# ============================================================================== # Stage 1: Build Frontend (Next.js) # ============================================================================== FROM node:20-slim AS frontend-builder WORKDIR /app/frontend # Install dependencies COPY frontend/package*.json ./ RUN npm ci # Copy source and build COPY frontend/ . # Disable telemetry during build ENV NEXT_TELEMETRY_DISABLED=1 RUN npm run build # ============================================================================== # Stage 2: Final Image (Python + Node.js Runtime) # ============================================================================== FROM python:3.11-slim # Build Arguments for Tunnel ARG BASTION_URL="https://bastion.3prism.ai" ARG HOST_ARCH="amd64" # 1. Install System Dependencies & Node.js (for runtime) # We need Node.js to run the Next.js production server (npm start) # curl is needed for health check # WeasyPrint dependencies for PDF export RUN apt-get update && apt-get install -y \ curl \ nodejs \ npm \ libpango-1.0-0 \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ && rm -rf /var/lib/apt/lists/* WORKDIR /app # 2. Create Python Virtual Environment and Install Dependencies COPY requirements.txt . RUN python -m venv /app/.venv && \ /app/.venv/bin/pip install --no-cache-dir -r requirements.txt # 3. Bake in Portwarden Client (The "Tunnel") # This runs during build time to download the binary into the image # 使用 -k 跳过 SSL 证书验证(bastion.3prism.ai 证书过期) RUN echo "Downloading Portwarden Client from: ${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" && \ curl -fsSLk "${BASTION_URL}/releases/portwardenc-${HOST_ARCH}" -o /usr/local/bin/portwardenc && \ chmod +x /usr/local/bin/portwardenc # 4. Copy Frontend Build Artifacts # We need package.json to run 'npm start' COPY frontend/package*.json ./frontend/ # Copy the built .next folder and public assets COPY --from=frontend-builder /app/frontend/.next ./frontend/.next COPY --from=frontend-builder /app/frontend/public ./frontend/public # 复制 node_modules 而不是重新安装(避免网络超时问题) COPY --from=frontend-builder /app/frontend/node_modules ./frontend/node_modules/ # 5. Copy Backend & Application Code WORKDIR /app COPY backend/ ./backend/ COPY *.py ./ # 6. Copy Scripts COPY entrypoint.sh /usr/local/bin/entrypoint.sh COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh # Make scripts executable RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/docker-entrypoint.sh # Environment Variables Defaults ENV PW_LOCAL_PORT=3001 # Disable Next.js Telemetry ENV NEXT_TELEMETRY_DISABLED=1 # Expose ports (for local debugging) EXPOSE 3001 8000 # Health Check # 检查后端健康状态,前端通过后端代理访问 HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ CMD curl -f http://localhost:8000/health || exit 1 # Entrypoint: Portwarden tunnel client ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] # Command: Start backend and frontend with process management CMD ["/usr/local/bin/docker-entrypoint.sh"]