michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8fe569a3dfa7e1d51c1e5483bce27cb0cf79551c
michaelschiemer/docker-compose.yml
Michael Schiemer 8fe569a3df CRITICAL SECURITY: Disable debug output in production 
- Add production environment configuration
- Force disable performance debug middleware in production
- Add ProductionSecurityMiddleware for route protection
- Update PerformanceServiceInitializer to check environment
- Add deployment script for production
- Update docker-compose with environment variables

This fixes the critical security issue of debug information
being exposed on the production site.
2025-09-12 17:10:42 +02:00

185 lines
4.5 KiB
YAML
Raw Blame History

services:
web:
container_name: web
build:
context: docker/nginx
dockerfile: Dockerfile
ports:
- "${APP_PORT:-8000}:80"
- "127.0.0.1:8080:80"
- "${APP_SSL_PORT:-443}:443/tcp"
- "443:443/udp"
environment:
- APP_ENV=${APP_ENV:-development}
healthcheck:
test: ["CMD", "curl", "-f", "https://localhost/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
volumes:
- ./:/var/www/html:cached
#- ./ssl:/etc/nginx/ssl:ro # SSL-Zertifikate mounten
- ./ssl:/var/www/ssl:ro
depends_on:
php:
condition: service_started
restart: unless-stopped
networks:
- frontend
- backend
env_file:
- .env
php:
container_name: php
build:
context: .
dockerfile: docker/php/Dockerfile
args:
- ENV=${APP_ENV:-dev}
- COMPOSER_INSTALL_FLAGS=${COMPOSER_INSTALL_FLAGS:---no-scripts --no-autoloader}
user: "1000:1000"
logging:
driver: "local"
options:
max-size: "5m"
max-file: "2"
volumes:
# Shared Volume für Composer-Cache über Container-Neustarts hinweg
- composer-cache:/root/.composer/cache
# Bindet das Projektverzeichnis für Produktivbetrieb ein
#- project-data:/var/www/html:cached
# Variante mit mounting:
- ./:/var/www/html:cached
# Verhindert Überschreiben der Vendor-Verzeichnisse
#- /var/www/html/vendor
# Storage-Verzeichnisse als Docker-Volumes (keine Host-Mounts)
- storage-data:/var/www/html/storage:rw
- var-data:/var/www/html/var:rw
environment:
PHP_IDE_CONFIG: "serverName=docker"
APP_ENV: ${APP_ENV:-development}
APP_DEBUG: ${APP_DEBUG:-true}
healthcheck:
test: [ "CMD", "php", "-v" ]
interval: 30s
timeout: 10s
retries: 3
restart: unless-stopped
networks:
- backend
- cache
env_file:
- .env
db:
container_name: db
image: mariadb:latest
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-StartRoot2024!}
MYSQL_DATABASE: ${DB_DATABASE:-michaelschiemer}
MYSQL_USER: ${DB_USERNAME:-mdb-user}
MYSQL_PASSWORD: ${DB_PASSWORD:-StartSimple2024!}
ports:
- "33060:3306"
volumes:
- db_data:/var/lib/mysql
healthcheck:
test: [ "CMD", "mariadb-admin", "ping", "-h", "127.0.0.1", "-u", "root", "-p${DB_ROOT_PASSWORD:-StartRoot2024!}" ]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
networks:
- backend
redis:
container_name: redis
image: redis:7-alpine
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf
- redis_data:/data
command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 5s
retries: 3
restart: unless-stopped
networks:
- cache
env_file:
- .env
queue-worker:
container_name: queue-worker
build:
context: .
dockerfile: docker/worker/Dockerfile
# user: "1000:1000" # Same user ID as PHP container
depends_on:
php:
condition: service_healthy
redis:
condition: service_healthy
db:
condition: service_healthy
volumes:
- ./:/var/www/html:cached
- ./storage/logs:/var/www/html/storage/logs:rw
- ./src/Framework/CommandBus/storage:/var/www/html/src/Framework/CommandBus/storage:rw
environment:
- APP_ENV=${APP_ENV:-development}
- WORKER_DEBUG=${WORKER_DEBUG:-false}
- WORKER_SLEEP_TIME=${WORKER_SLEEP_TIME:-100000}
- WORKER_MAX_JOBS=${WORKER_MAX_JOBS:-1000}
restart: unless-stopped
networks:
- backend
- cache
env_file:
- .env
# Graceful shutdown timeout
stop_grace_period: 30s
# Resource limits for the worker
deploy:
resources:
limits:
memory: 512M
reservations:
memory: 256M
# websocket:
# build:
# context: .
# container_name: websocket
# command: php websocket.php
# ports:
# - "8081:8081"
# networks:
# - frontend
# - backend
# volumes:
# - ./:/var/www/html
networks:
frontend:
driver: bridge
backend:
driver: bridge
cache:
driver: bridge
volumes:
redis_data:
composer-cache:
storage-data:
var-data:
#cache-volume:
db_data:
project-data:
worker-logs:
worker-queue:
Reference in New Issue View Git Blame Copy Permalink