fix: production deployment hardening
Some checks failed
Deploy to Production / Deploy to 192.168.1.190 (push) Has been cancelled

Docker:
- Restrict PostgreSQL port to 127.0.0.1 only (not exposed to LAN)
- Add APP_BASE_URL for MCP server to reach Next.js via Docker network
- Fix MCP healthcheck (remove always-passing fallback)
- Add resource limits to mcp-server container

Dockerfile:
- Remove full node_modules copy (standalone already includes deps)
  Reduces image size by ~500MB+

Config:
- Add MCP_SERVER_MODE and MCP_SERVER_URL to deploy.sh and .env.docker.example
- Deploy script now auto-sets MCP_SERVER_URL based on NEXTAUTH_URL

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Sepehr Ramezani
2026-04-21 23:09:22 +02:00
parent 8d37115e1d
commit 97163bfb89
4 changed files with 16 additions and 3 deletions

View File

@@ -52,7 +52,6 @@ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder /app/prisma ./prisma
RUN chown -R nextjs:nodejs /app/prisma
COPY --from=builder --chown=nextjs:nodejs /app/node_modules/.prisma ./node_modules/.prisma
COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
USER nextjs