From 9b4a1d119cff9795b7d0e2ad899ab40864a9ff48 Mon Sep 17 00:00:00 2001 From: Developer Date: Tue, 2 Dec 2025 04:12:27 -0800 Subject: [PATCH] fix(services): switch from Alpine to Debian slim for Prisma OpenSSL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alpine 3.22 removed openssl1.1-compat package which Prisma needs. Switched production stage from node:20-alpine to node:20-slim (Debian) which has proper OpenSSL support. Changes: - Use node:20-slim for production stage (keep Alpine for build) - Install openssl and wget via apt-get - Update user creation from Alpine (addgroup/adduser) to Debian (groupadd/useradd) Validated identity-service build and startup in WSL2: - Build passes successfully - NestJS starts and loads all routes - Prisma client connects without OpenSSL errors 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../services/authorization-service/Dockerfile | 10 ++++++---- backend/services/backup-service/Dockerfile | 15 +++++++++------ backend/services/identity-service/Dockerfile | 17 ++++++++++------- backend/services/leaderboard-service/Dockerfile | 11 +++++++---- backend/services/mpc-service/Dockerfile | 14 ++++++++------ backend/services/planting-service/Dockerfile | 11 +++++++---- backend/services/referral-service/Dockerfile | 15 +++++++++------ backend/services/reporting-service/Dockerfile | 15 +++++++++------ backend/services/reward-service/Dockerfile | 11 +++++++---- backend/services/wallet-service/Dockerfile | 15 +++++++++------ 10 files changed, 81 insertions(+), 53 deletions(-) diff --git a/backend/services/authorization-service/Dockerfile b/backend/services/authorization-service/Dockerfile index a13ff44a..26098096 100644 --- a/backend/services/authorization-service/Dockerfile +++ b/backend/services/authorization-service/Dockerfile @@ -19,13 +19,15 @@ COPY . . # Build application RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + && rm -rf /var/lib/apt/lists/* # Copy package files COPY package*.json ./ diff --git a/backend/services/backup-service/Dockerfile b/backend/services/backup-service/Dockerfile index c11a871e..8b8e04fe 100644 --- a/backend/services/backup-service/Dockerfile +++ b/backend/services/backup-service/Dockerfile @@ -19,17 +19,20 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate # Build the application RUN npm run build -# Stage 2: Production -FROM node:20-alpine AS production +# Stage 2: Production - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Create non-root user for security -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Copy package files COPY package*.json ./ diff --git a/backend/services/identity-service/Dockerfile b/backend/services/identity-service/Dockerfile index a5af7056..8330cd30 100644 --- a/backend/services/identity-service/Dockerfile +++ b/backend/services/identity-service/Dockerfile @@ -2,7 +2,7 @@ # Identity Service Dockerfile # ============================================================================= -# Build stage +# Build stage - use Alpine for smaller build context FROM node:20-alpine AS builder WORKDIR /app @@ -30,13 +30,16 @@ RUN npm run build # Verify build output exists RUN ls -la dist/src/ && test -f dist/src/main.js -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -50,8 +53,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs diff --git a/backend/services/leaderboard-service/Dockerfile b/backend/services/leaderboard-service/Dockerfile index c3b932e1..39438c4c 100644 --- a/backend/services/leaderboard-service/Dockerfile +++ b/backend/services/leaderboard-service/Dockerfile @@ -22,13 +22,16 @@ COPY . . # Build the application RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Copy package files and install production dependencies COPY package*.json ./ diff --git a/backend/services/mpc-service/Dockerfile b/backend/services/mpc-service/Dockerfile index 8bb7066e..bea699fd 100644 --- a/backend/services/mpc-service/Dockerfile +++ b/backend/services/mpc-service/Dockerfile @@ -25,13 +25,15 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -45,8 +47,8 @@ RUN DATABASE_URL="mysql://user:pass@localhost:3306/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Create temp directory for TSS RUN mkdir -p /tmp/tss && chown -R nestjs:nodejs /tmp/tss diff --git a/backend/services/planting-service/Dockerfile b/backend/services/planting-service/Dockerfile index 05dc9c51..1e0c0ada 100644 --- a/backend/services/planting-service/Dockerfile +++ b/backend/services/planting-service/Dockerfile @@ -19,13 +19,16 @@ COPY . . # Build RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Copy package files COPY package*.json ./ diff --git a/backend/services/referral-service/Dockerfile b/backend/services/referral-service/Dockerfile index 5d682190..6cd7d7cc 100644 --- a/backend/services/referral-service/Dockerfile +++ b/backend/services/referral-service/Dockerfile @@ -27,13 +27,16 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -47,8 +50,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs diff --git a/backend/services/reporting-service/Dockerfile b/backend/services/reporting-service/Dockerfile index 966312c9..919b641e 100644 --- a/backend/services/reporting-service/Dockerfile +++ b/backend/services/reporting-service/Dockerfile @@ -27,13 +27,16 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -47,8 +50,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs diff --git a/backend/services/reward-service/Dockerfile b/backend/services/reward-service/Dockerfile index a4ce452c..9edc793a 100644 --- a/backend/services/reward-service/Dockerfile +++ b/backend/services/reward-service/Dockerfile @@ -19,13 +19,16 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate # Build the application RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim AS production WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Copy package files and install production dependencies COPY package*.json ./ diff --git a/backend/services/wallet-service/Dockerfile b/backend/services/wallet-service/Dockerfile index f8308f56..d47bb472 100644 --- a/backend/services/wallet-service/Dockerfile +++ b/backend/services/wallet-service/Dockerfile @@ -27,13 +27,16 @@ COPY src ./src # Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL 1.1 compatibility for Prisma -RUN apk add --no-cache openssl1.1-compat +# Install OpenSSL and wget for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + wget \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only COPY package*.json ./ @@ -47,8 +50,8 @@ RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate COPY --from=builder /app/dist ./dist # Create non-root user -RUN addgroup -g 1001 -S nodejs && \ - adduser -S nestjs -u 1001 +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs # Switch to non-root user USER nestjs