nginx: add /assets location to fit Vite build

See https://docs.docker.com/build/building/multi-stage/#use-an-external-image-as-a-stage

The shared volume was making updates complicated, as the persisted volume data would not be overriden by the new container

.github/README.md

@@ -0,0 +1 @@
+## ⚠️ We moved to Codeberg 👉 https://codeberg.org/inventaire/docker-inventaire

README.md

@@ -102,7 +102,7 @@ docker compose up inventaire
 Before updating to the latest version, check that there are no breaking changes.
 You can find your current version number by visiting fetching the URL `/api/config` on your domain (example: https://inventaire.io/api/config).
 You can find details about the changes since your version on this page: /home/maxlath/code/inventaire/inventaire/CHANGELOG.md.
-For changes marked to require data transformation, [some knowledge of CouchDB is recommended](https://docs.couchdb.org/en/stable/intro/index.html), as well as familiarizing yourself with the [recommanded way to export, transform and reimport data in CouchDB](https://github.com/inventaire/inventaire/blob/main/docs/administration/couchdb_data_transformations.md).
+For changes marked to require data transformation, [some knowledge of CouchDB is recommended](https://docs.couchdb.org/en/stable/intro/index.html), as well as familiarizing yourself with the [recommanded way to export, transform and reimport data in CouchDB](https://git.inventaire.io/inventaire/src/branch/main/docs/administration/couchdb_data_transformations.md).
 
 ```sh
 cd docker-inventaire
@@ -110,9 +110,10 @@ cd docker-inventaire
 git pull origin main
 # Pull the updated images
 docker compose pull
-# Stop and remove the previous `inventaire` container
+# Stop and remove the previous containers
-# Include the `nginx` container and `--volumes` as otherwise the volume shared between the `inventaire` and the `nginx` container keep the files from the previous image
+docker compose down
-docker compose down inventaire nginx --volumes
+# Remove the volume hosting inventaire server and client code, to let it be overriden by the updated inventaire image
+docker volume rm docker-inventaire_inventaire-server
 # Restart containers with the new image (with the --detach option, to be able to close the terminal)
 docker compose up --detach
 # Check that it restarted without errors

docker-compose.yml

@@ -9,9 +9,12 @@ services:
     depends_on:
       - couchdb
       - elasticsearch
-    # Uncomment if you want to access the code:
     volumes:
-      - inventaire-server:/opt/inventaire
+      # The following paths are outside /opt/inventaire so that the inventaire-server volume can be removed
+      # (as required when updating the server and client) without loosing their data
+      - inventaire-leveldb:/opt/inventaire_leveldb
+      - inventaire-local-media-storage:/opt/inventaire_local_media_storage
+      - inventaire-backups:/opt/inventaire_backups
     logging:
       options:
         max-size: "10m"
@@ -22,6 +25,9 @@ services:
       context: ./couchdb
       dockerfile: Dockerfile.couchdb
     env_file: .env
+    environment:
+      # See https://docs.couchdb.org/en/stable/maintenance/performance.html#disk-and-file-system-performance
+      - 'ERL_FLAGS=+A 4'
     # Uncomment ports to get access to the db
     # ie. for database transformation, querying, UI access (http://localhost:5984/_utils/)
     # /!\ Beware that exposing container ports like this might bypass your firewall rules
@@ -61,9 +67,9 @@ services:
     volumes:
       - ./nginx/templates:/etc/nginx/templates/
       - ./nginx/snippets:/etc/nginx/snippets
-      - inventaire-server:/opt/inventaire
+      - certbot-www:/var/www/html
-      - certbot-www:/var/www/certbot
       - ./certbot/conf:/etc/letsencrypt
+      - nginx-cache:/tmp/nginx
     env_file: .env
     depends_on:
       # Required to be able to define the `inventaire` host as an upstream
@@ -73,9 +79,9 @@ services:
     image: certbot/certbot:latest
     volumes:
       - ./certbot/conf:/etc/letsencrypt
-      - certbot-www:/var/www/certbot
+      - certbot-www:/var/www/html
     restart: unless-stopped
-    entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
+    entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/html; sleep 12h & wait $${!}; done;"
     depends_on:
       - nginx
 
@@ -84,3 +90,7 @@ volumes:
   elasticsearch:
   certbot-www:
   inventaire-server:
+  inventaire-leveldb:
+  inventaire-local-media-storage:
+  inventaire-backups:
+  nginx-cache:

inventaire/Dockerfile.inventaire

