "-g", "daemon off;"] diff --git a/README.md b/README.md index 7e438f7..ed434f2 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,41 @@ npm run dev - **Frontend**: React, TypeScript, Vite, Tailwind CSS, Lucide Icons, Shadcn UI - **Backend**: Node.js, Express, TypeScript, Axios, Microsoft Graph Client, Google APIs +## Docker & Coolify Deployment + +### Local Docker +```bash +# Build and run with Docker Compose +docker-compose up --build + +# Access at http://localhost +``` + +### Coolify Deployment + +#### From Public Repository +1. In Coolify, go to **Projects → New → From Git Repository** +2. Select **GitHub/GitLab/Bitbucket** and enter the repo URL +3. Set **Build Pack** to `Docker Compose` +4. Configure environment variables in Coolify's UI + +#### From Private Repository +1. In Coolify, go to **Settings → Private Keys** and add your SSH key +2. Create new project with **Private Repository** option +3. Use SSH URL: `git@github.com:username/repo.git` +4. Configure environment variables in Coolify's UI + +#### Required Environment Variables (Coolify UI) +| Variable | Description | +|----------|-------------| +| `VITE_MS_CLIENT_ID` | Microsoft/Azure OAuth Client ID | +| `MS_CLIENT_SECRET` | Microsoft/Azure OAuth Secret | +| `VITE_GOOGLE_CLIENT_ID` | Google OAuth Client ID | +| `GOOGLE_CLIENT_SECRET` | Google OAuth Secret | +| `REDIRECT_URI` | `https://yourdomain.com/auth/callback` | + +> **Important**: Update your OAuth app redirect URIs in Azure Portal and Google Cloud Console to match your Coolify domain. + ## License ISC diff --git a/docker-compose.yml b/docker-compose.yml index 2bfc8e7..a6d80c0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,24 +5,49 @@ services: build: context: . dockerfile: Dockerfile + args: + - VITE_MS_CLIENT_ID=${VITE_MS_CLIENT_ID} + - VITE_GOOGLE_CLIENT_ID=${VITE_GOOGLE_CLIENT_ID} + - VITE_API_URL=${VITE_API_URL:-} ports: - - "80:80" + - "${FRONTEND_PORT:-80}:80" depends_on: - - backend - environment: - - VITE_MS_CLIENT_ID=${VITE_MS_CLIENT_ID} - - VITE_GOOGLE_CLIENT_ID=${VITE_GOOGLE_CLIENT_ID} + backend: + condition: service_healthy + restart: unless-stopped + healthcheck: + test: [ "CMD", "wget", "-q", "--spider", "http://localhost:80" ] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + labels: + - "coolify.managed=true" backend: build: context: ./server dockerfile: Dockerfile ports: - - "3001:3001" + - "${BACKEND_PORT:-3001}:3001" environment: - PORT=3001 + - NODE_ENV=${NODE_ENV:-production} - VITE_MS_CLIENT_ID=${VITE_MS_CLIENT_ID} - MS_CLIENT_SECRET=${MS_CLIENT_SECRET} - VITE_GOOGLE_CLIENT_ID=${VITE_GOOGLE_CLIENT_ID} - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET} - REDIRECT_URI=${REDIRECT_URI} + restart: unless-stopped + healthcheck: + test: [ "CMD", "wget", "-q", "--spider", "http://localhost:3001/health" ] + interval: 30s + timeout: 10s + retries: 3 + start_period: 15s + labels: + - "coolify.managed=true" + +networks: + default: + name: cloudstream-network diff --git a/server/Dockerfile b/server/Dockerfile index 3c129e6..d6cdb8d 100644 --- a/server/Dockerfile +++ b/server/Dockerfile @@ -1,4 +1,4 @@ -# Backend Dockerfile +# Backend Dockerfile (Coolify Optimized) FROM node:20-alpine AS builder WORKDIR /app @@ -20,6 +20,9 @@ FROM node:20-alpine WORKDIR /app +# Install wget for healthcheck +RUN apk add --no-cache wget + # Copy package files and install production deps only COPY package*.json ./ RUN npm ci --only=production @@ -27,6 +30,14 @@ RUN npm ci --only=production # Copy built code COPY --from=builder /app/dist ./dist +# Create non-root user for security +RUN addgroup -g 1001 -S nodejs && \ + adduser -S nodejs -u 1001 +USER nodejs + EXPOSE 3001 +HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \ + CMD wget -q --spider http://localhost:3001/health || exit 1 + CMD ["node", "dist/index.js"]