MCP/mcpmc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mcpmc/docker-compose.yml
Ryan Malloy 8e3cee4f18 Security hardening: Fix CORS configuration and add security documentation 
- Replace wildcard CORS origins with restricted domain list
- Add comprehensive security patterns to .gitignore
- Create SECURITY.md with deployment security guidelines
- Restrict CORS methods and headers to minimum required
- Add security documentation for production deployment
2025-09-17 17:36:05 -06:00

123 lines
3.2 KiB
YAML
Raw Permalink Blame History

services:
# Backend API Service
backend:
build:
context: ./src/backend
target: ${MODE:-development}
environment:
- DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
- PROCRASTINATE_DATABASE_URL=postgresql://${PROCRASTINATE_USER}:${PROCRASTINATE_PASSWORD}@procrastinate-db:5432/${PROCRASTINATE_DB}
- BACKEND_HOST=${BACKEND_HOST}
- BACKEND_PORT=${BACKEND_PORT}
- BACKEND_LOG_LEVEL=${BACKEND_LOG_LEVEL}
- MODE=${MODE}
volumes:
- ./src/backend:/app:${MODE:+rw}
networks:
- internal
- caddy
depends_on:
- db
- procrastinate-db
restart: unless-stopped
labels:
caddy: api.${DOMAIN}
caddy.reverse_proxy: "{{upstreams 8000}}"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
# Frontend Service
frontend:
build:
context: ./src/frontend
target: ${MODE:-development}
environment:
- PUBLIC_DOMAIN=${DOMAIN}
- PUBLIC_API_URL=https://api.${DOMAIN}
- MODE=${MODE}
volumes:
- ./src/frontend:/app:${MODE:+rw}
networks:
- caddy
depends_on:
- backend
restart: unless-stopped
labels:
caddy: ${DOMAIN}
caddy.reverse_proxy: "{{upstreams}}"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/"]
interval: 30s
timeout: 10s
retries: 3
# Main Database
db:
image: postgres:16-alpine
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
- ./src/backend/sql/init:/docker-entrypoint-initdb.d
networks:
- internal
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 5
# Procrastinate Task Queue Database
procrastinate-db:
image: postgres:16-alpine
environment:
- POSTGRES_DB=${PROCRASTINATE_DB}
- POSTGRES_USER=${PROCRASTINATE_USER}
- POSTGRES_PASSWORD=${PROCRASTINATE_PASSWORD}
volumes:
- procrastinate_data:/var/lib/postgresql/data
networks:
- internal
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${PROCRASTINATE_USER} -d ${PROCRASTINATE_DB}"]
interval: 10s
timeout: 5s
retries: 5
# Procrastinate Worker
procrastinate-worker:
build:
context: ./src/backend
target: worker-${MODE:-development}
environment:
- PROCRASTINATE_DATABASE_URL=postgresql://${PROCRASTINATE_USER}:${PROCRASTINATE_PASSWORD}@procrastinate-db:5432/${PROCRASTINATE_DB}
- MODE=${MODE}
volumes:
- ./src/backend:/app:${MODE:+ro}
networks:
- internal
depends_on:
- procrastinate-db
restart: unless-stopped
healthcheck:
test: ["CMD", "python", "-c", "import sys; sys.exit(0)"]
interval: 30s
timeout: 10s
retries: 3
volumes:
postgres_data:
procrastinate_data:
networks:
internal:
driver: bridge
caddy:
external: true
Reference in New Issue View Git Blame Copy Permalink