MISC Refactor docker files to support dev and production (#121)

* MISC Refactor docker files to support dev and production, run nginx for test/production.

* point compose to docker dev and we don't need node on the final container

* run yarn install before copying app assets to cache that layer

* restore --no-cache as the yarn cache won't be used when the package layer is invalidated

* Refactor start command for nginx.

* Add Route53 A alias record, env variables as part of build

* woot! SSL support.

client/.dockerignore

@@ -9,4 +9,4 @@ node_modules
 Dockerfile
 README.me
 npm-debug.log
-yarn-error.log
+yarn-error.log

client/.env.development

@@ -1,7 +1,6 @@
 REACT_APP_AUTH0_DOMAIN=forgingadventures-staging.auth0.com
 REACT_APP_AUTH0_CLIENT_ID=i7Srpetd9dL9Dx1ckMIhBLFnSxksaVcz
 REACT_APP_AUTH0_REDIRECT_URI=http://localhost:3000/login/callback
-REACT_APP_AUTH0_RENEWAL_REDIRECT_URI=http://localhost:3001/silent
 REACT_APP_AUTH0_AUDIENCE=https://api-test.forgingadventures.com
 
 # for dev only

client/.env.local.sample

@@ -1,7 +1,6 @@
 REACT_APP_AUTH0_DOMAIN=forgingadventures-staging.auth0.com
 REACT_APP_AUTH0_CLIENT_ID=xxx
 REACT_APP_AUTH0_REDIRECT_URI=http://localhost:3000/login/callback
-REACT_APP_AUTH0_RENEWAL_REDIRECT_URI=http://localhost:3001/silent
 REACT_APP_AUTH0_AUDIENCE=https://api-test.forgingadventures.com
 
 # for dev only

client/.env.production

@@ -1,5 +1,4 @@
 REACT_APP_AUTH0_DOMAIN=forgingadventures.auth0.com
 REACT_APP_AUTH0_CLIENT_ID=AQ9U63ZdGNMfttXnztEiV5n7C8ZLwQSg
-REACT_APP_AUTH0_REDIRECT_URI=http://localhost:3000/login/callback
-REACT_APP_AUTH0_RENEWAL_REDIRECT_URI=http://localhost:3001/silent
+REACT_APP_AUTH0_REDIRECT_URI=https://play.forgingadventures.com/login/callback
 REACT_APP_AUTH0_AUDIENCE=https://api.forgingadventures.com

client/.env.test

@@ -1,5 +1,4 @@
 REACT_APP_AUTH0_DOMAIN=forgingadventures-staging.auth0.com
 REACT_APP_AUTH0_CLIENT_ID=i7Srpetd9dL9Dx1ckMIhBLFnSxksaVcz
-REACT_APP_AUTH0_REDIRECT_URI=http://localhost:3000/login/callback
-REACT_APP_AUTH0_RENEWAL_REDIRECT_URI=http://localhost:3001/silent
+REACT_APP_AUTH0_REDIRECT_URI=http://playquest.forgingadventures.com/login/callback
 REACT_APP_AUTH0_AUDIENCE=https://api-test.forgingadventures.com

client/Dockerfile

@@ -1,12 +1,42 @@
-FROM node:8.9.1-alpine
+# The build container
+FROM node:8.9.4-alpine as builder
 
-# for dev only - extend watchers limit for CRA file watchers and auto-reload
-COPY ./etc/sysctl.conf /etc/sysctl.conf
+# install node packages first as we don't want to invalidate this layer during src code changes
+# but onlt when package.json changes
+COPY package.json /usr/src/app/
+COPY yarn.lock /usr/src/app/
+WORKDIR /usr/src/app
+RUN yarn install --frozen-lockfile --no-cache
 
-# define paths
-WORKDIR /app
-ADD . /app
+# copy application artifacts
+COPY /config /usr/src/app/config
+COPY /public /usr/src/app/public
+COPY /scripts /usr/src/app/scripts
+COPY /src /usr/src/app/src
 
-EXPOSE 3000
+RUN mkdir /usr/src/app/build
+
+# Set env variables before build
+ARG REACT_APP_AUTH0_DOMAIN
+ARG REACT_APP_AUTH0_CLIENT_ID
+ARG REACT_APP_AUTH0_AUDIENCE
+ARG REACT_APP_AUTH0_REDIRECT_URI
+ENV REACT_APP_AUTH0_DOMAIN=$REACT_APP_AUTH0_DOMAIN
+ENV REACT_APP_AUTH0_CLIENT_ID=$REACT_APP_AUTH0_CLIENT_ID
+ENV REACT_APP_AUTH0_AUDIENCE=$REACT_APP_AUTH0_AUDIENCE
+ENV REACT_APP_AUTH0_REDIRECT_URI=$REACT_APP_AUTH0_REDIRECT_URI
+
+# build using production env for optimized build
+ENV NODE_ENV production
+RUN yarn build
+
+# The deployed container
+FROM nginx:1.13-alpine
 
