From eb2873a3b987e469e590b35c64fd8acd6005d1bf Mon Sep 17 00:00:00 2001 From: Arnab-Afk Date: Thu, 14 Aug 2025 21:15:53 +0530 Subject: [PATCH] Add Docker setup for Monaco backend with Cloudflare tunnel support --- new-backend/Dockerfile.tunnel | 56 +++++++++++++++++++++++++++ new-backend/README.tunnel.md | 46 ++++++++++++++++++++++ new-backend/config.json | 15 +++++++ new-backend/docker-compose.tunnel.yml | 27 +++++++++++++ 4 files changed, 144 insertions(+) create mode 100644 new-backend/Dockerfile.tunnel create mode 100644 new-backend/README.tunnel.md create mode 100644 new-backend/config.json create mode 100644 new-backend/docker-compose.tunnel.yml diff --git a/new-backend/Dockerfile.tunnel b/new-backend/Dockerfile.tunnel new file mode 100644 index 0000000..e677375 --- /dev/null +++ b/new-backend/Dockerfile.tunnel @@ -0,0 +1,56 @@ +FROM golang:1.19-alpine AS builder + +# Install git and required dependencies +RUN apk update && apk add --no-cache git + +# Set working directory +WORKDIR /app + +# Copy go mod and sum files +COPY go.mod go.sum* ./ + +# Download dependencies +RUN go mod download + +# Copy source code +COPY . . + +# Build the application with optimizations +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags="-s -w" -o monaco-backend . + +# Use a smaller image for the final container +FROM alpine:latest + +# Install Docker client and cloudflared +RUN apk update && apk add --no-cache docker-cli curl && \ + curl -L --output cloudflared.tgz https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.tgz && \ + tar -xzf cloudflared.tgz && \ + chmod +x cloudflared && \ + mv cloudflared /usr/local/bin/ && \ + rm cloudflared.tgz + +# Create directories for cloudflared +RUN mkdir -p /etc/cloudflared + +# Copy the certificate file and config +COPY cert.pem /etc/cloudflared/cert.pem +COPY config.json /etc/cloudflared/config.json + +# Copy the binary from builder +COPY --from=builder /app/monaco-backend /monaco-backend + +# Add startup script +RUN echo '#!/bin/sh\n\ +# Start the backend\n\ +/monaco-backend & \n\ +# Wait for backend to start\n\ +sleep 5\n\ +# Start cloudflared tunnel using config file\n\ +cloudflared tunnel --no-autoupdate run --config /etc/cloudflared/config.json\n\ +' > /start.sh && chmod +x /start.sh + +# Expose port for local access +EXPOSE 8080 + +# Run the startup script +ENTRYPOINT ["/start.sh"] diff --git a/new-backend/README.tunnel.md b/new-backend/README.tunnel.md new file mode 100644 index 0000000..2a12762 --- /dev/null +++ b/new-backend/README.tunnel.md @@ -0,0 +1,46 @@ +# Backend with Cloudflare Tunnel + +This setup runs the Monaco backend service and establishes a Cloudflare tunnel, exposing the service to the internet securely via api.ishikabhoyar.tech. + +## Prerequisites + +- Docker and Docker Compose installed +- The Cloudflare tunnel certificate (cert.pem) in the same directory as the Dockerfile.tunnel + +## Files + +- `Dockerfile.tunnel`: Dockerfile that builds the backend and sets up Cloudflare tunnel +- `cert.pem`: Cloudflare tunnel certificate +- `config.json`: Cloudflare tunnel configuration that routes traffic to api.ishikabhoyar.tech +- `docker-compose.tunnel.yml`: Docker Compose configuration for easy deployment + +## How to Run + +```bash +# Build and start the container +docker-compose -f docker-compose.tunnel.yml up -d + +# Check logs +docker-compose -f docker-compose.tunnel.yml logs -f +``` + +## How it Works + +1. The Dockerfile builds the Go backend application +2. It installs the Cloudflare tunnel client (cloudflared) +3. On container start: + - The backend server starts on port 8080 + - The Cloudflare tunnel connects to Cloudflare's edge network using the config.json + - External traffic to api.ishikabhoyar.tech is routed through the tunnel to the backend + - The cloudflared runs entirely within the container, isolated from any host cloudflared instance + +## Environment Variables + +You can customize the behavior by modifying the environment variables in the docker-compose.tunnel.yml file: + +- `PORT`: The port the backend server listens on (default: 8080) +- `CONCURRENT_EXECUTIONS`: Number of concurrent code executions (default: 5) +- `QUEUE_CAPACITY`: Maximum queue capacity for code executions (default: 100) +- `DEFAULT_TIMEOUT`: Default timeout for code execution in seconds (default: 30) +- `SANDBOX_NETWORK_DISABLED`: Whether to disable network in sandbox containers (default: true) +- `SANDBOX_PIDS_LIMIT`: Process ID limit for sandbox containers (default: 50) diff --git a/new-backend/config.json b/new-backend/config.json new file mode 100644 index 0000000..fbc1e34 --- /dev/null +++ b/new-backend/config.json @@ -0,0 +1,15 @@ +{ + "tunnel": "monaco-backend-tunnel", + "credentials-file": "/etc/cloudflared/cert.pem", + "ingress": [ + { + "hostname": "api.ishikabhoyar.tech", + "service": "http://localhost:8080" + }, + { + "service": "http_status:404" + } + ], + "protocol": "http2", + "loglevel": "info" +} diff --git a/new-backend/docker-compose.tunnel.yml b/new-backend/docker-compose.tunnel.yml new file mode 100644 index 0000000..2537db6 --- /dev/null +++ b/new-backend/docker-compose.tunnel.yml @@ -0,0 +1,27 @@ +version: '3.8' + +services: + backend: + build: + context: . + dockerfile: Dockerfile.tunnel + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + # Port is only exposed locally, traffic comes through the tunnel + ports: + - "127.0.0.1:8080:8080" + environment: + - PORT=8080 + - CONCURRENT_EXECUTIONS=5 + - QUEUE_CAPACITY=100 + - DEFAULT_TIMEOUT=30 + - SANDBOX_NETWORK_DISABLED=true + - SANDBOX_PIDS_LIMIT=50 + # Isolated network to prevent conflicts with host cloudflared + networks: + - monaco-backend-network + +networks: + monaco-backend-network: + driver: bridge