fix: production deployment hardening
Some checks failed
Deploy to Production / Deploy to 192.168.1.190 (push) Has been cancelled
Some checks failed
Deploy to Production / Deploy to 192.168.1.190 (push) Has been cancelled
Docker: - Restrict PostgreSQL port to 127.0.0.1 only (not exposed to LAN) - Add APP_BASE_URL for MCP server to reach Next.js via Docker network - Fix MCP healthcheck (remove always-passing fallback) - Add resource limits to mcp-server container Dockerfile: - Remove full node_modules copy (standalone already includes deps) Reduces image size by ~500MB+ Config: - Add MCP_SERVER_MODE and MCP_SERVER_URL to deploy.sh and .env.docker.example - Deploy script now auto-sets MCP_SERVER_URL based on NEXTAUTH_URL Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -52,7 +52,6 @@ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
||||
COPY --from=builder /app/prisma ./prisma
|
||||
RUN chown -R nextjs:nodejs /app/prisma
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/node_modules/.prisma ./node_modules/.prisma
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
|
||||
|
||||
USER nextjs
|
||||
|
||||
|
||||
Reference in New Issue
Block a user