-CMD yarn && yarn start
+COPY ./etc/nginx.conf /etc/nginx/
+
+WORKDIR /usr/src/app
+COPY --from=builder /usr/src/app/build .
+
+EXPOSE 3000
+CMD ["nginx", "-g", "daemon off;"]

client/Dockerfile-dev

@@ -0,0 +1,12 @@
+FROM node:8.9.4-alpine
+
+# for dev only - extend watchers limit for CRA file watchers and auto-reload
+COPY ./etc/sysctl.conf /etc/sysctl.conf
+
+# define paths
+WORKDIR /app
+COPY . /app
+
+EXPOSE 3000
+
+CMD yarn && yarn start

client/etc/nginx.conf

@@ -0,0 +1,102 @@
+# /etc/nginx/nginx.conf
+
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log stderr error;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+
+events {
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
+}
+
+http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	#resolver 208.67.222.222 208.67.220.220;
+
+	# Don't tell nginx version to clients.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable.
+	client_max_body_size 1m;
+
+	# Timeout for keep-alive connections. Server will close connections after
+	# this time.
+	keepalive_timeout 65;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write().
+	sendfile on;
+
+	# Don't buffer data-sends (disable Nagle algorithm).
+	# Good for sending frequent small bursts of data in real time.
+	tcp_nodelay on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames.
+	#tcp_nopush on;
+
+
+	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
+	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+	# Specifies that our cipher suits should be preferred over client ciphers.
+	ssl_prefer_server_ciphers on;
+
+	# Enables a shared SSL cache with size that can hold around 8000 sessions.
+	ssl_session_cache shared:SSL:2m;
+
+
+	# Enable gzipping of responses.
+	gzip on;
+
+	# Set the Vary HTTP header as defined in the RFC 2616.
+	gzip_vary on;
+
+	# Enable checking the existence of precompressed files.
+	#gzip_static on;
+
+	# Enables gzipping of responses for the specified MIME types in addition to “text/html”.
+	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+
+	# Specifies the main log format.
+	log_format main '$request_time - $remote_addr - $remote_user [$time_local] '
+			'"$request" $status $body_bytes_sent "$http_referer" '
+			'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log /dev/stdout main;
+
+
+	# Includes virtual hosts configs.
+	include /etc/nginx/conf.d/*.conf;
+
+	server {
+		listen 3000;
+		root /usr/src/app;
+
+		location / {
+			try_files $uri /index.html;
+		}
+	}
+}

client/package.json

@@ -64,10 +64,10 @@
     "postcss-loader": "2.0.8",
     "raf": "3.4.0",
     "react-dev-utils": "^4.2.1",
-    "rupture": "^0.7.1",
+    "rupture": "0.7.1",
     "style-loader": "0.19.0",
     "stylus": "^0.54.5",
-    "stylus-loader": "^3.0.1",
+    "stylus-loader": "3.0.1",
     "subscriptions-transport-ws": "^0.9.4",
     "sw-precache-webpack-plugin": "0.11.4",
     "url-loader": "0.6.2",

client/yarn.lock

@@ -5985,7 +5985,7 @@ run-async@^2.2.0:
   dependencies:
     is-promise "^2.1.0"
 
-rupture@^0.7.1:
+rupture@0.7.1:
   version "0.7.1"
   resolved "https://registry.yarnpkg.com/rupture/-/rupture-0.7.1.tgz#d51bcd5fe93757b4855e4ea70ac9d97a897183a1"
 
@@ -6408,7 +6408,7 @@ style-loader@0.19.0:
     loader-utils "^1.0.2"
     schema-utils "^0.3.0"
 
-stylus-loader@^3.0.1:
+stylus-loader@3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/stylus-loader/-/stylus-loader-3.0.1.tgz#77f4b34fd030d25b2617bcf5513db5b0730c4089"
   dependencies:

docker-compose.yml

@@ -19,7 +19,9 @@ services:
     volumes:
       - ./api:/app:delegated
   client:
-    build: ./client
+    build:
+      context: ./client
+      dockerfile: Dockerfile-dev
     depends_on:
       - api
     ports: ["3000:3000"]

infrastructure/apps.yml

@@ -1,10 +1,14 @@
 AWSTemplateFormatVersion: '2010-09-09'
+Description: EC2 application resources such as ALB, etc
 
