oma-memorial/Dockerfile

# Stage 1: Compile libvips with HEIC support
FROM node:22-bullseye-slim AS libvips-builder

# Install build tools and dependencies for libvips and libheif
# Added ca-certificates to fix the "server certificate verification failed" error
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    pkg-config \
    git \
    ca-certificates \
    python3 \
    curl \
    meson \
    ninja-build \
    libglib2.0-dev \
    libexpat1-dev \
    libheif-dev \
    liblcms2-dev \
    libjpeg-dev \
    libpng-dev \
    libwebp-dev \
    libtiff-dev \
    libexif-dev \
    libgif-dev \
    libde265-dev \
    libx265-dev \
    && rm -rf /var/lib/apt/lists/*

ARG LIBVIPS_VERSION=8.16.2

WORKDIR /tmp
RUN curl -L https://github.com/libvips/libvips/releases/download/v${LIBVIPS_VERSION}/vips-${LIBVIPS_VERSION}.tar.gz | tar xz --strip-components=1 \
    && cd vips-${LIBVIPS_VERSION} \
    && meson setup build --prefix=/usr --buildtype=release \
    && ninja -C build \
    && ninja -C build install \
    && ldconfig \
    && cd / \
    && rm -rf /tmp/vips-${LIBVIPS_VERSION}

# Stage 2: Build the Next.js app
FROM node:22-bullseye-slim AS builder

WORKDIR /app

# Copy custom-built libvips libraries from libvips-builder stage
COPY --from=libvips-builder /usr/lib /usr/lib
COPY --from=libvips-builder /usr/bin /usr/bin
COPY --from=libvips-builder /usr/share /usr/share

ENV LD_LIBRARY_PATH=/usr/lib
ENV PKG_CONFIG_PATH=/usr/lib/pkgconfig

COPY package*.json ./
ENV SHARP_IGNORE_GLOBAL_LIBVIPS=1
RUN npm ci

COPY . .
RUN npm run build

# Stage 3: Final production image
FROM node:22-bullseye-slim AS runner

WORKDIR /app

ENV NODE_ENV=production
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"

# Install runtime dependencies for libvips and su-exec for entrypoint
RUN apt-get update && apt-get install -y --no-install-recommends \
    libglib2.0-0 \
    libexpat1 \
    libheif1 \
    liblcms2-2 \
    libjpeg62-turbo \
    libpng16-16 \
    libwebp6 \
    libtiff5 \
    libexif12 \
    libgif7 \
    libde265-0 \
    libx265-192 \
    gosu \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user
RUN addgroup --system --gid 1001 nodejs \
  && adduser --system --uid 1001 nextjs

# Copy standalone output
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
COPY --from=builder /app/public ./public

# Copy custom-built libvips libraries
COPY --from=libvips-builder /usr/lib /usr/lib
COPY --from=libvips-builder /usr/bin /usr/bin
COPY --from=libvips-builder /usr/share /usr/share

# Entrypoint script to fix volume permissions at startup
RUN printf '#!/bin/sh\nmkdir -p /app/data/uploads/photos /app/data/uploads/videos /app/data/uploads/music\nchown -R nextjs:nodejs /app/data 2>/dev/null || true\nexec gosu nextjs node server.js\n' > /app/entrypoint.sh \
  && chmod +x /app/entrypoint.sh

EXPOSE 3000
CMD ["/app/entrypoint.sh"]