copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c7d6786039c731e540106d6b182756e68f237db5
web-hosts/domains/coppertone.tech/audit-reports/infrastructure-audit/compose-20251123-092514.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

350 lines
10 KiB
Plaintext
Raw Blame History

# Docker/Podman Compose Audit - 20251123-092514
== Compose File Content ==
version: '3.8'
# =============================================================================
# Port Conventions:
# - Development: 5173 (Vite dev server, run with `pnpm run dev` in frontend/)
# - Testing: 8091 (containerized, for QA/staging)
# - Production: 8090 (containerized, for live site)
#
# Database Schema Separation:
# - Development: DB_SCHEMA=dev (default)
# - Testing: DB_SCHEMA=testing
# - Production: DB_SCHEMA=prod
#
# Run with specific environment:
# Development: podman-compose up (default)
# Testing: DB_SCHEMA=testing podman-compose --profile testing up
# Production: DB_SCHEMA=prod podman-compose up
# =============================================================================
services:
# Production frontend (port 8090)
frontend:
build:
context: ./frontend
dockerfile: Containerfile
ports:
- "8090:80"
restart: unless-stopped
# Testing frontend (port 8091) - use with: podman-compose --profile testing up
frontend-testing:
build:
context: ./frontend
dockerfile: Containerfile
ports:
- "8091:80"
restart: unless-stopped
profiles:
- testing
backend-example-function:
build:
context: ./backend/functions/example-function
dockerfile: Containerfile
ports:
- "8081:8080" # Map host port 8081 to container port 8080
restart: unless-stopped
depends_on:
- db # This function might depend on the database in a real scenario
auth-service:
build:
context: ./backend/functions/auth-service
dockerfile: Containerfile
ports:
- "8082:8080" # Map host port 8082 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-CLIENT}
DB_HOST: db
DB_USER: ${DB_USER:-user}
DB_PASSWORD: ${DB_PASSWORD:-password}
DB_NAME: ${DB_NAME:-coppertone_db}
DB_SCHEMA: ${DB_SCHEMA:-dev}
DB_SSL_MODE: ${DB_SSL_MODE:-disable}
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
depends_on:
- db
work-management-service:
build:
context: ./backend/functions/work-management-service
dockerfile: Containerfile
ports:
- "8083:8080" # Map host port 8083 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
DB_USER: ${DB_USER:-user}
DB_PASSWORD: ${DB_PASSWORD:-password}
DB_NAME: ${DB_NAME:-coppertone_db}
DB_SCHEMA: ${DB_SCHEMA:-dev}
DB_SSL_MODE: ${DB_SSL_MODE:-disable}
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
# IPFS_HOST: ipfs_node # Future: Host for IPFS node if separate
depends_on:
- db
# - ipfs_node # Future: Depend on IPFS node
payment-service:
build:
context: ./backend/functions/payment-service
dockerfile: Containerfile
ports:
- "8084:8080" # Map host port 8084 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
DB_USER: ${DB_USER:-user}
DB_PASSWORD: ${DB_PASSWORD:-password}
DB_NAME: ${DB_NAME:-coppertone_db}
DB_SCHEMA: ${DB_SCHEMA:-dev}
DB_SSL_MODE: ${DB_SSL_MODE:-disable}
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY:-sk_test_placeholder}
STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET:-whsec_placeholder}
depends_on:
- db
blog-service:
build:
context: ./backend/functions/blog-service
dockerfile: Containerfile
ports:
- "8085:8080" # Map host port 8085 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
DB_USER: ${DB_USER:-user}
DB_PASSWORD: ${DB_PASSWORD:-password}
DB_NAME: ${DB_NAME:-coppertone_db}
DB_SCHEMA: ${DB_SCHEMA:-dev}
DB_SSL_MODE: ${DB_SSL_MODE:-disable}
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
depends_on:
- db
ipfs-service:
build:
context: ./backend/functions/ipfs-service
dockerfile: Containerfile
ports:
- "8086:8080" # HTTP API
- "4001:4001" # libp2p TCP
