diff --git a/backend/services/authorization-service/Dockerfile b/backend/services/authorization-service/Dockerfile index a13ff44a..26098096 100644 --- a/backend/services/authorization-service/Dockerfile +++ b/backend/services/authorization-service/Dockerfile @@ -19,13 +19,15 @@ COPY . . # Build application RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + && rm -rf /var/lib/apt/lists/* # Copy package files COPY package*.json ./ diff --git a/backend/services/backup-service/Dockerfile b/backend/services/backup-service/Dockerfile index c11a871e..8b8e04fe 100644 --- a/backend/services/backup-service/Dockerfile +++ b/backend/services/backup-service/Dockerfile @@ -19,17 +19,20 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate # Build the application RUN npm run build -# Stage 2: Production -FROM node:20-alpine AS production +# Stage 2: Production - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Create non-root user for security -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Copy package files COPY package*.json ./ diff --git a/backend/services/identity-service/Dockerfile b/backend/services/identity-service/Dockerfile index a5af7056..8330cd30 100644 --- a/backend/services/identity-service/Dockerfile +++ b/backend/services/identity-service/Dockerfile @@ -2,7 +2,7 @@ # Identity Service Dockerfile # ============================================================================= -# Build stage +# Build stage - use Alpine for smaller build context FROM node:20-alpine AS builder WORKDIR /app @@ -30,13 +30,16 @@ RUN npm run build # Verify build output exists RUN ls -la dist/src/ && test -f dist/src/main.js -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -50,8 +53,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs diff --git a/backend/services/leaderboard-service/Dockerfile b/backend/services/leaderboard-service/Dockerfile index c3b932e1..39438c4c 100644 --- a/backend/services/leaderboard-service/Dockerfile +++ b/backend/services/leaderboard-service/Dockerfile @@ -22,13 +22,16 @@ COPY . . # Build the application RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Copy package files and install production dependencies COPY package*.json ./ diff --git a/backend/services/mpc-service/Dockerfile b/backend/services/mpc-service/Dockerfile index 8bb7066e..bea699fd 100644 --- a/backend/services/mpc-service/Dockerfile +++ b/backend/services/mpc-service/Dockerfile @@ -25,13 +25,15 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -45,8 +47,8 @@ RUN DATABASE_URL="mysql://user:pass@localhost:3306/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Create temp directory for TSS RUN mkdir -p /tmp/tss && chown -R nestjs:nodejs /tmp/tss diff --git a/backend/services/planting-service/Dockerfile b/backend/services/planting-service/Dockerfile index 05dc9c51..1e0c0ada 100644 --- a/backend/services/planting-service/Dockerfile +++ b/backend/services/planting-service/Dockerfile @@ -19,13 +19,16 @@ COPY . . # Build RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Copy package files COPY package*.json ./ diff --git a/backend/services/referral-service/Dockerfile b/backend/services/referral-service/Dockerfile index 5d682190..6cd7d7cc 100644 --- a/backend/services/referral-service/Dockerfile +++ b/backend/services/referral-service/Dockerfile @@ -27,13 +27,16 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -47,8 +50,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs diff --git a/backend/services/reporting-service/Dockerfile b/backend/services/reporting-service/Dockerfile index 966312c9..919b641e 100644 --- a/backend/services/reporting-service/Dockerfile +++ b/backend/services/reporting-service/Dockerfile @@ -27,13 +27,16 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -47,8 +50,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs diff --git a/backend/services/reward-service/Dockerfile b/backend/services/reward-service/Dockerfile index a4ce452c..9edc793a 100644 --- a/backend/services/reward-service/Dockerfile +++ b/backend/services/reward-service/Dockerfile @@ -19,13 +19,16 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate # Build the application RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Copy package files and install production dependencies COPY package*.json ./ diff --git a/backend/services/wallet-service/Dockerfile b/backend/services/wallet-service/Dockerfile index f8308f56..d47bb472 100644 --- a/backend/services/wallet-service/Dockerfile +++ b/backend/services/wallet-service/Dockerfile @@ -27,13 +27,16 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -47,8 +50,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs