a8e201dc52
✅ Production-Ready Containerization: - Multi-stage frontend build (Vue.js + Nginx) - Optimized backend container (Node.js + Alpine) - PostgreSQL 15 with persistent storage and health checks - Custom Docker network for secure service communication ✅ Interactive Setup Wizard (setup.sh): - Beautiful CLI interface with colors and progress indicators - Automatic secure password and JWT secret generation - Complete environment configuration with validation - Domain, SSL, Azure AD, and OpenAI API setup - One-command deployment with immediate startup option ✅ Production Security & Performance: - Nginx reverse proxy with rate limiting and security headers - HTTPS/SSL support with custom certificate mounting - CORS protection and request validation - Non-root container execution for all services - Health checks and monitoring for reliability ✅ Management & Operations: - Comprehensive deploy.sh script with all common operations - Database backup and restore capabilities - Service logs management and troubleshooting tools - Docker Compose orchestration with dependency management - Development vs production environment support ✅ Enterprise Features: - Azure AD SSO integration with hybrid authentication - OpenAI API configuration and secure key management - Multi-environment support (localhost vs production) - Comprehensive documentation and troubleshooting guides - Resource optimization and performance tuning 🏗️ Architecture: - Frontend: Vue.js + Vite → Nginx (port 80/443) - Backend: Node.js + Express (internal port 3000) - Database: PostgreSQL 15 (internal port 5432) - Networking: Isolated Docker bridge network - Storage: Named volumes for data persistence 🚀 Deployment Commands: - ./setup.sh - Interactive deployment wizard - ./scripts/deploy.sh [start|stop|build|logs|status] - docker-compose up -d --build - Automatic migrations and admin user creation 🔒 Security Hardening: - Rate limiting on API endpoints (10 req/s) and auth (5 req/min) - Security headers (X-Frame-Options, CSP, HSTS) - CORS validation and origin checking - SSL/TLS encryption support - Container isolation and minimal attack surface 📚 Complete Documentation: - Comprehensive README with architecture overview - Troubleshooting guide with common issues - Development vs production configuration - Performance tuning and scaling recommendations 🎯 One-Command Production Deployment: Everything needed to deploy Ideas Generator 2025 in production with enterprise security, monitoring, and Azure AD SSO integration. 🚀 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| nginx | ||
| postgres | ||
| scripts | ||
| .env.example | ||
| docker-compose.yml | ||
| Dockerfile.backend | ||
| Dockerfile.frontend | ||
| README.md | ||
| setup.sh | ||
🚀 Ideas Generator 2025 - Docker Deployment
Complete production-ready Docker deployment for the Ideas Generator 2025 application with Azure AD SSO and hybrid authentication.
📋 Overview
This Docker setup provides a complete, production-ready deployment including:
- Frontend: Vue.js 3 + Vite (served via Nginx)
- Backend: Node.js + Express API server
- Database: PostgreSQL 15 with persistent storage
- Proxy: Nginx reverse proxy with SSL support
- Authentication: Hybrid Azure AD SSO + Password authentication
- Security: Production-grade security headers and rate limiting
🚀 Quick Start
Prerequisites
- Docker 20.x or higher
- Docker Compose 2.x or higher
- OpenAI API key
- Azure AD tenant access (for SSO)
One-Command Deployment
cd docker
./setup.sh
The interactive setup script will guide you through:
- Domain and port configuration
- Database setup with secure credentials
- Azure AD integration
- OpenAI API configuration
- SSL/TLS setup
- Security configuration
📁 Architecture
docker/
├── docker-compose.yml # Main orchestration file
├── Dockerfile.backend # Node.js backend container
├── Dockerfile.frontend # Vue.js + Nginx frontend container
├── setup.sh # Interactive deployment wizard
├── nginx/
│ └── nginx.conf.template # Nginx configuration with variables
├── postgres/
│ └── init.sql # Database initialization
└── scripts/
├── deploy.sh # Deployment management commands
└── frontend-entrypoint.sh # Frontend container initialization
🔧 Services
Frontend Service (frontend)
- Base: nginx:alpine
- Port: 80 (HTTP), 443 (HTTPS)
- Features:
- Production Vue.js build
- Gzip compression
- Security headers
- Rate limiting
- Health checks
Backend Service (backend)
- Base: node:18-alpine
- Port: 3000 (internal)
- Features:
- Express.js API server
- PostgreSQL connection
- Azure AD token validation
- OpenAI API integration
- Health monitoring
Database Service (database)
- Base: postgres:15-alpine
- Port: 5432 (internal)
- Features:
- Persistent data storage
- Automatic initialization
- Health checks
- Backup support
⚙️ Configuration
Environment Variables
The setup script generates a .env file with all necessary configuration:
# Basic Configuration
DOMAIN_NAME=your-domain.com
HTTP_PORT=80
HTTPS_PORT=443
# Database
DATABASE_NAME=ideas_gen_prod
DATABASE_USER=ideas_admin
DATABASE_PASSWORD=generated-secure-password
# Security
JWT_SECRET=generated-jwt-secret
# Azure AD
AZURE_TENANT_ID=your-tenant-id
AZURE_CLIENT_ID=your-client-id
# OpenAI
OPENAI_API_KEY=your-openai-key
# URLs
FRONTEND_URL=https://your-domain.com
BACKEND_URL=https://your-domain.com/api
CORS_ORIGIN=https://your-domain.com
Manual Configuration
If you prefer manual setup, copy the example:
cp .env.example .env
# Edit .env with your values
🚀 Deployment Commands
Using the Management Script
# Start all services
./scripts/deploy.sh start
# Build and deploy with latest changes
./scripts/deploy.sh build
# View service status
./scripts/deploy.sh status
# View logs
./scripts/deploy.sh logs
# Stop all services
./scripts/deploy.sh stop
Using Docker Compose Directly
# Start in background
docker-compose up -d
# Build and start
docker-compose up -d --build
# View logs
docker-compose logs -f
# Stop services
docker-compose down
🔒 Security Features
Network Security
- Custom isolated Docker network
- Internal service communication
- No exposed database ports
Web Security
- HTTPS/SSL support
- Security headers (HSTS, CSP, etc.)
