bisco/azionelab
1
0
Fork 0
generated from bisco/codex-bootstrap
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'infra/docker-compose-deployment' into develop

Browse Source
This commit is contained in:
bisco
2026-04-28 11:12:33 +02:00
parent b1e1be84b9 04f31c5105
commit 65a36a72e0
15 changed files with 279 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/security-notes.md
View File

@@ -131,12 +131,15 @@ Expected secret configuration:
Use environment variables, Docker secrets, or deployment-managed secret injection. Documentation and example configuration should use placeholders only.
For the Docker Compose setup, copy `.env.example` to `.env` and replace placeholder values outside version control. The repository ignores `.env` and `.env.*` files except `.env.example`.
## Deployment Security
Deployment should follow least privilege:
- expose only nginx publicly;
- keep backend and database on an internal Docker network;
- do not publish backend, frontend, or PostgreSQL ports to the host in production;
- avoid privileged containers;
- use explicit image tags rather than `latest`;
- persist PostgreSQL data in a named volume;