argus/src/web/build_tools/proxy/Dockerfile

FROM ubuntu:24.04

USER root

# 安装 nginx 和 supervisor
RUN apt-get update && \
    apt-get install -y nginx supervisor curl vim net-tools inetutils-ping ca-certificates passwd && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

ENV FRONTEND_BASE_PATH=/private/argus/web/proxy
ENV ARGUS_UID=2133
ENV ARGUS_GID=2015

RUN mkdir -p ${FRONTEND_BASE_PATH} && \
    mkdir -p /private/argus/etc

# 创建 proxy 用户（可自定义 UID/GID）
# 创建 proxy 用户组
RUN groupadd -g ${ARGUS_GID} web_proxy

# 创建 proxy 用户并指定组
RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} web_proxy

RUN chown -R web_proxy:web_proxy ${FRONTEND_BASE_PATH} && \
    chown -R web_proxy:web_proxy /private/argus/etc && \
    chown -R web_proxy:web_proxy /usr/local/bin

# 配置内网 apt 源 (如果指定了内网选项)
RUN if [ "$USE_INTRANET" = "true" ]; then \
        echo "Configuring intranet apt sources..." && \
        cp /etc/apt/sources.list /etc/apt/sources.list.bak && \
        echo "deb [trusted=yes] http://10.68.64.1/ubuntu2204/ jammy main" > /etc/apt/sources.list && \
        echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/99disable-ssl-check && \
        echo 'Acquire::https::Verify-Host "false";' >> /etc/apt/apt.conf.d/99disable-ssl-check; \
    fi


# 配置部署时使用的 apt 源
RUN if [ "$USE_INTRANET" = "true" ]; then \
    echo "deb [trusted=yes] https://10.92.132.52/mirrors/ubuntu2204/ jammy main" > /etc/apt/sources.list; \
    fi


# 复制 nginx 配置（保证 React 前端路由兼容）
COPY src/web/build_tools/proxy/nginx.conf.template /etc/nginx/nginx.conf.template
COPY src/web/build_tools/proxy/conf.d/ /etc/nginx/conf.d/

# 复制 supervisor 配置
COPY src/web/build_tools/proxy/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# 创建 supervisor 日志目录
RUN mkdir -p /var/log/supervisor

# 复制启动脚本
COPY src/web/build_tools/proxy/start-proxy-supervised.sh /usr/local/bin/start-proxy-supervised.sh
RUN chmod +x /usr/local/bin/start-proxy-supervised.sh

# 复制 DNS 监控脚本
COPY src/web/build_tools/proxy/dns-monitor.sh /usr/local/bin/dns-monitor.sh
RUN chmod +x /usr/local/bin/dns-monitor.sh

# 暴露端口
EXPOSE 80

# 保持 root 用户，由 supervisor 控制 user 切换
USER root

# 以 supervisor 为入口
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]