Fix jwt-token

2025-09-23 15:13:06 +02:00
parent f40d0d9b89
commit 57e7353d4f
3 changed files with 278 additions and 4 deletions
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -0,0 +1,97 @@
+# Production Docker Compose Configuration
+# This file provides production-specific settings with maximum security
+
+version: '3.8'
+
+services:
+  # Backend - Production Security
+  backend:
+    # Remove external port exposure - only accessible via reverse proxy
+    ports: []
+    expose:
+      - "3001"  # Internal only
+    environment:
+      NODE_ENV: production
+      # Security settings
+      API_DEBUG: false
+      LOG_LEVEL: warn
+      # Session security
+      SESSION_SECURE: true
+      SESSION_SAME_SITE: strict
+      # Enhanced security headers
+      ENABLE_SECURITY_HEADERS: true
+
+  # PostgreSQL - Production Security
+  postgres:
+    # No external ports in production
+    ports: []
+    expose:
+      - "5432"  # Internal only
+    environment:
+      # Production database settings
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}  # Must be set via environment
+      POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
+    # Additional security
+    command: >
+      postgres
+      -c ssl=on
+      -c ssl_cert_file=/var/lib/postgresql/server.crt
+      -c ssl_key_file=/var/lib/postgresql/server.key
+      -c log_connections=on
+      -c log_disconnections=on
+      -c log_statement=all
+
+  # Redis - Production Security
+  redis:
+    # No external ports in production
+    ports: []
+    expose:
+      - "6379"  # Internal only
+    command: >
+      redis-server
+      --appendonly yes
+      --requirepass ${REDIS_PASSWORD}
+      --maxmemory 256mb
+      --maxmemory-policy allkeys-lru
+    environment:
+      REDIS_PASSWORD: ${REDIS_PASSWORD}  # Must be set via environment
+
+  # Data Retention - Production Security
+  data-retention:
+    # No external ports in production
+    ports: []
+    expose:
+      - "3001"  # Internal only
+    environment:
+      NODE_ENV: production
+      IMMEDIATE_CLEANUP: false
+
+  # Frontend - Production Optimization
+  frontend:
+    environment:
+      # Production optimizations
+      NGINX_WORKER_PROCESSES: auto
+      NGINX_WORKER_CONNECTIONS: 1024
+
+  # Management - Production Optimization  
+  management:
+    environment:
+      # Production optimizations
+      NGINX_WORKER_PROCESSES: auto
+      NGINX_WORKER_CONNECTIONS: 1024
+
+  # Health Probe - Production Settings
+  healthprobe:
+    environment:
+      PROBE_FAILRATE: 5  # Lower failure rate in production
+      PROBE_INTERVAL_SECONDS: 300  # Less frequent in production
+
+# Production-specific network settings
+networks:
+  drone-network:
+    driver: bridge
+    driver_opts:
+      # Enhanced network security
+      com.docker.network.bridge.enable_icc: "false"
+      com.docker.network.bridge.enable_ip_masquerade: "true"
+      com.docker.network.driver.mtu: 1500