feat: add Docker deployment, web installer, and local test environment

- Multi-stage Dockerfiles for API (NestJS) and Web (Next.js standalone) - docker-compose.prod.yml: full production stack (postgres, redis, keycloak, api, web) with optional Caddy/Let's Encrypt via --profile ssl - docker-compose.local.yml: identical local test stack, all ports exposed - docker/postgres/init.sql: auto-creates tos_app DB on first start - Caddyfile: reverse proxy for app domain + auth subdomain - install.sh: interactive installer (domain, SSL mode, secret generation) - NestJS SetupModule: @Public() endpoints for /setup/status, /setup/admin, /setup/branding, /setup/complete with setup-token guard - Web installer: 4-step flow (system check, admin creation, branding, complete) at /[locale]/setup/* with public middleware bypass - i18n: installer namespace added to de.json and en.json - CORS: x-setup-token header allowed in main.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-23 21:17:34 +01:00
parent b1238b7bb8
commit 0e8d5aef85
31 changed files with 2158 additions and 4 deletions
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -0,0 +1,67 @@
+# =============================================================================
+# tOS API - Multi-Stage Docker Build
+# =============================================================================
+# Optimiert fuer pnpm Monorepo mit Prisma ORM
+#
+# Build:   docker build -f apps/api/Dockerfile -t tos-api .
+# Run:     docker run -p 3001:3001 --env-file .env tos-api
+# =============================================================================
+
+# ---------------------------------------------------------------------------
+# Stage 1: Base - Node.js mit pnpm
+# ---------------------------------------------------------------------------
+FROM node:20-alpine AS base
+RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
+
+# ---------------------------------------------------------------------------
+# Stage 2: Builder - Dependencies installieren und kompilieren
+# ---------------------------------------------------------------------------
+FROM base AS builder
+WORKDIR /app
+
+# Kopiere Workspace-Konfiguration (fuer pnpm Monorepo-Aufloesung)
+COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
+
+# Kopiere Shared Package (wird von der API als Dependency referenziert)
+COPY packages/ ./packages/
+
+# Kopiere API-Quellcode
+COPY apps/api/ ./apps/api/
+
+# Installiere alle Dependencies (frozen-lockfile fuer reproduzierbare Builds)
+RUN pnpm install --frozen-lockfile
+
+# Baue zuerst das Shared Package (Dependency der API)
+RUN pnpm --filter @tos/shared build
+
+# Generiere Prisma Client (benoetigt fuer den Build)
+RUN pnpm --filter @tos/api exec prisma generate
+
+# Baue die API
+RUN pnpm --filter @tos/api build
+
+# ---------------------------------------------------------------------------
+# Stage 3: Runner - Schlankes Production Image
+# ---------------------------------------------------------------------------
+FROM base AS runner
+WORKDIR /app
+ENV NODE_ENV=production
+
+# Kopiere Build-Artefakte
+COPY --from=builder /app/apps/api/dist ./dist
+COPY --from=builder /app/apps/api/prisma ./prisma
+COPY --from=builder /app/apps/api/package.json ./package.json
+
+# Kopiere node_modules (API-spezifisch + hoisted)
+COPY --from=builder /app/apps/api/node_modules ./node_modules
+# Kopiere Prisma Client (plattform-spezifische Binaries)
+COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma
+COPY --from=builder /app/node_modules/@prisma ./node_modules/@prisma
+
+# Sicherheit: Nicht als root ausfuehren
+USER node
+
+EXPOSE 3001
+
+# Beim Start: Zuerst Datenbankmigrationen anwenden, dann API starten
+CMD ["sh", "-c", "npx prisma migrate deploy && node dist/main.js"]