Merge pull request #94 from AptFox/docker-image-optimizations

Docker image and log polish

Author: AptFox

Dockerfile

@@ -18,13 +18,20 @@ COPY src ./src
 RUN ./gradlew bootJar --no-daemon
 
 # Stage 2: Create the production image
-FROM eclipse-temurin:21-jdk
+FROM eclipse-temurin:21-jre-jammy
+
+# Create non-root user
+RUN groupadd -r spring && useradd -r -g spring spring
 
 # Set the working directory inside the container
 WORKDIR /app
 
 # Copy the built JAR file from the builder stage
 COPY --from=builder /app/build/libs/harmony-backend-*.jar app.jar
+RUN chown spring:spring app.jar
+
+# Switch to non-root user
+USER spring
 
 # Define the entrypoint for running the application
-ENTRYPOINT ["java", "-Xmx1g", "-Xss512k", "-Xms512m", "-XX:MaxJavaStackTraceDepth=20", "-XX:+UseContainerSupport", "-jar", "app.jar"]
+ENTRYPOINT ["java", "-XX:InitialRAMPercentage=25", "-XX:MaxRAMPercentage=60", "-Xss512k", "-XX:MaxJavaStackTraceDepth=20", "-XX:+UseContainerSupport", "-jar", "app.jar"]

src/main/kotlin/iterative/harmony/backend/config/JvmMemoryLogger.kt

@@ -0,0 +1,30 @@
+package iterative.harmony.backend.config
+
+import iterative.harmony.backend.util.getLogger
+import java.lang.management.ManagementFactory
+import java.lang.management.MemoryMXBean
+import java.util.concurrent.TimeUnit
+import org.springframework.scheduling.annotation.Scheduled
+import org.springframework.stereotype.Component
+
+@Component
+class JvmMemoryLogger(private val memoryBean: MemoryMXBean = ManagementFactory.getMemoryMXBean()) {
+    private val log = getLogger()
+
+    @Scheduled(fixedRate = 5, timeUnit = TimeUnit.MINUTES)
+    fun logMemoryUsage() {
+        val heap = memoryBean.heapMemoryUsage
+        val nonHeap = memoryBean.nonHeapMemoryUsage
+
+        log.info(
+            "JVM memory | heap: used={}MB committed={}MB max={}MB | non-heap: used={}MB committed={}MB",
+            toMb(heap.used),
+            toMb(heap.committed),
+            toMb(heap.max),
+            toMb(nonHeap.used),
+            toMb(nonHeap.committed),
+        )
+    }
+
+    private fun toMb(bytes: Long): Long = bytes / 1024 / 1024
+}

src/main/kotlin/iterative/harmony/backend/config/LoggingFilter.kt

@@ -1,27 +1,63 @@
 package iterative.harmony.backend.config
 
 import iterative.harmony.backend.util.Utils
+import iterative.harmony.backend.util.getLogger
 import iterative.harmony.backend.util.setUserIdInLogs
 import jakarta.servlet.FilterChain
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
+import java.util.UUID
 import org.slf4j.MDC
 import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
 
 @Component
 class LoggingFilter : OncePerRequestFilter() {
+
+    private val log = getLogger()
+
+    private val ignoredExactPaths =
+        setOf("/robots.txt", "/favicon.ico", "/.env", "/.git", "/.git/config")
+
+    private val ignoredPathPrefixes =
+        listOf("/.git/", "/.well-known/", "/wp-", "/phpmyadmin", "/phpinfo.php")
+
+    override fun shouldNotFilter(request: HttpServletRequest): Boolean {
+        val path = request.requestURI
+
+        if (path in ignoredExactPaths && request.method == "GET") return true
+
+        return request.method == "GET" && ignoredPathPrefixes.any { path.startsWith(it) }
+    }
+
     override fun doFilterInternal(
         request: HttpServletRequest,
         response: HttpServletResponse,
         filterChain: FilterChain,
     ) {
+        val start = System.nanoTime()
+        val requestId = UUID.randomUUID().toString().take(8)
+        MDC.put("requestId", requestId)
         try {
             val userId = Utils().getUserIdFromSecurityContext()
             setUserIdInLogs(userId)
 
             filterChain.doFilter(request, response)
         } finally {
+            val requestUri = request.requestURI
+            val query = request.queryString?.let { "?$it" } ?: ""
+            val requestPath = "$requestUri$query"
+            val durationMs = (System.nanoTime() - start) / 1_000_000
+            val clientIp =
+                request.getHeader("X-Forwarded-For")?.split(",")?.first() ?: request.remoteAddr
+            log.info(
+                "{} {} {} {}ms ip={}",
+                request.method,
+                requestPath,
+                response.status,
+                durationMs,
+                clientIp,
+            )
             MDC.clear() // Clear logging context
         }
     }

src/main/kotlin/iterative/harmony/backend/util/Constants.kt

@@ -25,7 +25,7 @@ object SecurityConstants {
     const val COOKIE_EXPIRATION_IN_SECONDS = 60 * 60 * 48 // 48 hours
     const val AUTH_PREFIX: String = "auth"
     const val NON_AUTH_PREFIX: String = "nonAuth"
-    const val ANON_USER_ID: String = "ANON_USER"
+    const val ANON_USER_ID: String = "ANON"
     const val ANON_USER_AGENT: String = "ANON_BROWSER"
     const val ANON_REQUEST_IP: String = "0.0.0.0"
 }

src/main/resources/application.properties

@@ -57,7 +57,7 @@ sentry.max-request-body-size=none
 
 # Logging
 # Log pattern: timestamp, log level, classname - message
-logging.pattern.console=%d{HH:mm:ss:SSS} %-5level %logger{1}: user=%X{userId} - %msg%n%rEx{10}
+logging.pattern.console=%d{HH:mm:ss:SSS} %-5level %logger{1}: requestId=%X{requestId} user=%X{userId} - %msg%n%rEx{10}
 spring.output.ansi.enabled=ALWAYS
 logging.level.web=WARN
 logging.level.org.springframework=WARN