Oliver/Oliver-ai-bot_2.0
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Oliver-ai-bot_2.0/backend/Dockerfile
Vadym Samoilenko 42a20659a7 Phase 4: Production hardening, Cloud Run worker, deploy pipeline 
- Multi-stage Dockerfile with gunicorn, non-root user, healthcheck
- Structured JSON logging with request ID propagation
- Redis-based rate limiting middleware (sliding window)
- Security headers middleware (X-Frame-Options, CSP, XSS protection)
- Global exception handler hiding stack traces in production
- Disable /docs /redoc in production mode
- CORS hardened to explicit methods/headers
- TrustedHostMiddleware support
- Health endpoints: /health returns 503 on degraded, /health/live for liveness
- Frontend static export (output: 'export') for Apache serving
- docker-compose.prod.yml with resource limits, pinned images, celery-worker
- deploy.sh: full pipeline (git pull → build → up → frontend → copy to /var/www)
- Cloud Run worker: Dockerfile.worker, cloudbuild.yaml, deploy script (optical-414516)
- Celery hardened: task time limits, healthcheck task, configurable concurrency
- Admin panel improvements, system prompts, AD group sync

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 22:42:10 +00:00

47 lines
1.1 KiB
Docker
Raw Blame History

# === Builder stage ===
FROM python:3.11-slim AS builder
WORKDIR /build
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
COPY requirements.txt .
RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
# === Runtime stage ===
FROM python:3.11-slim
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
postgresql-client \
curl \
&& rm -rf /var/lib/apt/lists/*
# Copy installed packages from builder
COPY --from=builder /install /usr/local
# Create non-root user
RUN groupadd -r nexus && useradd -r -g nexus -d /app -s /sbin/nologin nexus
# Copy application code
COPY . .
# Create upload directory with correct permissions
RUN mkdir -p /app/uploads && chown -R nexus:nexus /app
# Copy entrypoint
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
USER nexus
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
CMD curl -f http://localhost:8000/api/v1/health/live || exit 1
ENTRYPOINT ["/entrypoint.sh"]
Reference in a new issue View git blame Copy permalink