From 28bbf5aff67fca26d28f2c7ae9f94f93ac5d3fea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fredrik=20Adel=C3=B6w?= Date: Wed, 20 Apr 2022 16:29:24 +0200 Subject: [PATCH] update dockerfile in new apps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fredrik Adelöw --- .changeset/lazy-zebras-pay.md | 39 +++++++++++++++++++ .../templates/default-app/.dockerignore | 1 + .../default-app/app-config.production.yaml | 13 ++++++- .../templates/default-app/app-config.yaml.hbs | 3 ++ .../default-app/packages/backend/Dockerfile | 4 +- 5 files changed, 57 insertions(+), 3 deletions(-) create mode 100644 .changeset/lazy-zebras-pay.md diff --git a/.changeset/lazy-zebras-pay.md b/.changeset/lazy-zebras-pay.md new file mode 100644 index 0000000000..efcb62d7a9 --- /dev/null +++ b/.changeset/lazy-zebras-pay.md @@ -0,0 +1,39 @@ +--- +'@backstage/create-app': patch +--- + +Added some instruction comments to the generated config files, to clarify the +usage of `backend.baseUrl` and `backend.listen.host`. Importantly, it also per +default now listens on all IPv4 interfaces, to make it easier to take the step +over to production. If you want to do the same, update your +`app-config.production.yaml` as follows: + +```diff + backend: + listen: + port: 7007 ++ host: 0.0.0.0 +``` + +Also, updated the builtin backend Dockerfile to honor the +`app-config.production.yaml` file. If you want to do the same, change +`packages/backend/Dockerfile` as follows: + +```diff +-COPY packages/backend/dist/bundle.tar.gz app-config.yaml ./ ++COPY packages/backend/dist/bundle.tar.gz app-config*.yaml ./ + RUN tar xzf bundle.tar.gz && rm bundle.tar.gz + +-CMD ["node", "packages/backend", "--config", "app-config.yaml"] ++CMD ["node", "packages/backend", "--config", "app-config.yaml", "--config", "app-config.production.yaml"] +``` + +If you look carefully, this adds a glob match on app-config files. For those +that try out the build flows locally, you also want to make sure that the docker +daemon does NOT pick up any local/private config files that might contain +secrets. You should therefore also update your local `.dockerignore` file at the +same time: + +```diff ++*.local.yaml +``` diff --git a/packages/create-app/templates/default-app/.dockerignore b/packages/create-app/templates/default-app/.dockerignore index 63c9c34286..5c3b1360e0 100644 --- a/packages/create-app/templates/default-app/.dockerignore +++ b/packages/create-app/templates/default-app/.dockerignore @@ -3,3 +3,4 @@ node_modules packages !packages/backend/dist plugins +*.local.yaml diff --git a/packages/create-app/templates/default-app/app-config.production.yaml b/packages/create-app/templates/default-app/app-config.production.yaml index 5e36c2319f..c180bbfdec 100644 --- a/packages/create-app/templates/default-app/app-config.production.yaml +++ b/packages/create-app/templates/default-app/app-config.production.yaml @@ -1,8 +1,19 @@ app: - # Should be the same as backend.baseUrl when using the `app-backend` plugin + # Should be the same as backend.baseUrl when using the `app-backend` plugin. baseUrl: http://localhost:7007 backend: + # Note that the baseUrl should be the URL that the browser and other clients + # should use when communicating with the backend, i.e. it needs to be + # reachable not just from within the backend host, but from all of your + # callers. When its value is "http://localhost:7007", it's strictly private + # and can't be reached by others. baseUrl: http://localhost:7007 listen: port: 7007 + # The following host directive binds to all IPv4 interfaces when its value + # is "0.0.0.0". This is the most permissive setting. The right value depends + # on your specific deployment. If you remove the host line entirely, the + # backend will bind on the interface that corresponds to the backend.baseUrl + # hostname. + host: 0.0.0.0 diff --git a/packages/create-app/templates/default-app/app-config.yaml.hbs b/packages/create-app/templates/default-app/app-config.yaml.hbs index 380d2a765d..d56a1beb76 100644 --- a/packages/create-app/templates/default-app/app-config.yaml.hbs +++ b/packages/create-app/templates/default-app/app-config.yaml.hbs @@ -15,6 +15,9 @@ backend: baseUrl: http://localhost:7007 listen: port: 7007 + # Uncomment the following host directive to bind to all IPv4 interfaces and + # not just the baseUrl hostname. + # host: 0.0.0.0 csp: connect-src: ["'self'", 'http:', 'https:'] # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference diff --git a/packages/create-app/templates/default-app/packages/backend/Dockerfile b/packages/create-app/templates/default-app/packages/backend/Dockerfile index 86f6e17861..a5773aa0f8 100644 --- a/packages/create-app/templates/default-app/packages/backend/Dockerfile +++ b/packages/create-app/templates/default-app/packages/backend/Dockerfile @@ -28,7 +28,7 @@ RUN tar xzf skeleton.tar.gz && rm skeleton.tar.gz RUN yarn install --frozen-lockfile --production --network-timeout 300000 && rm -rf "$(yarn cache dir)" # Then copy the rest of the backend bundle, along with any other files we might want. -COPY packages/backend/dist/bundle.tar.gz app-config.yaml ./ +COPY packages/backend/dist/bundle.tar.gz app-config*.yaml ./ RUN tar xzf bundle.tar.gz && rm bundle.tar.gz -CMD ["node", "packages/backend", "--config", "app-config.yaml"] +CMD ["node", "packages/backend", "--config", "app-config.yaml", "--config", "app-config.production.yaml"]