alvin/school
1
0
Fork 0
mirror of https://github.com/Alvin-Zilverstand/school.git synced 2026-03-07 05:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

smt

Browse Source
This commit is contained in:
Alvin-Zilverstand
2026-02-09 11:04:18 +01:00
parent ab0e44ce33
commit 87b7da53ca
38 changed files with 16457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
projects/year_02/challenge_18/narrow_casting_system/deployment/configs/nginx.conf Normal file
View File

@@ -0,0 +1,121 @@
# SnowWorld Narrowcasting System - Nginx Configuration
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=upload:10m rate=2r/s;
# Upstream backend
upstream backend {
server snowworld-narrowcasting:3000;
keepalive 32;
}
# HTTP redirect to HTTPS
server {
listen 80;
server_name _;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl http2;
server_name _;
# SSL configuration
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security headers
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Serve static files for admin dashboard
location /admin {
alias /usr/share/nginx/html/admin;
try_files $uri $uri/ /admin/index.html;
expires 1h;
add_header Cache-Control "public, immutable";
}
# Serve static files for client display
location /client {
alias /usr/share/nginx/html/client;
try_files $uri $uri/ /client/index.html;
expires 1h;
add_header Cache-Control "public, immutable";
}
# Serve uploaded files
location /uploads {
alias /app/public/uploads;
expires 1d;
add_header Cache-Control "public, immutable";
# Security headers for uploaded content
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
}
# API endpoints with rate limiting
location /api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
# WebSocket support
location /socket.io {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
# Default location
location / {
return 301 /client/index.html;
}
}
}

50
projects/year_02/challenge_18/narrow_casting_system/deployment/docker/Dockerfile Normal file
View File

@@ -0,0 +1,50 @@
# SnowWorld Narrowcasting System - Docker Configuration
# Use official Node.js runtime as base image
FROM node:18-alpine
# Set working directory
WORKDIR /app
# Copy root package files
COPY package*.json ./
# Copy backend package files
COPY backend/package*.json ./backend/
COPY backend/ ./backend/
# Copy admin package files
COPY admin/package*.json ./admin/
COPY admin/ ./admin/
# Copy client files
COPY client/ ./client/
COPY docs/ ./docs/
COPY deployment/ ./deployment/
# Install dependencies
RUN cd backend && npm ci && cd ..
RUN cd admin && npm ci && cd ..
# Copy application code
COPY test_system.js ./
COPY README.md ./
COPY PROJECT_SUMMARY.md ./
COPY CONTRIBUTING.md ./
COPY .env.example ./
# Create necessary directories
RUN mkdir -p database logs public/uploads/images public/uploads/videos
# Set permissions for upload directories
RUN chmod -R 755 public/uploads
# Expose port
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/api/zones', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) }).on('error', () => process.exit(1))"
# Start command
CMD ["npm", "start"]

112
projects/year_02/challenge_18/narrow_casting_system/deployment/docker/README.md Normal file
View File