@@ -3,7 +3,7 @@ FROM node:20-slim
 RUN apt-get update \
   && apt-get install -y curl git graphicsmagick inotify-tools jq \
   && apt-get clean && rm -rf /var/lib/apt/lists/* \
-  && mkdir -p /opt/inventaire \
+  && mkdir -p /opt/inventaire /opt/inventaire_leveldb /opt/inventaire_local_media_storage /opt/inventaire_backups \
   && chown -R 1000:1000 /opt
 
 # Default to the same user as the host (override from command line if needed)
@@ -16,8 +16,8 @@ WORKDIR /opt/inventaire
 ARG GIT_REF=main
 ENV DOCKER=1
 
-# - Create the client folder to prevent the server postinstall to run `npm run install-client` as it does it with the wrong workdir and env
+# - Create the client directory to prevent the server postinstall to run `npm run install-client` as it does it with the wrong workdir and env
-# - Create the public/sitemaps folder to prevent the client postinstall to run `npm run generate-sitemaps` (which needs to be updated to support non-inventaire.io instances)
+# - Create the public/sitemaps directory to prevent the client postinstall to run `npm run generate-sitemaps` (which needs to be updated to support non-inventaire.io instances)
 RUN git clone https://git.inventaire.io/inventaire --depth 1 --branch "${GIT_REF}" . \
   && mkdir -p /opt/inventaire/client \
   && npm ci --omit=dev \
@@ -28,7 +28,7 @@ RUN git clone https://git.inventaire.io/inventaire --depth 1 --branch "${GIT_REF
 WORKDIR /opt/inventaire/client
 
 # Include dev dependencies (webpack, svelte-checks) at first to be able to build during the postinstall script
-RUN npm ci \
+RUN npm ci --include=dev \
   && rm -rf node_modules \
   && npm ci --omit=dev --ignore-scripts \
   && npm cache clean --force

inventaire/docker-entrypoint.sh

@@ -21,6 +21,11 @@ module.exports = {
     username: '${COUCHDB_USER}',
     password: '${COUCHDB_PASSWORD}',
     hostname: 'couchdb',
+    backupDirectory: '/opt/inventaire_backups',
+  },
+  leveldb: {
+    directory: '/opt/inventaire_leveldb',
+    suffixDirectoryPathWithDbSuffix: false,
   },
   elasticsearch: {
     origin: 'http://elasticsearch:9200',
@@ -53,6 +58,9 @@ module.exports = {
       tenantName: '${SWIFT_TENANT_NAME}',
       region: '${SWIFT_REGION}',
     },
+    local: {
+      directory: '/opt/inventaire_local_media_storage'
+    },
   },
 
 }

nginx/Dockerfile.nginx

@@ -1,5 +1,8 @@
-FROM nginx
+FROM nginx:1.28
 
 RUN [ ! -f /etc/nginx/dhparam.pem ] && openssl dhparam -out /etc/nginx/dhparam.pem 2048
 
-RUN mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets && chown -R nginx:nginx /tmp/nginx
+RUN mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets /var/cache/nginx/client_temp /opt/inventaire/client && chown -R nginx:nginx /tmp/nginx /opt
+
+# See https://docs.docker.com/build/building/multi-stage/
+COPY --from=inventaire/inventaire:latest /opt/inventaire/client /opt/inventaire/client

nginx/templates/default.conf.template

@@ -108,7 +108,7 @@ server {
       proxy_pass http://inv;
     }
 
-    root  /opt/inventaire/client;
+    root /opt/inventaire/client;
     location /public {
         include /etc/nginx/snippets/security_headers.conf;
         limit_except GET {
@@ -128,6 +128,15 @@ server {
         }
     }
 
+    location /assets {
+        root /home/admin/inventaire/client/public;
+        include /etc/nginx/snippets/security_headers.conf;
+        gzip_static on;
+        add_header Access-Control-Allow-Origin "*";
+        add_header Access-Control-Allow-Methods "GET,HEAD,OPTIONS";
+        add_header Access-Control-Allow-Headers "content-type";
+    }
+
     # Pass the request to the node.js server
     # with some correct headers for proxy-awareness
     location /api {
@@ -187,7 +196,7 @@ server {
     location ^~ '/.well-known/acme-challenge' {
       include /etc/nginx/snippets/security_headers.conf;
       default_type "text/plain";
-      root /var/www/certbot;
+      root /var/www/html;
     }
 
     location / {

scripts/docker_publish.sh

@@ -6,7 +6,7 @@ cwd="$PWD"
 
 cd ./inventaire
 
-version=$(curl -s https://api.github.com/repos/inventaire/inventaire/tags | jq -r '.[].name' | head -n1 | sed 's/^v//')
+version=$(curl -s https://codeberg.org/api/v1/repos/inventaire/inventaire/tags | jq -r '.[].name' | head -n1 | sed 's/^v//')
 
 echo -e "Latest version number found: \e[0;32m${version}\e[0m"
 
@@ -29,4 +29,7 @@ docker tag inventaire inventaire/inventaire:latest
 docker push "inventaire/inventaire:${version}"
 docker push inventaire/inventaire:latest
 
+git tag "v${version}"
+git push --tags
+
 cd "$cwd"