admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
767afb56d5fc9f8e5948bf9e1aec2e93e95795d8
goodgo-platform/libs/ai-services/Dockerfile
Ho Ngoc Hai 767afb56d5 fix(docker): harden production deployment config for all services 
- Add resource limits (memory/CPU) and reservations for all services
- Add security hardening: read_only, no-new-privileges, tmpfs for temp dirs
- Add missing prod services: loki, promtail, pg-backup from dev compose
- Fix API healthcheck to include catch() for proper exit codes
- Add json-file logging driver with rotation limits across all services
- Remove exposed PostgreSQL port in prod (internal only)
- Add shm_size for PostgreSQL shared memory
- Add non-root user (appuser) to AI services Dockerfile
- Add --chown=node:node to COPY directives in API/Web Dockerfiles
- Harden .dockerignore: exclude IDE files, OS files, docker-compose files
- Fix Redis URL to include password authentication
- Add JWT_REFRESH_SECRET to API environment
- Add Grafana dependency on Loki for log datasource

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-08 13:44:44 +07:00

38 lines
1.1 KiB
Docker
Raw Blame History

FROM python:3.12-slim
WORKDIR /app
# Install system deps for underthesea / numpy + dumb-init for signal handling
RUN apt-get update && \
apt-get install -y --no-install-recommends gcc g++ dumb-init && \
rm -rf /var/lib/apt/lists/*
COPY pyproject.toml .
RUN pip install --no-cache-dir . 2>/dev/null || pip install --no-cache-dir \
"fastapi==0.115.0" \
"uvicorn[standard]==0.32.0" \
"xgboost==2.1.0" \
"numpy==1.26.4" \
"underthesea==6.8.0" \
"pydantic==2.9.0" \
"pydantic-settings==2.5.0" \
"httpx==0.27.0" \
"slowapi==0.1.9"
COPY app/ ./app/
# Pre-download underthesea models at build time
RUN python -c "from underthesea import word_tokenize; word_tokenize('test')" 2>/dev/null || true
RUN useradd --create-home --shell /bin/bash appuser && chown -R appuser:appuser /app
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
CMD python -c "import httpx; httpx.get('http://localhost:8000/health').raise_for_status()"
USER appuser
ENTRYPOINT ["dumb-init", "--"]
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--timeout-graceful-shutdown", "30"]
Reference in New Issue View Git Blame Copy Permalink