feat: Produktions-Deployment mit Nginx und SSL
- docker-compose-prod.yml: Produktionsumgebung mit Nginx Reverse Proxy - nginx/nginx.conf: Optimierte Nginx-Konfiguration mit SSL und Sicherheits-Headers - Rate Limiting für API-Endpunkte (10/s) und Login (5/min) - Automatische SSL-Zertifikate via Let's Encrypt/Certbot - Gzip-Kompression und Performance-Optimierungen Setup-Scripts: - scripts/setup-ssl.sh: Bash-Script für Linux/macOS - scripts/setup-ssl.ps1: PowerShell-Script für Windows - Automatische Domain-Konfiguration aus .env (DOMAIN, ADMIN_EMAIL) - Ein-Klick-Setup für SSL-Zertifikate Dokumentation: - docs/production-deployment.md: Vollständige Deployment-Anleitung - Troubleshooting, Monitoring, Backup-Strategien - Sicherheitsempfehlungen und Best Practices Features: - Automatische SSL-Zertifikat-Erneuerung (alle 12h) - HSTS, CSP, XSS-Schutz - Health Checks und Monitoring - Persistente Daten über Docker Volumes
This commit is contained in:
70
docker-compose-prod.yml
Normal file
70
docker-compose-prod.yml
Normal file
@@ -0,0 +1,70 @@
|
||||
# Production Docker Compose für Stargirlnails Kiel
|
||||
# Mit Nginx Reverse Proxy und Let's Encrypt SSL-Zertifikaten
|
||||
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
# Hauptanwendung
|
||||
stargirlnails:
|
||||
build: .
|
||||
container_name: stargirlnails-app
|
||||
env_file:
|
||||
- .env
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./.storage:/app/.storage
|
||||
networks:
|
||||
- stargirlnails-network
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/health"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 40s
|
||||
depends_on:
|
||||
- nginx
|
||||
|
||||
# Nginx Reverse Proxy
|
||||
nginx:
|
||||
image: nginx:alpine
|
||||
container_name: stargirlnails-nginx
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ./nginx/conf.d:/etc/nginx/conf.d:ro
|
||||
- certbot-certs:/etc/letsencrypt:ro
|
||||
- certbot-webroot:/var/www/certbot:ro
|
||||
networks:
|
||||
- stargirlnails-network
|
||||
depends_on:
|
||||
- stargirlnails
|
||||
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
|
||||
|
||||
# Certbot für SSL-Zertifikate
|
||||
certbot:
|
||||
image: certbot/certbot
|
||||
container_name: stargirlnails-certbot
|
||||
restart: "no"
|
||||
volumes:
|
||||
- certbot-certs:/etc/letsencrypt
|
||||
- certbot-webroot:/var/www/certbot
|
||||
networks:
|
||||
- stargirlnails-network
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
|
||||
# Volumes für persistente Daten
|
||||
volumes:
|
||||
certbot-certs:
|
||||
driver: local
|
||||
certbot-webroot:
|
||||
driver: local
|
||||
|
||||
# Netzwerk für interne Kommunikation
|
||||
networks:
|
||||
stargirlnails-network:
|
||||
driver: bridge
|
||||
Reference in New Issue
Block a user