- "4002:4002" # libp2p WebSocket (for browser clients)
restart: unless-stopped
environment:
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:8090}
volumes:
- ipfs_data:/app/data
forum-service:
build:
context: ./backend/functions/forum-service
dockerfile: Containerfile
ports:
- "8087:8080" # Map host port 8087 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
DB_USER: ${DB_USER:-user}
DB_PASSWORD: ${DB_PASSWORD:-password}
DB_NAME: ${DB_NAME:-coppertone_db}
DB_SCHEMA: ${DB_SCHEMA:-dev}
DB_SSL_MODE: ${DB_SSL_MODE:-disable}
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:8090}
depends_on:
- db
# Contact Service - handles contact form submissions (port 8088)
contact-service:
build:
context: ./backend/functions/contact-service
dockerfile: Containerfile
ports:
- "8088:8080"
restart: unless-stopped
environment:
DB_HOST: db
DB_USER: ${DB_USER:-user}
DB_PASSWORD: ${DB_PASSWORD:-password}
DB_NAME: ${DB_NAME:-coppertone_db}
DB_SCHEMA: ${DB_SCHEMA:-dev}
DB_SSL_MODE: ${DB_SSL_MODE:-disable}
CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
depends_on:
- db
db:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_DB: coppertone_db
POSTGRES_USER: user
POSTGRES_PASSWORD: password
volumes:
- db_data:/var/lib/postgresql/data
# Expose port only if needed for direct connection outside the compose network
# ports:
# - "5432:5432"
volumes:
db_data:
ipfs_data:
== Services Defined ==
frontend:
build:
context: ./frontend
dockerfile: Containerfile
ports:
restart: unless-stopped
frontend-testing:
build:
context: ./frontend
dockerfile: Containerfile
ports:
restart: unless-stopped
profiles:
backend-example-function:
build:
context: ./backend/functions/example-function
dockerfile: Containerfile
ports:
restart: unless-stopped
depends_on:
== Volume Mounts ==
volumes:
- ipfs_data:/app/data
forum-service:
build:
context: ./backend/functions/forum-service
--
volumes:
- db_data:/var/lib/postgresql/data
# Expose port only if needed for direct connection outside the compose network
# ports:
# - "5432:5432"
volumes:
db_data:
ipfs_data:
== Environment Variables Exposed ==
# Run with specific environment:
environment:
environment:
environment:
environment:
environment:
environment:
environment:
environment:
== Port Mappings ==
ports:
- "8090:80"
restart: unless-stopped
# Testing frontend (port 8091) - use with: podman-compose --profile testing up
frontend-testing:
--
ports:
- "8091:80"
restart: unless-stopped
profiles:
- testing
--
ports:
- "8081:8080" # Map host port 8081 to container port 8080
restart: unless-stopped
depends_on:
- db # This function might depend on the database in a real scenario
--
ports:
- "8082:8080" # Map host port 8082 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-CLIENT}
--
ports:
- "8083:8080" # Map host port 8083 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
--
ports:
- "8084:8080" # Map host port 8084 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
--
ports:
- "8085:8080" # Map host port 8085 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
--
ports:
- "8086:8080" # HTTP API
- "4001:4001" # libp2p TCP
- "4002:4002" # libp2p WebSocket (for browser clients)
restart: unless-stopped
environment:
--
ports:
- "8087:8080" # Map host port 8087 to container port 8080
restart: unless-stopped
environment:
JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
DB_HOST: db
--
ports:
- "8088:8080"
restart: unless-stopped
environment:
DB_HOST: db
DB_USER: ${DB_USER:-user}
--
# ports:
# - "5432:5432"
volumes:
db_data:
ipfs_data:
== Network Configuration ==
Using default network
== Restart Policies ==
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
restart: unless-stopped
== Resource Limits ==
NO RESOURCE LIMITS - consider adding
Reference in New Issue View Git Blame Copy Permalink