bisco/azionelab
1
0
Fork 0
generated from bisco/codex-bootstrap
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add initial Docker Compose infrastructure

Browse Source
This commit is contained in:
bisco
2026-04-28 11:08:06 +02:00
parent 18ab0a8b99
commit 04f31c5105
15 changed files with 279 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/security-notes.md
View File

@@ -115,12 +115,15 @@ Expected secret configuration:
Use environment variables, Docker secrets, or deployment-managed secret injection. Documentation and example configuration should use placeholders only.
For the Docker Compose setup, copy `.env.example` to `.env` and replace placeholder values outside version control. The repository ignores `.env` and `.env.*` files except `.env.example`.
## Deployment Security
Deployment should follow least privilege:
- expose only nginx publicly;
- keep backend and database on an internal Docker network;
- do not publish backend, frontend, or PostgreSQL ports to the host in production;
- avoid privileged containers;
- use explicit image tags rather than `latest`;
- persist PostgreSQL data in a named volume;