Merge pull request #243 from 97carmine/fresh

Migrate to fresh

.docker/proxy/Dockerfile

@@ -36,7 +36,7 @@ RUN set -ex \
     && make \
     && make install \
     # adding OWASP rules in ModSecurity
-    && git clone --depth 1 -b v3.3/master --single-branch https://github.com/coreruleset/coreruleset /opt/coreruleset \
+    && git clone --depth 1 -b v4.0/main --single-branch https://github.com/coreruleset/coreruleset /opt/coreruleset \
     && mv /opt/coreruleset/crs-setup.conf.example /usr/local/modsecurity/crs-setup.conf \
     && mv /opt/coreruleset/rules /usr/local/modsecurity/rules \
     # cleaning
@@ -47,12 +47,20 @@ FROM nginx:stable-alpine
 
 COPY --from=builder /usr/local/modsecurity /usr/local/modsecurity
 COPY --from=builder /tmp/packages /tmp/packages
-COPY 40-check-log-files.sh /docker-entrypoint.d
 
 RUN set -ex \
     && apk add --update --no-cache --allow-untrusted /tmp/packages/nginx-module-*.apk \
+    # create check logs file script
+    && printf '%s\n' '#! /bin/ash' \
+        'ACCESS_LOG=/var/log/nginx/access.log;' \
+        'ERROR_LOG=/var/log/nginx/error.log;' \
+        'check_file() { [ ! -f "$1" ] || [ ! -L "$1" ]; touch "$1"; chown nginx:nginx "$1"; }' \
+        'check_file $ACCESS_LOG' \
+        'check_file $ERROR_LOG' > /docker-entrypoint.d/40-check-log-files.sh \
     # set permissions to files added to entrypoint folder
     && chmod 775 /docker-entrypoint.d/40-check-log-files.sh \
+    # rename the default exclusion rules files
+    && for f in /usr/local/modsecurity/rules/*.example; do mv -n -- "$f" "${f%.example}"; done \
     # change default response code to 444
     && sed -i 's/phase:1,log,auditlog,pass/phase:1,log,auditlog,pass,status:444/' /usr/local/modsecurity/crs-setup.conf \
     && sed -i 's/phase:2,log,auditlog,pass/phase:2,log,auditlog,pass,status:444/' /usr/local/modsecurity/crs-setup.conf \
@@ -62,9 +70,9 @@ RUN set -ex \
     # disable ModSecurity logging
     && sed -i 's/SecAuditEngine RelevantOnly/SecAuditEngine Off/' /etc/nginx/modsec/modsecurity.conf \
     # generate main file that include the default rules and OWASP rules
-    && printf '%s\n' 'Include "/etc/nginx/modsec/modsecurity.conf"' \
-        'Include "/usr/local/modsecurity/crs-setup.conf"' \
-        'Include "/usr/local/modsecurity/rules/*.conf"' > /etc/nginx/modsec/main.conf \
+    && printf '%s\n' 'Include /etc/nginx/modsec/modsecurity.conf' \
+        'Include /usr/local/modsecurity/crs-setup.conf' \
+        'Include /usr/local/modsecurity/rules/*.conf' > /etc/nginx/modsec/main.conf \
     # implement changes required to run Nginx as an unprivileged user
     && sed -i 's,listen       80;,listen       8080;,' /etc/nginx/conf.d/default.conf \
     && sed -i '/user  nginx;/d' /etc/nginx/nginx.conf \

.docker/proxy/nginx.conf

@@ -34,7 +34,6 @@ http {
         brotli_types *;
 
         gzip on;
-        gzip_disable "MSIE [1-6].(?!.*SV1)";
         gzip_vary on;
         gzip_comp_level 9;
         gzip_types *;

.docker/proxy/templates/default.conf.template

@@ -54,7 +54,7 @@ server {
 
         location / {
                 autoindex off;
-                proxy_pass http://${PROXIED_SERVER}:3000/;
+                proxy_pass http://${PROXIED_SERVER}:${PROXIED_PORT};
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header Host $http_host;

.docker/web/Dockerfile

@@ -1,48 +1,28 @@
-FROM node:lts-alpine as builder
+FROM alpine/git:latest as repo
 
-WORKDIR /opt/app
+ENV DENO_DEPLOYMENT_ID=true
 
-COPY . .
+WORKDIR /opt
 
-RUN npm rm -g npm \
-    && rm /usr/local/bin/yarn /usr/local/bin/yarnpkg \
-    && rm -r /opt/yarn-v${YARN_VERSION} \
-    && corepack enable \
-    && yarn config set enableMirror false \
-    && yarn config set enableInlineBuilds true \
-    && yarn install \
-    && yarn build:prod \
-    && yarn cache clean
+RUN git clone --depth 1 -b fresh --single-branch https://github.com/97carmine/portfolio
 
