sam/dev_arc_aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dev_arc_aws/backend/Dockerfile
Claude 800072ffbb
Add reachability fallback for routed meshes (VPC peering, etc.) 
A host can be on the mesh's "side" of a routed network (e.g. a VPC peered
into a NetBird/WireGuard mesh) without holding a local IP in the mesh's
own CIDR. Local-IP-in-CIDR stays the primary check; if it fails, the admin
can supply a known peer/gateway IP on the mesh and we verify by pinging
it instead. Adds iputils to the backend image for the ping binary.
2026-06-20 21:26:25 +00:00

43 lines
1.6 KiB
Docker
Raw Blame History

FROM node:22-alpine AS build
WORKDIR /app
# Native modules (better-sqlite3, ssh2, node-pty) need a toolchain to compile.
RUN apk add --no-cache python3 make g++
COPY package.json package-lock.json* ./
RUN npm install --omit=dev=false
COPY . .
RUN npm run build
FROM node:22-alpine
WORKDIR /app
ENV NODE_ENV=production
# Toolchain is needed again here: production deps are reinstalled fresh, and the
# native modules (better-sqlite3, ssh2, node-pty) compile from source on install.
# openssh-client provides the `ssh` binary, which node-pty shells out to for
# certificate-based auth (ssh2 has no OpenSSH certificate support).
# iputils provides `ping`, used by the mesh-gate reachability check.
RUN apk add --no-cache python3 make g++ openssh-client iputils
COPY package.json package-lock.json* ./
RUN npm install --omit=dev
COPY --from=build /app/dist ./dist
# Old-format encrypted PEM keys (e.g. "BEGIN RSA PRIVATE KEY" + DEK-Info) rely on an
# MD5-based KDF that OpenSSL 3's default provider disables. Enable the legacy provider
# so `ssh` (used for certificate-based auth) can still decrypt these keys.
RUN { \
echo 'openssl_conf = openssl_init'; \
echo ''; \
echo '[openssl_init]'; \
echo 'providers = provider_sect'; \
echo ''; \
echo '[provider_sect]'; \
echo 'default = default_sect'; \
echo 'legacy = legacy_sect'; \
echo ''; \
echo '[default_sect]'; \
echo 'activate = 1'; \
echo ''; \
echo '[legacy_sect]'; \
echo 'activate = 1'; \
} > /etc/ssl/openssl-legacy.cnf
ENV OPENSSL_CONF=/etc/ssl/openssl-legacy.cnf
EXPOSE 4000
CMD ["node", "dist/server.js"]
Reference in a new issue View git blame Copy permalink