From e5221afb878791b2ec22fb8e4af17b150d3d23f0 Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Sat, 23 May 2026 01:04:18 -0700 Subject: [PATCH] feat(deploy): backend Docker corp-proxy support + local compose override MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two changes that make 'docker compose up' actually work on this host (and on any corporate network with TLS interception of npmjs.org): 1. backend/Dockerfile gains the same NODE_TLS_REJECT_UNAUTHORIZED=0 + NPM_CONFIG_STRICT_SSL=false envs and 'npm config set strict-ssl false' step that web/Dockerfile already had. Without this, the 'npm install -g pnpm@10.6.5' step failed with UNABLE_TO_GET_ISSUER_CERT_LOCALLY on corp networks. Build-time-only; production runtime image is unaffected. 2. docker-compose.override.yml (new) is picked up automatically by 'docker compose up' and: - remaps the web container's host port from 3000 to 3050 (port 3000 on this host is held by Grafana). Uses 'ports: !override' so the base port mapping is replaced rather than appended. - points the backend at the sibling platform-service (4003), extraction-service (4005), and mcp-server (4007) running on the host network via host.docker.internal. - sets DB_PROVIDER=memory and a 32+ char JWT_SECRET so the backend starts in dev mode without Cosmos credentials. Verified live on this host: docker compose up -d → both notelett-backend (healthy) and notelett-web running. curl http://localhost:4016/health → {status:ok,service:notelett-backend} curl http://localhost:3050/dashboard → HTTP 200, 'NoteLett' --- backend/Dockerfile | 9 ++++++++- docker-compose.override.yml | 38 +++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 docker-compose.override.yml diff --git a/backend/Dockerfile b/backend/Dockerfile index 7e2b49d..2bcbf6d 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,7 +1,14 @@ FROM node:22-slim AS builder WORKDIR /app/backend -RUN npm install -g pnpm@10.6.5 +# Corporate proxies often perform TLS interception; npm/pnpm registry +# fetches need strict-ssl disabled for the build step (same pattern as +# web/Dockerfile). These flags apply only inside the build container. +ENV NODE_TLS_REJECT_UNAUTHORIZED=0 +ENV NPM_CONFIG_STRICT_SSL=false + +RUN npm config set strict-ssl false \ + && npm install -g pnpm@10.6.5 COPY .npmrc.docker ./.npmrc COPY .docker-deps/ ../.docker-deps/ diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..88b7050 --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,38 @@ +# Local override for `docker compose up` on this host. +# +# Why this exists: +# docker-compose.yml maps the web container to host port 3000, but +# port 3000 on this host is already occupied (Grafana). This file +# remaps web to host port 3050 and backend stays on 4016. The backend +# is configured to point at the sibling platform/extraction/mcp +# services already running on the host network. +# +# Bring up: +# docker compose up -d +# URLs: +# Web: http://localhost:3050 +# Backend: http://localhost:4016 +# Health: http://localhost:4016/health +# Bring down: +# docker compose down + +services: + backend: + extra_hosts: + - "host.docker.internal:host-gateway" + environment: + CORS_ORIGIN: "http://localhost:3050" + PLATFORM_SERVICE_URL: "http://host.docker.internal:4003" + EXTRACTION_SERVICE_URL: "http://host.docker.internal:4005" + MCP_SERVER_URL: "http://host.docker.internal:4007" + DB_PROVIDER: memory + JWT_SECRET: "dev-secret-change-me-at-least-32-characters-long" + + web: + ports: !override + - "3050:3045" + environment: + NEXT_PUBLIC_NOTES_API_URL: "http://localhost:4016/api" + NEXT_PUBLIC_PLATFORM_SERVICE_URL: "http://localhost:4003/api" + NEXT_PUBLIC_EXTRACTION_SERVICE_URL: "http://localhost:4005" + NEXT_PUBLIC_MCP_SERVER_URL: "http://localhost:4007/api"