-FROM node:lts-alpine
+FROM denoland/deno:alpine
 
-ENV NODE_ENV=production
+RUN apk update --no-cache
 
-RUN npm rm -g npm \
-    && rm /usr/local/bin/yarn /usr/local/bin/yarnpkg \
-    && rm -r /opt/yarn-v${YARN_VERSION} \
-    && corepack enable \
-    && apk update \
-    && apk upgrade \
-    && mkdir /home/node/app \
-    && chown -R node:node /home/node/app
+USER deno
 
-USER node
+WORKDIR /home/deno/app/
 
-WORKDIR /home/node/app/
+COPY --from=repo --chown=deno:deno /opt/portfolio/web .
+COPY --from=repo --chown=deno:deno /opt/portfolio/.docker/web/healthcheck.ts .
 
-COPY --chown=node:node --from=builder /opt/app/build ./build
-COPY --chown=node:node --from=builder /opt/app/package.json \
-    /opt/app/.yarnrc.yml /opt/app/.docker/web/healthcheck.mjs ./
+RUN sed -i 's/"healthcheck": "deno run --allow-net ..\/.docker\/web\/healthcheck.ts"/"healthcheck": "deno run --allow-net healthcheck.ts"/g' deno.json \
+    && deno cache main.ts
 
-RUN yarn plugin import @yarnpkg/plugin-workspace-tools \
-    && yarn workspaces focus --production \
-    && rm .yarnrc.yml .yarn/install-state.gz \
-    && rm -r .yarn/plugins
-
-EXPOSE 3000
+EXPOSE 8000
 
 HEALTHCHECK --interval=1m30s --timeout=10s --start-period=30s --retries=3 \
-    CMD node healthcheck.mjs
+    CMD deno task healthcheck
 
-CMD node --require=$(pwd)/.pnp.cjs build/server.js
+CMD ["run", "--allow-net","--allow-read","--allow-env","--allow-write","--allow-run","main.ts"]

.docker/web/healthcheck.ts

@@ -0,0 +1,16 @@
+fetch("http://localhost:8000/", {
+  method: "GET",
+  mode: "same-origin",
+  cache: "no-cache",
+  credentials: "omit",
+})
+  .then(({ ok, status, statusText }) => {
+    if(ok) {
+      console.log(`Response successful: ${status} - ${statusText}`);
+    } else {
+      throw `Response error: ${status} - ${statusText}`;
+    }
+  })
+  .catch(({ message }: Error) => {
+    throw `Error executing fetch: ${message}`;
+  });

.github/renovate.json

@@ -1,6 +1,5 @@
 {
 	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
 	"extends": ["config:base", ":enableVulnerabilityAlerts"],
-	"postUpdateOptions": ["yarnDedupeHighest"],
 	"recreateClosed": true
 }

.github/workflows/lint.yml

@@ -18,14 +18,8 @@ jobs:
           fetch-depth: 0
 
       - name: Lint code
-        uses: github/super-linter@v4
+        uses: github/super-linter/slim@v4
         env:
           DEFAULT_BRANCH: main
           VALIDATE_ALL_CODEBASE: false
-          LINTER_RULES_PATH: /
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          JAVASCRIPT_ES_CONFIG_FILE: .eslintrc.json
-          TYPESCRIPT_ES_CONFIG_FILE: .eslintrc.json
-          VALIDATE_JAVASCRIPT_STANDARD: false
-          VALIDATE_TYPESCRIPT_STANDARD: false
-          CSS_FILE_NAME: .stylelintrc.json

.gitignore

@@ -1,15 +1,8 @@
-# Node
-.pnp.*
-.yarn
-
-# production
-build
-src/common/languages/messages/**.json
-
 # IDE
 .vscode
 
 # misc
 .directory
 *.bak
-*.env
+*.env
+*.ini

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Axel Gabriel Calle Granda
+Copyright (c) 2023 Axel Gabriel Calle Granda
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

docker-compose.yml

@@ -8,6 +8,7 @@ services:
     environment:
       - SERVER_NAME=
       - PROXIED_SERVER=
+      - PROXIED_PORT=
     volumes:
       - ./.docker/proxy/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./.docker/proxy/templates:/etc/nginx/templates:ro
@@ -19,10 +20,10 @@ services:
   web:
     container_name: web
     build:
-      context: ./
+      context: ./web
       dockerfile: ./.docker/web/Dockerfile
-    env_file:
-      - .web.env
+    environment:
+      - TOPIC=
     restart: unless-stopped
 
 volumes: