Daniel Volz
46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
# =============================================================================
|
|
# PRODUCTION DOCKER COMPOSE - Security Hardened
|
|
# =============================================================================
|
|
|
|
services:
|
|
backend:
|
|
image: git.danielvolz.org/daniel/medassist/backend:0.0.1
|
|
env_file:
|
|
- .env
|
|
volumes:
|
|
- ./data:/app/data
|
|
ports:
|
|
- "4000:3000"
|
|
# Security options
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp:noexec,nosuid,size=64m
|
|
cap_drop:
|
|
- ALL
|
|
healthcheck:
|
|
test: ["CMD", "/nodejs/bin/node", "-e", "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
frontend:
|
|
image: git.danielvolz.org/daniel/medassist/frontend:0.0.1
|
|
ports:
|
|
- "4174:8080"
|
|
depends_on:
|
|
backend:
|
|
condition: service_healthy
|
|
# Security options
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp:noexec,nosuid,size=64m
|
|
- /var/cache/nginx:noexec,nosuid,size=64m
|
|
- /var/run:noexec,nosuid,size=64m
|
|
cap_drop:
|
|
- ALL
|