 Parameters:
   Environment:
     Type: String
     Description: The environment
     Default: test
+  SslCertificateArn:
+    Type: String
+    Description: SSL certificate ARN
   VpcId:
     Type: AWS::EC2::VPC::Id
     Description: The VPC Id
@@ -59,10 +63,22 @@ Resources:
     Properties:
       DefaultActions:
         - TargetGroupArn: !Ref ElbTargetGroup
-          Type: "forward"
+          Type: forward
       LoadBalancerArn: !Ref Elb
       Port: 80
-      Protocol: "HTTP"
+      Protocol: HTTP
+
+  ElbHttpsListener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      Certificates:
+        - CertificateArn: !Ref SslCertificateArn
+      DefaultActions:
+        - TargetGroupArn: !Ref ElbTargetGroup
+          Type: forward
+      LoadBalancerArn: !Ref Elb
+      Port: 443
+      Protocol: HTTPS
 
   Cluster:
     Type: AWS::ECS::Cluster
@@ -79,9 +95,12 @@ Outputs:
   ElbId:
     Description: "App Load Balancer Id"
     Value: !Ref Elb
+  ElbDns:
+    Description: "App Load Balancer DNS Name"
+    Value: !GetAtt Elb.DNSName
   ElbUrl:
     Description: "App Load Balancer URL for the cluster"
-    Value: !Join [ "", [ "http://", !GetAtt Elb.DNSName ] ]
+    Value: !Join [ "", [ "https://", !GetAtt Elb.DNSName ] ]
   ElbTargetGroup:
     Description: Client Target Group
     Value: !Ref ElbTargetGroup

infrastructure/client.yml

@@ -71,7 +71,7 @@ Resources:
       ContainerDefinitions:
         - Name: client
           Cpu: !Ref ContainerCpu
-          Command: [yarn, start]
+          Command: [nginx, -g, daemon off;]
           Essential: true
           Image: !Ref ContainerImage
           Memory: !Ref ContainerMemory

infrastructure/test-client-parameters.json

@@ -19,7 +19,7 @@
     },
     {
       "ParameterKey": "ContainerImage",
-      "ParameterValue": "466853810010.dkr.ecr.us-east-1.amazonaws.com/forgingadventures-client:ea7c2f6"
+      "ParameterValue": "466853810010.dkr.ecr.us-east-1.amazonaws.com/forgingadventures-client:test-ea7c2g1"
     },
     {
       "ParameterKey": "ElbTargetGroup",

infrastructure/test.yml

@@ -13,6 +13,10 @@ Parameters:
     Type: String
     Description: The S3 bucket name where CFN templates are
     Default: forgingadventures-resources
+  SslCertificateArn:
+    Type: String
+    Description: SSL certificate ARN
+    Default: arn:aws:acm:us-east-1:466853810010:certificate/b696027f-8e4f-4c8d-ad39-12135b21ba40
   RdsUsername:
     Type: String
     Description: The database admin account username
@@ -63,6 +67,7 @@ Resources:
       TemplateURL: !Sub "https://s3.amazonaws.com/${S3TemplateBucket}/cfn-templates/apps.yml"
       Parameters:
         Environment: !Ref Environment
+        SslCertificateArn: !Ref SslCertificateArn
         VpcId: !GetAtt VPC.Outputs.VpcId
         VpcSubnetList: !Join [ ",", [ !GetAtt VPC.Outputs.PublicSubnet1, !GetAtt VPC.Outputs.PublicSubnet2] ]
         VpcSecurityGroupList: !Join [ ",", [ !GetAtt Security.Outputs.ElbSecurityGroupId] ]
@@ -72,6 +77,17 @@ Resources:
         - Key: Name
           Value: forgingadventures
 
+  AppHostname:
+    Type: AWS::Route53::RecordSet
+    Properties:
+      AliasTarget:
+        DNSName: !GetAtt Apps.Outputs.ElbDns
+        EvaluateTargetHealth: false
+        HostedZoneId: Z35SXDOTRQ7X7K
+      HostedZoneName: forgingadventures.com.
+      Name: playquest.forgingadventures.com.
+      Type: A
+
   # Rds:
   #   Type: AWS::CloudFormation::Stack
   #   Properties:
@@ -117,3 +133,6 @@ Outputs:
   PublicSubnet2:
     Description: Public Subnet 2
     Value: !GetAtt VPC.Outputs.PublicSubnet2
+  AppHostname:
+    Description: DNS of App Load Balancer
+    Value: !Ref AppHostname