Daniel Volz
58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
services:
|
|
backend:
|
|
image: ghcr.io/danielvolz/medassist-ng-backend:latest
|
|
container_name: medassist-ng-backend
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
- PUID=${PUID:-1000}
|
|
- PGID=${PGID:-1000}
|
|
volumes:
|
|
- ./data:/app/data
|
|
ports:
|
|
- "4000:3000"
|
|
networks:
|
|
- medassist-ng-net
|
|
# Security options
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
tmpfs:
|
|
- /tmp:noexec,nosuid,size=64m
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETUID
|
|
- SETGID
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "fetch('http://localhost:3000/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
|
|
frontend:
|
|
image: ghcr.io/danielvolz/medassist-ng-frontend:latest
|
|
container_name: medassist-ng-frontend
|
|
ports:
|
|
- "4174:8080"
|
|
networks:
|
|
- medassist-ng-net
|
|
depends_on:
|
|
backend:
|
|
condition: service_healthy
|
|
# Security options
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp:noexec,nosuid,size=64m
|
|
- /var/cache/nginx:noexec,nosuid,size=64m
|
|
- /var/run:noexec,nosuid,size=64m
|
|
cap_drop:
|
|
- ALL
|
|
|
|
networks:
|
|
medassist-ng-net:
|
|
driver: bridge
|