diff --git a/.yarnrc b/.yarnrc new file mode 100644 index 000000000..70359f0bd --- /dev/null +++ b/.yarnrc @@ -0,0 +1 @@ +strict-ssl false \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 6674163a2..7ab8ff94c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,59 @@ # Install dependencies only when needed FROM node:18-alpine AS deps # Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed. -RUN apk add --no-cache libc6-compat +RUN apk add --no-cache --allow-untrusted --repository http://dl-cdn.alpinelinux.org/alpine/v3.18/main libc6-compat +RUN apk add --no-cache --allow-untrusted --repository http://dl-cdn.alpinelinux.org/alpine/v3.18/main openssl +COPY *.pem /usr/local/share/ca-certificates/ +COPY *.crt /usr/local/share/ca-certificates/ +RUN apk add --no-cache \ + --allow-untrusted \ + --repository http://dl-cdn.alpinelinux.org/alpine/v3.18/main ca-certificates && rm -rf /var/cache/apk/* +RUN update-ca-certificates WORKDIR /app COPY package.json yarn.lock ./ +COPY .yarnrc ./ +COPY *.crt /usr/local/share/ca-certificates/ + # Add yarn timeout to handle slow CPU when Github Actions RUN yarn config set network-timeout 300000 +RUN yarn config set enableStrictSsl false +RUN npm set strict-ssl false +RUN npm set cafile /usr/local/share/ca-certificates/Z.crt +ENV NODE_TLS_REJECT_UNAUTHORIZED 0 +ENV NODE_EXTRA_CA_CERTS /usr/local/share/ca-certificates/Z.crt +ENV DOCKER_CERT_PATH "/usr/local/share/ca-certificates/Z.crt" +ENV DOCKER_TLS_VERIFY 0 +ENV PRISMA_BINARIES_MIRROR=http://binaries.prisma.sh +ENV PRISMA_ENGINES_MIRROR=http://binaries.prisma.sh +ENV NODE_OPTIONS=--use-openssl-ca +RUN npm config set strict-ssl false +RUN yarn config set "strict-ssl" false -g RUN yarn install --frozen-lockfile # Rebuild the source code only when needed FROM node:18-alpine AS builder WORKDIR /app -COPY --from=deps /app/node_modules ./node_modules +COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules COPY . . COPY docker/middleware.js ./src - +COPY *.crt /usr/local/share/ca-certificates/ +COPY *.pem /usr/local/share/ca-certificates/ +COPY *.crt /usr/local/share/ca-certificates/ +RUN apk add --no-cache \ + --allow-untrusted \ + --repository http://dl-cdn.alpinelinux.org/alpine/v3.18/main ca-certificates && rm -rf /var/cache/apk/* +RUN update-ca-certificates +RUN yarn config set network-timeout 300000 +RUN yarn config set enableStrictSsl false +RUN npm set strict-ssl false +RUN npm set cafile /usr/local/share/ca-certificates/Z.crt +ENV NODE_TLS_REJECT_UNAUTHORIZED 0 +ENV NODE_EXTRA_CA_CERTS /usr/local/share/ca-certificates/Z.crt +ENV DOCKER_CERT_PATH "/usr/local/share/ca-certificates/Z.crt" +ENV DOCKER_TLS_VERIFY 0 +ENV PRISMA_BINARIES_MIRROR=http://binaries.prisma.sh +ENV PRISMA_ENGINES_MIRROR=http://binaries.prisma.sh +ENV NODE_OPTIONS=--use-openssl-ca ARG DATABASE_TYPE ARG BASE_PATH @@ -27,6 +66,16 @@ RUN yarn build-docker # Production image, copy all the files and run next FROM node:18-alpine AS runner +COPY *.pem /usr/local/share/ca-certificates/ +COPY *.crt /usr/local/share/ca-certificates/ +RUN apk add --no-cache \ + --allow-untrusted \ + --repository http://dl-cdn.alpinelinux.org/alpine/v3.18/main ca-certificates && rm -rf /var/cache/apk/* +RUN apk add --no-cache \ + --allow-untrusted \ + --repository http://dl-cdn.alpinelinux.org/alpine/v3.18/main openssl +RUN update-ca-certificates + WORKDIR /app ENV NODE_ENV production @@ -48,7 +97,7 @@ COPY --from=builder /app/scripts ./scripts # https://nextjs.org/docs/advanced-features/output-file-tracing COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static - +COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules USER nextjs EXPOSE 3000 diff --git a/Z.crt b/Z.crt new file mode 100644 index 000000000..45e3a29f9 --- /dev/null +++ b/Z.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIJANu+mC2Jt3uTMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux +FTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMMWnNjYWxlciBJbmMuMRgw +FgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRA +enNjYWxlci5jb20wHhcNMTQxMjE5MDAyNzU1WhcNNDIwNTA2MDAyNzU1WjCBoTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBK +b3NlMRUwEwYDVQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5j +LjEYMBYGA1UEAxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBw +b3J0QHpzY2FsZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qT7STSxZRTgEFFf6doHajSc1vk5jmzmM6BWuOo044EsaTc9eVEV/HjH/1DWzZtcr +fTj+ni205apMTlKBW3UYR+lyLHQ9FoZiDXYXK8poKSV5+Tm0Vls/5Kb8mkhVVqv7 +LgYEmvEY7HPY+i1nEGZCa46ZXCOohJ0mBEtB9JVlpDIO+nN0hUMAYYdZ1KZWCMNf +5J/aTZiShsorN2A38iSOhdd+mcRM4iNL3gsLu99XhKnRqKoHeH83lVdfu1XBeoQz +z5V6gA3kbRvhDwoIlTBeMa5l4yRdJAfdpkbFzqiwSgNdhbxTHnYYorDzKfr2rEFM +dsMU0DHdeAZf711+1CunuQIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFLm33UrNww4M +hp1d3+wcBGnFTpjfMIHWBgNVHSMEgc4wgcuAFLm33UrNww4Mhp1d3+wcBGnFTpjf +oYGnpIGkMIGhMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G +A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMM +WnNjYWxlciBJbmMuMRgwFgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG +9w0BCQEWE3N1cHBvcnRAenNjYWxlci5jb22CCQDbvpgtibd7kzAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw0NdJh8w3NsJu4KHuVZUrmZgIohnTm0j+ +RTmYQ9IKA/pvxAcA6K1i/LO+Bt+tCX+C0yxqB8qzuo+4vAzoY5JEBhyhBhf1uK+P +/WVWFZN/+hTgpSbZgzUEnWQG2gOVd24msex+0Sr7hyr9vn6OueH+jj+vCMiAm5+u +kd7lLvJsBu3AO3jGWVLyPkS3i6Gf+rwAp1OsRrv3WnbkYcFf9xjuaf4z0hRCrLN2 +xFNjavxrHmsH8jPHVvgc1VD0Opja0l/BRVauTrUaoW6tE+wFG5rEcPGS80jjHK4S +pB5iDj2mUZH1T8lzYtuZy0ZPirxmtsk3135+CKNa2OCAhhFjE0xd +-----END CERTIFICATE----- diff --git a/yarn.lock b/yarn.lock index ecb1a7ebe..92396a331 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1,6 +1,8 @@ # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. # yarn lockfile v1 +strict-ssl false +enableStrictSsl false "@aashutoshrathi/word-wrap@^1.2.3": version "1.2.6"