From 1356d57518f9f04508dcec0f07df22213569ebc6 Mon Sep 17 00:00:00 2001
From: MaKarin <MaKarin@alabuga.ru>
Date: Wed, 25 Mar 2026 21:11:24 +0300
Subject: [PATCH] deploying

---
 client/.dockerignore      |  7 ++++
 client/Dockerfile         | 27 ++++++++++++++++
 client/nginx/default.conf | 27 ++++++++++++++++
 docker-compose.yml        | 67 ++++++++++++++++++++++++++++++++++++---
 server/.dockerignore      |  8 +++++
 server/Dockerfile         | 29 +++++++++++++++++
 6 files changed, 161 insertions(+), 4 deletions(-)
 create mode 100644 client/.dockerignore
 create mode 100644 client/Dockerfile
 create mode 100644 client/nginx/default.conf
 create mode 100644 server/.dockerignore
 create mode 100644 server/Dockerfile

diff --git a/client/.dockerignore b/client/.dockerignore
new file mode 100644
index 0000000..0e48e48
--- /dev/null
+++ b/client/.dockerignore
@@ -0,0 +1,7 @@
+node_modules
+dist
+.git
+.env
+.env.local
+.env.*.local
+npm-debug.log*
diff --git a/client/Dockerfile b/client/Dockerfile
new file mode 100644
index 0000000..ff96fd3
--- /dev/null
+++ b/client/Dockerfile
@@ -0,0 +1,27 @@
+FROM node:20-alpine AS build
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci
+
+COPY . .
+
+ARG VITE_API_URL
+ARG VITE_KEYCLOAK_URL
+ARG VITE_KEYCLOAK_REALM
+ARG VITE_KEYCLOAK_CLIENT_ID
+
+ENV VITE_API_URL=$VITE_API_URL
+ENV VITE_KEYCLOAK_URL=$VITE_KEYCLOAK_URL
+ENV VITE_KEYCLOAK_REALM=$VITE_KEYCLOAK_REALM
+ENV VITE_KEYCLOAK_CLIENT_ID=$VITE_KEYCLOAK_CLIENT_ID
+
+RUN npm run build
+
+FROM nginx:1.27-alpine AS runtime
+
+COPY nginx/default.conf /etc/nginx/conf.d/default.conf
+COPY --from=build /app/dist /usr/share/nginx/html
+
+EXPOSE 80
diff --git a/client/nginx/default.conf b/client/nginx/default.conf
new file mode 100644
index 0000000..d11675a
--- /dev/null
+++ b/client/nginx/default.conf
@@ -0,0 +1,27 @@
+server {
+    listen 80;
+    server_name _;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location /api/ {
+        proxy_pass http://toir-server:3000/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    location = /healthz {
+        access_log off;
+        add_header Content-Type text/plain;
+        return 200 'ok';
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index 61fcc40..9f5a268 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,13 +4,72 @@ services:
     container_name: toir-postgres
     restart: unless-stopped
     environment:
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_DB: toir
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+      POSTGRES_DB: ${POSTGRES_DB:-toir}
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-toir}",
+        ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
     ports:
-      - "5432:5432"
+      - "${POSTGRES_PORT:-5432}:5432"
     volumes:
       - postgres-data:/var/lib/postgresql/data
+    networks:
+      - app
+
+  server:
+    build:
+      context: ./server
+      dockerfile: Dockerfile
+    container_name: toir-server
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      PORT: 3000
+      DATABASE_URL: postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-toir}
+      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-https://toir.example.ru}
+      KEYCLOAK_ISSUER_URL: ${KEYCLOAK_ISSUER_URL}
+      KEYCLOAK_AUDIENCE: ${KEYCLOAK_AUDIENCE}
+      KEYCLOAK_JWKS_URL: ${KEYCLOAK_JWKS_URL:-}
+    expose:
+      - "3000"
+    networks:
+      - app
+      - proxy
+
+  client:
+    build:
+      context: ./client
+      dockerfile: Dockerfile
+      args:
+        VITE_API_URL: ${VITE_API_URL:-/api}
+        VITE_KEYCLOAK_URL: ${VITE_KEYCLOAK_URL}
+        VITE_KEYCLOAK_REALM: ${VITE_KEYCLOAK_REALM}
+        VITE_KEYCLOAK_CLIENT_ID: ${VITE_KEYCLOAK_CLIENT_ID}
+    container_name: toir-client
+    restart: unless-stopped
+    depends_on:
+      - server
+    expose:
+      - "80"
+    networks:
+      - app
+      - proxy
 
 volumes:
   postgres-data:
+
+networks:
+  app:
+    driver: bridge
+  proxy:
+    external: true
diff --git a/server/.dockerignore b/server/.dockerignore
new file mode 100644
index 0000000..661172a
--- /dev/null
+++ b/server/.dockerignore
@@ -0,0 +1,8 @@
+node_modules
+dist
+coverage
+.git
+.env
+.env.local
+.env.*.local
+npm-debug.log*
diff --git a/server/Dockerfile b/server/Dockerfile
new file mode 100644
index 0000000..6e108f8
--- /dev/null
+++ b/server/Dockerfile
@@ -0,0 +1,29 @@
+FROM node:20-bookworm-slim AS build
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci
+
+COPY prisma ./prisma
+RUN npx prisma generate
+
+COPY nest-cli.json tsconfig*.json ./
+COPY src ./src
+
+RUN npm run build
+
+FROM node:20-bookworm-slim AS runtime
+
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+COPY --from=build /app/package*.json ./
+COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/prisma ./prisma
+COPY --from=build /app/dist ./dist
+
+EXPOSE 3000
+
+CMD ["sh", "-c", "npx prisma migrate deploy && node dist/main"]