fix: production deployment hardening
Some checks failed
Deploy to Production / Deploy to 192.168.1.190 (push) Has been cancelled

Docker:
- Restrict PostgreSQL port to 127.0.0.1 only (not exposed to LAN)
- Add APP_BASE_URL for MCP server to reach Next.js via Docker network
- Fix MCP healthcheck (remove always-passing fallback)
- Add resource limits to mcp-server container

Dockerfile:
- Remove full node_modules copy (standalone already includes deps)
  Reduces image size by ~500MB+

Config:
- Add MCP_SERVER_MODE and MCP_SERVER_URL to deploy.sh and .env.docker.example
- Deploy script now auto-sets MCP_SERVER_URL based on NEXTAUTH_URL

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Sepehr Ramezani
2026-04-21 23:09:22 +02:00
parent 8d37115e1d
commit 97163bfb89
4 changed files with 16 additions and 3 deletions

View File

@@ -165,6 +165,8 @@ POSTGRES_PASSWORD="${pg_pass}"
# MCP Server
MCP_MODE="sse"
MCP_PORT="3001"
MCP_SERVER_MODE="sse"
MCP_SERVER_URL="${url}:3001"
# AI - Tags
AI_PROVIDER_TAGS=${ai_tags_provider}