mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 21:31:46 +00:00
fgbona
10ebf46a98
Run the container as a non-root user in production to fail fast on insecure deployments. Add DEBUG env-based request/response logging for container diagnostics, and introduce a one-shot init-permissions service in docker-compose so fresh installs automatically fix data/uploads ownership for SQLite write access.
38 lines
1019 B
YAML
38 lines
1019 B
YAML
services:
|
|
init-permissions:
|
|
image: alpine:3.20
|
|
container_name: trek-init-permissions
|
|
user: "0:0"
|
|
command: >
|
|
sh -c "mkdir -p /app/data /app/uploads &&
|
|
chown -R 1000:1000 /app/data /app/uploads &&
|
|
chmod -R u+rwX /app/data /app/uploads"
|
|
volumes:
|
|
- ./data:/app/data
|
|
- ./uploads:/app/uploads
|
|
restart: "no"
|
|
|
|
app:
|
|
image: mauriceboe/trek:latest
|
|
container_name: trek
|
|
depends_on:
|
|
init-permissions:
|
|
condition: service_completed_successfully
|
|
ports:
|
|
- "3000:3000"
|
|
environment:
|
|
- NODE_ENV=production
|
|
- JWT_SECRET=${JWT_SECRET:-}
|
|
# - ALLOWED_ORIGINS=https://yourdomain.com # Optional: restrict CORS to specific origins
|
|
- PORT=3000
|
|
volumes:
|
|
- ./data:/app/data
|
|
- ./uploads:/app/uploads
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 15s
|