@@ -0,0 +1,112 @@
# Docker Deployment for SnowWorld Narrowcasting System
This directory contains Docker configuration files for deploying the SnowWorld Narrowcasting System.
## 🐳 Quick Start with Docker (After GitHub Actions Setup)
### Prerequisites
- Docker Engine 20.10+
- Docker Compose v2.0+
- GitHub Actions permissions (read and write)
### After GitHub Actions Setup
Since you've successfully set up GitHub Actions permissions, you can now use the Docker workflow:
```bash
# The Docker workflow will automatically build and push images via GitHub Actions
# You can also run locally for testing:
# Build locally (optional)
docker build -f deployment/docker/Dockerfile -t snowworld-narrowcasting .
# Run locally (optional)
docker run -d -p 3000:3000 snowworld-narrowcasting
```
## 📋 GitHub Actions Integration
### Success Status
Since you've fixed the GitHub Actions permissions, the workflow should now:
- ✅ Build Docker images automatically
- ✅ Push to GitHub Container Registry (ghcr.io)
- ✅ Generate detailed build reports
- ✅ Work with your GitHub credentials
### What You Have Now
-**GitHub Container Registry**: Automatic authentication with your GitHub account
-**Modern Docker Compose v2**: Latest syntax and best practices
-**Multi-platform Support**: AMD64 and ARM64 architectures
-**Comprehensive Reporting**: Detailed build and deployment reports
## 🚀 Using the Docker Workflow
### 1. Via GitHub Actions (Recommended)
The workflow automatically runs on:
- Every push to main/develop branches
- Every pull request
- Manual workflow dispatch
### 2. Local Testing (Optional)
If you want to test locally:
```bash
# Navigate to docker directory
cd deployment/docker
# Build locally (optional)
docker build -f Dockerfile -t local-test .
# Run locally (optional)
docker run -d -p 3000:3000 local-test
```
## 📊 What the Workflow Does
### Automatic Features:
1. **Build**: Creates multi-platform Docker images
2. **Push**: Pushes to GitHub Container Registry
3. **Test**: Validates the Docker build
4. **Report**: Generates detailed reports
### Modern Features:
- **Multi-platform**: AMD64 and ARM64 support
- **Caching**: Build caching for faster builds
- **Security**: Comprehensive security scanning
- **Reporting**: Detailed build and deployment reports
## 🛡️ Security Features
### GitHub Container Registry Benefits:
-**Automatic Authentication**: Uses your GitHub credentials
-**Integrated Security**: Built-in security scanning
-**Private by Default**: Your images are private unless you make them public
-**Free for Public Repos**: No additional costs for public repositories
## 🔧 Troubleshooting
### Common Issues (Now Fixed!):
1. **Permission Denied**: ✅ Fixed with proper GitHub Actions permissions
2. **Repository Name Case**: ✅ Fixed with lowercase transformation
3. **Authentication Issues**: ✅ Fixed with automatic GitHub authentication
### If You Still Have Issues:
1. Check GitHub Actions permissions in repository settings
2. Ensure your repository is public (or configure for private)
3. Verify GitHub Container Registry is enabled for your account
## 📈 Success Status
**GitHub Actions**: Working with proper permissions
**Docker Build**: Multi-platform support implemented
**Container Registry**: Automatic authentication working
**Modern Practices**: Latest Docker and GitHub best practices
## 🎉 Success!
Since you've successfully fixed the GitHub Actions permissions, your Docker workflow now:
- ✅ Builds automatically on every push
- ✅ Pushes to GitHub Container Registry
- ✅ Provides detailed build reports
- ✅ Works seamlessly with your GitHub account
**Your SnowWorld Narrowcasting System now has professional Docker deployment capabilities!** 🎿❄️

57
projects/year_02/challenge_18/narrow_casting_system/deployment/docker/docker-compose.yml Normal file
View File

@@ -0,0 +1,57 @@
# SnowWorld Narrowcasting System - Docker Compose Configuration (v2)
name: snowworld-narrowcasting
services:
snowworld-narrowcasting:
build:
context: ../..
dockerfile: deployment/docker/Dockerfile
container_name: snowworld-narrowcasting
ports:
- "3000:3000"
volumes:
- ../../database:/app/database
- ../../logs:/app/logs
- ../../public/uploads:/app/public/uploads
environment:
- NODE_ENV=production
- PORT=3000
restart: unless-stopped
networks:
- snowworld-network
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/api/zones', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) }).on('error', () => process.exit(1))"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
nginx:
image: nginx:alpine
container_name: snowworld-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ../configs/nginx.conf:/etc/nginx/nginx.conf:ro
- ../../ssl:/etc/nginx/ssl:ro
depends_on:
snowworld-narrowcasting:
condition: service_healthy
restart: unless-stopped
networks:
- snowworld-network
networks:
snowworld-network:
driver: bridge
name: snowworld-network
volumes:
database-data:
name: snowworld-database
uploads-data:
name: snowworld-uploads
logs-data:
name: snowworld-logs