- Rate limiting on API endpoints
- CORS protection
Authentication Security
- Azure AD token validation
- JWT secret generation
- Password hashing with bcrypt
- Role-based access control
Container Security
- Non-root user execution
- Minimal base images (Alpine Linux)
- Health checks for all services
- Resource limits and constraints
📊 Monitoring & Maintenance
Health Checks
All services include health checks:
# Check all service health
docker-compose ps
# View detailed health status
docker inspect ideas-gen-backend --format='{{.State.Health.Status}}'
Logs
Access logs for troubleshooting:
# All services
docker-compose logs -f
# Specific service
docker-compose logs -f backend
docker-compose logs -f frontend
docker-compose logs -f database
Database Backup
# Create backup
./scripts/deploy.sh backup
# Manual backup
docker-compose exec database pg_dump -U ideas_admin ideas_gen_prod > backup.sql
Updates
# Update to latest version
./scripts/deploy.sh update
# Manual update
git pull
docker-compose up -d --build
🔧 Advanced Configuration
Custom SSL Certificates
- Place your certificates in the SSL directory:
mkdir -p /etc/ssl/certs/ideas-gen
cp your-cert.crt /etc/ssl/certs/ideas-gen/
cp your-key.key /etc/ssl/certs/ideas-gen/
- Update SSL_CERT_PATH in .env:
SSL_CERT_PATH=/etc/ssl/certs/ideas-gen
Custom Domain Setup
- Configure DNS to point to your server
- Update DOMAIN_NAME in .env
- Restart services:
docker-compose up -d
Production Tuning
For high-traffic deployments, consider:
- Resource Limits: Add memory/CPU limits to docker-compose.yml
- Load Balancing: Use multiple backend replicas
- Database Tuning: Optimize PostgreSQL settings
- Monitoring: Add Prometheus/Grafana monitoring
🐛 Troubleshooting
Common Issues
Services Won't Start
# Check logs for errors
docker-compose logs
# Check Docker daemon
docker info
# Verify disk space
df -h
Database Connection Issues
# Check database health
docker-compose exec database pg_isready -U ideas_admin
# Reset database
docker-compose down -v
docker-compose up database -d
Frontend Build Issues
# Rebuild frontend only
docker-compose build frontend
docker-compose up -d frontend
Permission Issues
# Fix Docker permissions (Linux)
sudo chown -R $USER:docker /var/run/docker.sock
Performance Issues
Slow Response Times
- Check system resources:
docker stats - Review nginx logs:
docker-compose logs frontend - Monitor database queries:
docker-compose logs database
High Memory Usage
- Optimize Node.js memory: Add
NODE_OPTIONS=--max-old-space-size=512to backend environment - Tune PostgreSQL: Adjust
shared_buffersandwork_mem
🔄 Development vs Production
Development Mode (Localhost)
- Uses HTTP only
- Relaxed CORS settings
- Debug logging enabled
- Hot reload for frontend development
Production Mode
- HTTPS enforcement
- Strict security headers
- Compressed assets
- Rate limiting enabled
- Health monitoring
📚 Additional Resources
🆘 Support
For deployment issues:
- Check the troubleshooting section above
- Review service logs:
docker-compose logs - Verify configuration:
docker-compose config - Check system resources:
docker stats
🏷️ Version Information
- Docker Compose Version: 3.8
- Node.js Version: 18 (Alpine)
- PostgreSQL Version: 15 (Alpine)
- Nginx Version: Latest (Alpine)
Generated with Claude Code
This deployment setup provides enterprise-grade security, scalability, and maintainability for the Ideas Generator 2025 application.