Oliver-ai-bot_2.0

Oliver/Oliver-ai-bot_2.0

Fork 0

Commit graph

Author	SHA1	Message	Date
Vadym Samoilenko	573ec92668	Backend on port 1222, Cloud Run ports 15432/16379 on internal IP - Backend: 127.0.0.1:1222 → container :8000 (avoids conflict with :8000) - PG: 10.220.168.5:15432, Redis: 10.220.168.5:16379 (for Cloud Run VPC access) - No host binding on standard ports to avoid conflicts with other apps - Updated firewall rule and Cloud Run worker script accordingly Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 23:10:18 +00:00
Vadym Samoilenko	be6e607bfe	Expose Redis/PG on VM internal IP for Cloud Run VPC access - docker-compose.prod.yml: bind db to 10.220.168.5:5432, redis to 10.220.168.5:6379 - cloud-run-worker.sh: use VM internal IP for all service URLs, auto-configure Docker auth, source .env for secrets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 22:57:53 +00:00
Vadym Samoilenko	42a20659a7	Phase 4: Production hardening, Cloud Run worker, deploy pipeline - Multi-stage Dockerfile with gunicorn, non-root user, healthcheck - Structured JSON logging with request ID propagation - Redis-based rate limiting middleware (sliding window) - Security headers middleware (X-Frame-Options, CSP, XSS protection) - Global exception handler hiding stack traces in production - Disable /docs /redoc in production mode - CORS hardened to explicit methods/headers - TrustedHostMiddleware support - Health endpoints: /health returns 503 on degraded, /health/live for liveness - Frontend static export (output: 'export') for Apache serving - docker-compose.prod.yml with resource limits, pinned images, celery-worker - deploy.sh: full pipeline (git pull → build → up → frontend → copy to /var/www) - Cloud Run worker: Dockerfile.worker, cloudbuild.yaml, deploy script (optical-414516) - Celery hardened: task time limits, healthcheck task, configurable concurrency - Admin panel improvements, system prompts, AD group sync Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 22:42:10 +00:00

Author

SHA1

Message

Date

Vadym Samoilenko

573ec92668

Backend on port 1222, Cloud Run ports 15432/16379 on internal IP

- Backend: 127.0.0.1:1222 → container :8000 (avoids conflict with :8000)
- PG: 10.220.168.5:15432, Redis: 10.220.168.5:16379 (for Cloud Run VPC access)
- No host binding on standard ports to avoid conflicts with other apps
- Updated firewall rule and Cloud Run worker script accordingly

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-04 23:10:18 +00:00

Vadym Samoilenko

be6e607bfe

Expose Redis/PG on VM internal IP for Cloud Run VPC access

- docker-compose.prod.yml: bind db to 10.220.168.5:5432, redis to 10.220.168.5:6379
- cloud-run-worker.sh: use VM internal IP for all service URLs,
  auto-configure Docker auth, source .env for secrets

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-04 22:57:53 +00:00

Vadym Samoilenko

42a20659a7

Phase 4: Production hardening, Cloud Run worker, deploy pipeline

- Multi-stage Dockerfile with gunicorn, non-root user, healthcheck
- Structured JSON logging with request ID propagation
- Redis-based rate limiting middleware (sliding window)
- Security headers middleware (X-Frame-Options, CSP, XSS protection)
- Global exception handler hiding stack traces in production
- Disable /docs /redoc in production mode
- CORS hardened to explicit methods/headers
- TrustedHostMiddleware support
- Health endpoints: /health returns 503 on degraded, /health/live for liveness
- Frontend static export (output: 'export') for Apache serving
- docker-compose.prod.yml with resource limits, pinned images, celery-worker
- deploy.sh: full pipeline (git pull → build → up → frontend → copy to /var/www)
- Cloud Run worker: Dockerfile.worker, cloudbuild.yaml, deploy script (optical-414516)
- Celery hardened: task time limits, healthcheck task, configurable concurrency
- Admin panel improvements, system prompts, AD group sync

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-04 22:42:10 +00:00

3 commits