lossless.zone/objectstorage
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(opsserver): add health, audit, cluster health, and durable credential management hardening

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-30 07:10:21 +00:00
parent c3e5cabe3d
commit f4e5f02d0c
34 changed files with 1722 additions and 320 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+18 -14
View File
@@ -6,6 +6,7 @@ FROM --platform=linux/amd64 node:22-alpine AS build
RUN corepack enable && corepack prepare pnpm@latest --activate
WORKDIR /app
ENV DENO_DIR=/deno-dir
# Use verdaccio registry (hosts private packages and proxies public ones)
RUN npm config set registry https://verdaccio.lossless.digital/
@@ -15,7 +16,7 @@ COPY package.json pnpm-lock.yaml ./
RUN pnpm install
# Copy source and build
COPY npmextra.json ./
COPY .smartconfig.json ./
COPY html/ ./html/
COPY ts_web/ ./ts_web/
COPY ts_interfaces/ ./ts_interfaces/
@@ -23,32 +24,35 @@ COPY ts_bundled/ ./ts_bundled/
RUN pnpm run build
## STAGE 2 // production runtime with Deno
FROM alpine:edge AS final
FROM denoland/deno:debian AS final
ENV DENO_DIR=/deno-dir
# Install Deno and minimal runtime dependencies
RUN apk add --no-cache \
deno \
ca-certificates \
tini \
gcompat \
libstdc++
RUN apt-get update && \
apt-get install -y --no-install-recommends ca-certificates tini && \
rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy only what Deno needs at runtime
COPY deno.json ./
COPY deno.lock ./
COPY mod.ts ./
COPY ts/ ./ts/
COPY ts_interfaces/ ./ts_interfaces/
COPY --from=build /app/ts_bundled/bundle.ts ./ts_bundled/bundle.ts
# Pre-cache Deno dependencies
RUN deno cache mod.ts
# Create storage directory
RUN mkdir -p /data
# Pre-cache Deno dependencies and prepare non-root runtime paths
RUN deno cache mod.ts && \
groupadd --system objectstorage && \
useradd --system --gid objectstorage --home-dir /app objectstorage && \
mkdir -p /data /deno-dir && \
chown -R objectstorage:objectstorage /app /data /deno-dir
EXPOSE 9000 3000 4433
VOLUME ["/data"]
ENTRYPOINT ["/sbin/tini", "--"]
USER objectstorage
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD deno eval "const response = await fetch('http://127.0.0.1:3000/readyz'); Deno.exit(response.ok ? 0 : 1);"
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["deno", "run", "--allow-all", "mod.ts", "server"]