Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docker: Runtime auf node:20-slim (Alpine→Debian) – Prisma+TLS-Kompatibilität

Browse Source 
Bug: Im Container schlug Prisma + mariadb-Auth fehl.
- Prisma-Engine `linux-musl` braucht libssl.so.1.1 → Alpine 3.19+ hat
  nur openssl 3 → "shared library libssl.so.1.1 not found"
- mariadb-client unter Alpine warf "TLS/SSL error: SSL is required"

Fix: alle Stages (Frontend-build, Backend-build, Runtime) auf
node:20-slim (Debian-bookworm). glibc + openssl 3 ABI-kompatibel,
Prisma generiert linux-debian-Engine korrekt.

Plus: .dockerignore um data/, plesktest/, backup-Klone erweitert
(Build-Context war u.a. wegen MariaDB-Files mit restricted Permissions
nicht lesbar).
Plus: docker-compose.yml: version: '3.8' für docker-compose v1
Kompatibilität.

Live-verifiziert: docker-compose up -d --build → alle 3 Container
healthy, Login funktioniert, alte DB-Daten (3 Kunden, 15 Verträge,
144 SecurityEvents) erhalten via Volume-zu-Bind-Mount-Migration.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
duffyduck
2026-05-01 20:05:37 +02:00
parent e145edaa90
commit 0671565433
3 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/Dockerfile
+14 -3
View File
@@ -1,8 +1,11 @@
# Multi-Stage Build: Frontend bauen, dann Backend bauen, dann schlankes Runtime-Image
# ---------------------------------------------------------------------------------
# Alle Stages auf node:20-slim (Debian-basiert) dann passt die Prisma-Query-
# Engine (glibc + openssl) zur Runtime.
# ============== STAGE 1: Frontend bauen ==============
FROM node:20-alpine AS frontend-builder
FROM node:20-slim AS frontend-builder
WORKDIR /build/frontend
COPY frontend/package.json frontend/package-lock.json ./
RUN npm ci --no-audit --no-fund --prefer-offline
@@ -11,8 +14,10 @@ RUN npm run build
# Output: /build/frontend/dist/
# ============== STAGE 2: Backend bauen (TS → JS) ==============
FROM node:20-alpine AS backend-builder
FROM node:20-slim AS backend-builder
WORKDIR /build/backend
RUN apt-get update && apt-get install -y --no-install-recommends openssl \
&& rm -rf /var/lib/apt/lists/*
COPY backend/package.json backend/package-lock.json ./
RUN npm ci --no-audit --no-fund --prefer-offline
COPY backend/prisma ./prisma
@@ -23,9 +28,15 @@ RUN npx tsc
# Output: /build/backend/dist/
# ============== STAGE 3: Runtime ==============
FROM node:20-alpine
# Debian-slim statt Alpine: Prisma-Engines erwarten libssl 1.1, das in Alpine 3.19+
# nicht mehr verfügbar ist. Slim hat openssl 3 ABI-kompatibel + native binaries.
FROM node:20-slim
WORKDIR /app
# OpenSSL für Prisma-Query-Engine + wget für Healthcheck
RUN apt-get update && apt-get install -y --no-install-recommends openssl wget \
&& rm -rf /var/lib/apt/lists/*
# Nur Production-Dependencies + Prisma-Client
COPY backend/package.json backend/package-lock.json ./
RUN npm ci --omit=dev --no-audit --no-fund --prefer-offline && npm cache clean --force