fix: critical security and Docker deployment fixes
- Dockerfile: add composer/npm build, proper entrypoint, fix EXPOSE port - docker-compose: fix postgres volume path, add healthchecks, use named volume - Add entrypoint.sh for auto migrations and dependency install at startup - Update .gitignore to exclude Firebase credentials, DB files, logs - Update .env.example with all required variables for Docker deployment Application-level fixes (applied to src/ which is gitignored): - RainfallController: parameterized SQL queries (was SQL injection) - WaterLevelController: parameterized queries + fix broken WHERE clause - DatabaseSeeder: env-based admin password instead of hardcoded 'password123' - Migration 2025_12_11: removed duplicate admin user creation - AlertController: FCM topic routing by stationtype+level (was hardcoded) - sidesdecode.py: env vars for credentials, fix water level stationtype bug (1→2)
This commit is contained in:
root
@@ -1,28 +1,30 @@
|
||||
version: "3.9"
|
||||
|
||||
networks:
|
||||
aselole:
|
||||
name: aselole
|
||||
tckdev_net:
|
||||
name: tckdev_net
|
||||
|
||||
services:
|
||||
app:
|
||||
container_name: aselole-app
|
||||
container_name: tckdev-app
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
volumes:
|
||||
- ./src:/var/www/html
|
||||
depends_on:
|
||||
- postgres
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- aselole
|
||||
- tckdev_net
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- RUN_MIGRATIONS=true
|
||||
|
||||
postgres:
|
||||
container_name: aselole-db
|
||||
image: postgres:15
|
||||
container_name: tckdev-db
|
||||
image: postgres:16
|
||||
restart: always
|
||||
volumes:
|
||||
- ./docker/postgres/data:/var/lib/postgres/data
|
||||
- pgdata:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=${POSTGRES_DB}
|
||||
- POSTGRES_USER=${POSTGRES_USER}
|
||||
@@ -30,42 +32,55 @@ services:
|
||||
ports:
|
||||
- "5432:5432"
|
||||
networks:
|
||||
- aselole
|
||||
- tckdev_net
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-tck} -d ${POSTGRES_DB:-sides_db}"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
web:
|
||||
container_name: aselole-web
|
||||
container_name: tckdev-web
|
||||
image: nginx:stable-alpine
|
||||
restart: always
|
||||
ports:
|
||||
- "85:80"
|
||||
- "80:80"
|
||||
volumes:
|
||||
- ./src:/var/www/html
|
||||
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
|
||||
depends_on:
|
||||
- app
|
||||
networks:
|
||||
- aselole
|
||||
- tckdev_net
|
||||
|
||||
# Database management with pgAdmin
|
||||
pgadmin:
|
||||
image: dpage/pgadmin4
|
||||
container_name: aselole-pgAdmin
|
||||
container_name: tckdev-pgAdmin
|
||||
environment:
|
||||
- PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL}
|
||||
- PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD}
|
||||
volumes:
|
||||
- ./backup:/var/lib/pgadmin/storage/tck68000_gmail.com/backup:z
|
||||
ports:
|
||||
- "5050:80"
|
||||
depends_on:
|
||||
- postgres
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- aselole
|
||||
- tckdev_net
|
||||
restart: unless-stopped
|
||||
|
||||
# Database management with Adminer
|
||||
adminer:
|
||||
container_name: aselole-adminer
|
||||
container_name: tckdev-adminer
|
||||
image: adminer
|
||||
restart: always
|
||||
ports:
|
||||
- "8080:8080"
|
||||
- "6060:8080"
|
||||
depends_on:
|
||||
- postgres
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- aselole
|
||||
- tckdev_net
|
||||
|
||||
volumes:
|
||||
pgdata:
|
||||
|
||||
Reference in New Issue
Block a user