feat(setup): add docker compose config for deployment #14
Conversation
…tion services with .dockerignore files
… API Docker configuration
There was a problem hiding this comment.
Pull Request Overview
This PR adds comprehensive Docker containerization setup for an OpenLearn platform deployment. It provides both development and production Docker configurations for a multi-service architecture including web frontend, API backend, recommendation service, and database.
- Creates production and development Docker Compose configurations
- Adds Dockerfiles for web (Node.js/React), API (Node.js), and recommendation service (Python/FastAPI)
- Includes a comprehensive Makefile for development workflow management
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| docker-compose.yml | Production Docker Compose config with service definitions and networking |
| docker-compose.dev.yml | Development Docker Compose config with hot-reload and dev settings |
| apps/web/Dockerfile | Multi-stage Dockerfile for React frontend with nginx production serving |
| apps/web/nginx.conf | Nginx configuration for production web service with security headers |
| apps/api/Dockerfile | Multi-stage Dockerfile for Node.js API with Prisma support |
| apps/api/start.sh | Startup script for API service with database wait and migrations |
| apps/recommendation-api/Dockerfile | Multi-stage Python Dockerfile for FastAPI recommendation service |
| Makefile | Comprehensive development workflow commands for Docker operations |
| Various .dockerignore files | Docker build context optimization for each service |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| #!/bin/sh | ||
|
|
||
| echo "Waiting for database to be ready..." | ||
| while ! nc -z postgres 5432; do |
There was a problem hiding this comment.
The hardcoded hostname 'postgres' makes the script less flexible. Consider using an environment variable like ${POSTGRES_HOST:-postgres} to allow configuration for different deployment scenarios.
| while ! nc -z postgres 5432; do | |
| while ! nc -z "${POSTGRES_HOST:-postgres}" 5432; do |
| ports: | ||
| - "5432" |
There was a problem hiding this comment.
The postgres port is exposed without host binding, which exposes it to the host network. Since this is for internal service communication only, consider removing the ports mapping entirely or bind to localhost with '127.0.0.1:5432:5432' if external access is needed.
| ports: | |
| - "5432" |
| ports: | ||
| - "6379" |
There was a problem hiding this comment.
The redis port is exposed without host binding, which exposes it to the host network. Since this is for internal service communication only, consider removing the ports mapping entirely or bind to localhost with '127.0.0.1:6379:6379' if external access is needed.
| ports: | |
| - "6379" |
| add_header X-XSS-Protection "1; mode=block" always; | ||
| add_header X-Content-Type-Options "nosniff" always; | ||
| add_header Referrer-Policy "no-referrer-when-downgrade" always; | ||
| add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; |
There was a problem hiding this comment.
The Content-Security-Policy is too permissive with 'unsafe-inline' and allowing all http/https sources. Consider tightening this policy by specifying exact domains and removing 'unsafe-inline' if possible to improve security.
| add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; | |
| add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; object-src 'none'; base-uri 'self';" always; |
No description provided.