Daniel Volz
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
# =============================================================================
|
|
# DEVELOPMENT DOCKER COMPOSE - Security Hardened
|
|
# =============================================================================
|
|
# Note: Dev containers need write access to volumes for hot-reload.
|
|
# Production containers run as non-root with read-only filesystem.
|
|
# =============================================================================
|
|
|
|
services:
|
|
backend-dev:
|
|
image: node:22-slim
|
|
working_dir: /app
|
|
command: sh -c "npm install && npm run dev"
|
|
volumes:
|
|
- ./backend:/app
|
|
- backend_node_modules:/app/node_modules
|
|
- ./backend/data:/app/data
|
|
env_file:
|
|
- .env
|
|
ports:
|
|
- "3000:3000"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\""]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
frontend-dev:
|
|
image: node:22-slim
|
|
working_dir: /app
|
|
command: sh -c "npm install && npm run dev -- --host --port 5173"
|
|
volumes:
|
|
- ./frontend:/app
|
|
- frontend_node_modules:/app/node_modules
|
|
ports:
|
|
- "5173:5173"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
depends_on:
|
|
- backend-dev
|
|
|
|
volumes:
|
|
backend_node_modules:
|
|
frontend_node_modules:
|