Fix Docker deployment issues - Redis connectivity & environment variables

.github/workflows/release.yml

@@ -1,10 +1,14 @@
 name: Publish
 
 on:
-  workflow_dispatch:
   push:
-    tags:
-      - 'v*.*.*'
+    branches:
+      - main 
+permissions:
+  id-token: write
+  contents: read
+env:
+  REPOSITORY_NAME: cryptgeon
 
 jobs:
   cli:
@@ -56,3 +60,27 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
+
+  AWS:
+    name: AWS ECR public
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.AWS_ARN }}
+          aws-region: ap-south-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push the image to Amazon ECR
+        id: build-image
+        run: |
+          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/r9h8b0z6
+          docker build -t public.ecr.aws/r9h8b0z6/cryptgeon:latest .
+          docker push public.ecr.aws/r9h8b0z6/cryptgeon:latest

.nvmrc

@@ -1 +1 @@
-v22.7.0
+v22.14.0

Dockerfile

@@ -3,28 +3,42 @@ FROM node:22-alpine as client
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 RUN corepack enable
-
 WORKDIR /tmp
 COPY . .
 RUN pnpm install --frozen-lockfile
 RUN pnpm run build
 
-
 # BACKEND
-FROM rust:1.80-alpine as backend
+FROM rust:1.85-alpine as backend
 WORKDIR /tmp
 RUN apk add --no-cache libc-dev openssl-dev alpine-sdk
 COPY ./packages/backend ./
 RUN RUSTFLAGS="-Ctarget-feature=-crt-static" cargo build --release
 
-
 # RUNNER
 FROM alpine:3.19
 WORKDIR /app
-RUN apk add --no-cache curl libgcc
+RUN apk add --no-cache curl libgcc redis supervisor
+RUN mkdir -p /etc/supervisor/conf.d
+
 COPY --from=backend /tmp/target/release/cryptgeon .
 COPY --from=client /tmp/packages/frontend/build ./frontend
+
+RUN echo "[supervisord]" > /etc/supervisor/conf.d/supervisord.conf && \
+    echo "nodaemon=true" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "[program:redis]" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "command=/usr/bin/redis-server" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "autostart=true" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "autorestart=true" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "[program:cryptgeon]" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "command=/app/cryptgeon" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "autostart=true" >> /etc/supervisor/conf.d/supervisord.conf && \
+    echo "autorestart=true" >> /etc/supervisor/conf.d/supervisord.conf
+
 ENV FRONTEND_PATH="./frontend"
-ENV REDIS="redis://redis/"
+ENV REDIS="redis://localhost:6379"
 EXPOSE 8000
-ENTRYPOINT [ "/app/cryptgeon" ]
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

README.md

@@ -86,8 +86,8 @@ of the notes even if it tried to.
 | `THEME_PAGE_TITLE`      | `""`             | Custom text the page title                                                                                                                                                                                    |
 | `THEME_FAVICON`         | `""`             | Custom url for the favicon. Must be publicly reachable                                                                                                                                                        |
 | `THEME_NEW_NOTE_NOTICE` | `true`           | Show the message about how notes are stored in the memory and may be evicted after creating a new note. Defaults to `true`.                                                                                   |
-| `IMPRINT_URL`           | `""`             | Custom url for an Imprint hosted somewhere else. Must be publicly reachable. Takes precedence above `IMPRINT_HTML`.                                                                                                       |
-| `IMPRINT_HTML`          | `""`             | Alternative to `IMPRINT_URL`, this can be used to specify the HTML code to show on `/imprint`. Only `IMPRINT_HTML` or `IMPRINT_URL` should be specified, not both.|
+| `IMPRINT_URL`           | `""`             | Custom url for an Imprint hosted somewhere else. Must be publicly reachable. Takes precedence above `IMPRINT_HTML`.                                                                                           |
+| `IMPRINT_HTML`          | `""`             | Alternative to `IMPRINT_URL`, this can be used to specify the HTML code to show on `/imprint`. Only `IMPRINT_HTML` or `IMPRINT_URL` should be specified, not both.                                            |
 ## Deployment
 
 > ℹ️ `https` is required otherwise browsers will not support the cryptographic functions.
@@ -106,9 +106,14 @@ version: '3.8'
 services:
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
     # Set a size limit. See link below on how to customise.
-    # https://redis.io/docs/manual/eviction/
-    # command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest

README_ES.md

@@ -91,9 +91,14 @@ version: '3.8'
 services:
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
     # Set a size limit. See link below on how to customise.
-    # https://redis.io/docs/manual/eviction/
-    # command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest

README_zh-CN.md

@@ -74,6 +74,14 @@ version: '3.8'
 services:
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest
@@ -108,7 +116,14 @@ networks:
 services:
   redis:
     image: redis:7-alpine
-    restart: unless-stopped
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest

docker-compose.dev.yaml

@@ -4,6 +4,14 @@
 services:
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
     ports:
       - 6379:6379
 

docker-compose.yaml

@@ -1,24 +1,39 @@
 services:
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
     # Set a size limit. See link below on how to customise.
     # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
-    # command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
+    networks:
+      - cryptgeon
 
   app:
     image: cupcakearmy/cryptgeon:latest
     depends_on:
       - redis
     environment:
+      REDIS_URL: redis://redis:6379
       # Size limit for a single note.
-      SIZE_LIMIT: 4 MiB
+      SIZE_LIMIT: 4MiB
+      LISTEN_ADDR: 0.0.0.0:8000
     ports:
-      - 80:8000
+      - "8000:8000"
+    networks:
+      - cryptgeon
+
+networks:
+  cryptgeon:
+    driver: bridge
 
     # Optional health checks
     # healthcheck:
     #   test: ["CMD", "curl", "--fail", "http://127.0.0.1:8000/api/live/"]
     #   interval: 1m
     #   timeout: 3s
     #   retries: 2
-    #   start_period: 5s
+    #   start_period: 5s

examples/nginx/docker-compose.yaml

@@ -3,12 +3,20 @@ version: '3.8'
 services:
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest
     depends_on:
       - redis
-    
+
   proxy:
     image: nginx:alpine
     depends_on:

examples/scratch/README.md

@@ -109,7 +109,14 @@ networks:
 services:
   redis:
     image: redis:7-alpine
-    restart: unless-stopped
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest

examples/traefik/README.md

@@ -18,7 +18,14 @@ networks:
 services:
   redis:
     image: redis:7-alpine
-    restart: unless-stopped
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   app:
     image: cupcakearmy/cryptgeon:latest
@@ -55,6 +62,14 @@ services:
 
   redis:
     image: redis:7-alpine
+    # This is required to stay in RAM only.
+    command: redis-server --save "" --appendonly no
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/
+    # --maxmemory 1gb --maxmemory-policy allkeys-lrulpine
+    # This prevents the creation of an anonymous volume.
+    tmpfs:
+      - /data
 
   cryptgeon:
     image: cupcakearmy/cryptgeon

package.json

@@ -17,5 +17,5 @@
     "npm-run-all": "^4.1.5",
     "shelljs": "^0.8.5"
   },
-  "packageManager": "pnpm@9.11.0"
+  "packageManager": "pnpm@10.3.0"
 }