admin/ORCID2SWORD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
af1b8e995684f937680977df48725d362d1e9424
ORCID2SWORD/docker-compose.yml
T
Mireya Cueto Garrido af1b8e9956 feat: enhance backend security and configuration 
- Updated Dockerfile to improve security with a non-root user and added health checks.
- Modified docker-compose.yml to set containers as read-only, restrict ports to localhost, and implement health checks.
- Enhanced .env.example with additional environment variables for security and configuration.
- Improved FastAPI application with middleware for security headers, CORS, and body size limits.
- Refactored authentication flow in auth.py to include state validation and improved error handling.
- Added rate limiting to various endpoints to prevent abuse.
- Updated researcher and publication handling to ensure better validation and error management.
2026-05-08 11:19:52 +02:00

78 lines
1.7 KiB
YAML
Raw Blame History

services:
backend:
build: ./backend
container_name: orcid-backend
restart: unless-stopped
ports:
- "127.0.0.1:8000:8000"
env_file:
- ./backend/.env
environment:
DATABASE_URL: postgresql://postgres:postgres@db:5432/orcid_db
REDIS_URL: redis://redis:6379/0
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
read_only: true
tmpfs:
- /tmp
cap_drop:
- ALL
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-fsS", "http://127.0.0.1:8000/health"]
interval: 30s
timeout: 5s
retries: 3
start_period: 15s
frontend:
build: ./frontend
container_name: orcid-frontend
restart: unless-stopped
ports:
- "127.0.0.1:5173:5173"
depends_on:
- backend
env_file:
- ./frontend/.env
security_opt:
- no-new-privileges:true
db:
image: postgres:16
container_name: orcid-postgres
restart: unless-stopped
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: orcid_db
expose:
- "5432"
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d orcid_db"]
interval: 2s
timeout: 3s
retries: 20
security_opt:
- no-new-privileges:true
redis:
image: redis:7
container_name: orcid-redis
restart: unless-stopped
command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
expose:
- "6379"
security_opt:
- no-new-privileges:true
volumes:
postgres_data:
Reference in New Issue View Git Blame Copy Permalink