goodgo-platform

admin/goodgo-platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ho Ngoc Hai	767afb56d5	fix(docker): harden production deployment config for all services - Add resource limits (memory/CPU) and reservations for all services - Add security hardening: read_only, no-new-privileges, tmpfs for temp dirs - Add missing prod services: loki, promtail, pg-backup from dev compose - Fix API healthcheck to include catch() for proper exit codes - Add json-file logging driver with rotation limits across all services - Remove exposed PostgreSQL port in prod (internal only) - Add shm_size for PostgreSQL shared memory - Add non-root user (appuser) to AI services Dockerfile - Add --chown=node:node to COPY directives in API/Web Dockerfiles - Harden .dockerignore: exclude IDE files, OS files, docker-compose files - Fix Redis URL to include password authentication - Add JWT_REFRESH_SECRET to API environment - Add Grafana dependency on Loki for log datasource Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-08 13:44:44 +07:00
Ho Ngoc Hai	e60b95cdec	fix(infra): harden AI service — graceful shutdown, rate limiting, API key auth, pinned deps, Grafana secrets - Add dumb-init + --timeout-graceful-shutdown 30 to AI service Dockerfile - Add slowapi rate limiting (configurable via AI_RATE_LIMIT) and X-API-Key auth middleware - Pin all Python dependencies to exact versions for reproducible builds - Move Grafana admin credentials from env vars to Docker secrets in production compose Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-08 06:13:29 +07:00
Ho Ngoc Hai	7c9f682046	feat(deploy): add production Dockerfiles and CI/CD pipeline - Multi-stage Dockerfile for apps/api (NestJS) and apps/web (Next.js standalone) - Production docker-compose.prod.yml with all services, health checks, and security - Real deploy.yml pipeline: build → push to GHCR → deploy staging/production - .dockerignore for optimized build context - Enable Next.js standalone output mode Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-08 04:03:27 +07:00

Author

SHA1

Message

Date

Ho Ngoc Hai

767afb56d5

fix(docker): harden production deployment config for all services

- Add resource limits (memory/CPU) and reservations for all services
- Add security hardening: read_only, no-new-privileges, tmpfs for temp dirs
- Add missing prod services: loki, promtail, pg-backup from dev compose
- Fix API healthcheck to include catch() for proper exit codes
- Add json-file logging driver with rotation limits across all services
- Remove exposed PostgreSQL port in prod (internal only)
- Add shm_size for PostgreSQL shared memory
- Add non-root user (appuser) to AI services Dockerfile
- Add --chown=node:node to COPY directives in API/Web Dockerfiles
- Harden .dockerignore: exclude IDE files, OS files, docker-compose files
- Fix Redis URL to include password authentication
- Add JWT_REFRESH_SECRET to API environment
- Add Grafana dependency on Loki for log datasource

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-08 13:44:44 +07:00

Ho Ngoc Hai

e60b95cdec

fix(infra): harden AI service — graceful shutdown, rate limiting, API key auth, pinned deps, Grafana secrets

- Add dumb-init + --timeout-graceful-shutdown 30 to AI service Dockerfile
- Add slowapi rate limiting (configurable via AI_RATE_LIMIT) and X-API-Key auth middleware
- Pin all Python dependencies to exact versions for reproducible builds
- Move Grafana admin credentials from env vars to Docker secrets in production compose

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-08 06:13:29 +07:00

Ho Ngoc Hai

7c9f682046

feat(deploy): add production Dockerfiles and CI/CD pipeline

- Multi-stage Dockerfile for apps/api (NestJS) and apps/web (Next.js standalone)
- Production docker-compose.prod.yml with all services, health checks, and security
- Real deploy.yml pipeline: build → push to GHCR → deploy staging/production
- .dockerignore for optimized build context
- Enable Next.js standalone output mode

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-08 04:03:27 +07:00

3 Commits