Add Docker setup for Monaco backend with Cloudflare tunnel support

2025-08-14 21:15:53 +05:30
parent 25900803c3
commit eb2873a3b9
4 changed files with 144 additions and 0 deletions
--- a/new-backend/Dockerfile.tunnel
+++ b/new-backend/Dockerfile.tunnel
@@ -0,0 +1,56 @@
+FROM golang:1.19-alpine AS builder
+
+# Install git and required dependencies
+RUN apk update && apk add --no-cache git
+
+# Set working directory
+WORKDIR /app
+
+# Copy go mod and sum files
+COPY go.mod go.sum* ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the application with optimizations
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags="-s -w" -o monaco-backend .
+
+# Use a smaller image for the final container
+FROM alpine:latest
+
+# Install Docker client and cloudflared
+RUN apk update && apk add --no-cache docker-cli curl && \
+    curl -L --output cloudflared.tgz https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.tgz && \
+    tar -xzf cloudflared.tgz && \
+    chmod +x cloudflared && \
+    mv cloudflared /usr/local/bin/ && \
+    rm cloudflared.tgz
+
+# Create directories for cloudflared
+RUN mkdir -p /etc/cloudflared
+
+# Copy the certificate file and config
+COPY cert.pem /etc/cloudflared/cert.pem
+COPY config.json /etc/cloudflared/config.json
+
+# Copy the binary from builder
+COPY --from=builder /app/monaco-backend /monaco-backend
+
+# Add startup script
+RUN echo '#!/bin/sh\n\
+# Start the backend\n\
+/monaco-backend & \n\
+# Wait for backend to start\n\
+sleep 5\n\
+# Start cloudflared tunnel using config file\n\
+cloudflared tunnel --no-autoupdate run --config /etc/cloudflared/config.json\n\
+' > /start.sh && chmod +x /start.sh
+
+# Expose port for local access
+EXPOSE 8080
+
+# Run the startup script
+ENTRYPOINT ["/start.sh"]
--- a/new-backend/README.tunnel.md
+++ b/new-backend/README.tunnel.md
@@ -0,0 +1,46 @@
+# Backend with Cloudflare Tunnel
+
+This setup runs the Monaco backend service and establishes a Cloudflare tunnel, exposing the service to the internet securely via api.ishikabhoyar.tech.
+
+## Prerequisites
+
+- Docker and Docker Compose installed
+- The Cloudflare tunnel certificate (cert.pem) in the same directory as the Dockerfile.tunnel
+
+## Files
+
+- `Dockerfile.tunnel`: Dockerfile that builds the backend and sets up Cloudflare tunnel
+- `cert.pem`: Cloudflare tunnel certificate
+- `config.json`: Cloudflare tunnel configuration that routes traffic to api.ishikabhoyar.tech
+- `docker-compose.tunnel.yml`: Docker Compose configuration for easy deployment
+
+## How to Run
+
+```bash
+# Build and start the container
+docker-compose -f docker-compose.tunnel.yml up -d
+
+# Check logs
+docker-compose -f docker-compose.tunnel.yml logs -f
+```
+
+## How it Works
+
+1. The Dockerfile builds the Go backend application
+2. It installs the Cloudflare tunnel client (cloudflared)
+3. On container start:
+   - The backend server starts on port 8080
+   - The Cloudflare tunnel connects to Cloudflare's edge network using the config.json
+   - External traffic to api.ishikabhoyar.tech is routed through the tunnel to the backend
+   - The cloudflared runs entirely within the container, isolated from any host cloudflared instance
+
+## Environment Variables
+
+You can customize the behavior by modifying the environment variables in the docker-compose.tunnel.yml file:
+
+- `PORT`: The port the backend server listens on (default: 8080)
+- `CONCURRENT_EXECUTIONS`: Number of concurrent code executions (default: 5)
+- `QUEUE_CAPACITY`: Maximum queue capacity for code executions (default: 100)
+- `DEFAULT_TIMEOUT`: Default timeout for code execution in seconds (default: 30)
+- `SANDBOX_NETWORK_DISABLED`: Whether to disable network in sandbox containers (default: true)
+- `SANDBOX_PIDS_LIMIT`: Process ID limit for sandbox containers (default: 50)
--- a/new-backend/config.json
+++ b/new-backend/config.json
@@ -0,0 +1,15 @@
+{
+  "tunnel": "monaco-backend-tunnel",
+  "credentials-file": "/etc/cloudflared/cert.pem",
+  "ingress": [
+    {
+      "hostname": "api.ishikabhoyar.tech",
+      "service": "http://localhost:8080"
+    },
+    {
+      "service": "http_status:404"
+    }
+  ],
+  "protocol": "http2",
+  "loglevel": "info"
+}
--- a/new-backend/docker-compose.tunnel.yml
+++ b/new-backend/docker-compose.tunnel.yml
@@ -0,0 +1,27 @@
+version: '3.8'
+
+services:
+  backend:
+    build:
+      context: .
+      dockerfile: Dockerfile.tunnel
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    # Port is only exposed locally, traffic comes through the tunnel
+    ports:
+      - "127.0.0.1:8080:8080"
+    environment:
+      - PORT=8080
+      - CONCURRENT_EXECUTIONS=5
+      - QUEUE_CAPACITY=100
+      - DEFAULT_TIMEOUT=30
+      - SANDBOX_NETWORK_DISABLED=true
+      - SANDBOX_PIDS_LIMIT=50
+    # Isolated network to prevent conflicts with host cloudflared
+    networks:
+      - monaco-backend-network
+
+networks:
+  monaco-backend-network:
+    driver: bridge