feat: enhance Docker and Nginx configurations for security hardening and improved directory management

2025-12-22 11:51:56 +01:00
parent aca955972a
commit e76bf53986
8 changed files with 153 additions and 39 deletions
@@ -1,6 +1,13 @@
+# =============================================================================
+# DEVELOPMENT DOCKER COMPOSE - Security Hardened
+# =============================================================================
+# Note: Dev containers need write access to volumes for hot-reload.
+# Production containers run as non-root with read-only filesystem.
+# =============================================================================
+
 services:
  backend-dev:
-    image: node:25-slim
+    image: node:22-slim
    working_dir: /app
    command: sh -c "npm install && npm run dev"
    volumes:
@@ -11,6 +18,8 @@ services:
      - .env
    ports:
      - "3000:3000"
+    security_opt:
+      - no-new-privileges:true
    healthcheck:
      test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
      interval: 30s
@@ -19,7 +28,7 @@ services:
      start_period: 40s

  frontend-dev:
-    image: node:25-slim
+    image: node:22-slim
    working_dir: /app
    command: sh -c "npm install && npm run dev -- --host --port 5173"
    volumes:
@@ -27,6 +36,8 @@ services:
      - frontend_node_modules:/app/node_modules
    ports:
      - "5173:5173"
+    security_opt:
+      - no-new-privileges:true
    depends_on:
      - backend-dev