Fix: Improve Docker Compose configuration and security (#911)

Co-authored-by: Dave Earley <[email protected]>

Author: hannes-lehmann

.gitignore

@@ -5,6 +5,7 @@
 /.idea/**
 frontend/.env
 backend/.env
+docker/all-in-one/.env
 todo.md
 CLAUDE.md
 /prompts/**

docker/all-in-one/.env renamed to docker/all-in-one/.env.example

@@ -23,6 +23,8 @@ APP_DISABLE_REGISTRATION=false
 APP_SAAS_MODE_ENABLED=false
 APP_SAAS_STRIPE_APPLICATION_FEE_PERCENT=0
 APP_SAAS_STRIPE_APPLICATION_FEE_FIXED=0
+APP_EMAIL_LOGO_URL=
+APP_EMAIL_LOGO_LINK_URL=
 
 # Email settings (Using log mailer for local testing)
 MAIL_MAILER=log
@@ -40,6 +42,9 @@ FILESYSTEM_PUBLIC_DISK=public
 FILESYSTEM_PRIVATE_DISK=local
 
 # Database settings
+POSTGRES_DB=hi-events
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=secret
 DATABASE_URL=postgresql://postgres:secret@postgres:5432/hi-events
 
 # Stripe settings (Replace with valid test keys if necessary)

docker/all-in-one/README.md

@@ -16,7 +16,13 @@ git clone [email protected]:HiEventsDev/hi.events.git
 cd hi.events/docker/all-in-one
 ```
 
-### Step 2: Generate the `APP_KEY` and `JWT_SECRET`
+### Step 2: Copy the Environment File
+
+```bash
+cp .env.example .env
+```
+
+### Step 3: Generate the `APP_KEY` and `JWT_SECRET`
 
 Generate the keys using the following commands:
 
@@ -38,7 +44,7 @@ for /f "tokens=*" %i in ('openssl rand -base64 32') do @echo JWT_SECRET=%i
 [Convert]::ToBase64String([System.Security.Cryptography.RandomNumberGenerator]::GetBytes(32))  # For JWT_SECRET
 ```
 
-### Step 3: Update the `.env` File
+### Step 4: Update the `.env` File
 
 Update the `.env` file located in `./docker/all-in-one/.env` with the generated `APP_KEY` and `JWT_SECRET`:
 
@@ -47,13 +53,13 @@ APP_KEY=your_generated_app_key
 JWT_SECRET=your_generated_jwt_secret
 ```
 
-### Step 4: Start the Docker Containers
+### Step 5: Start the Docker Containers
 
 ```bash
 docker compose up -d
 ```
 
-### Step 5: Create an Account
+### Step 6: Create an Account
 
 Visit [http://localhost:8123/auth/register](http://localhost:8123/auth/register) to create an account.
 

docker/all-in-one/docker-compose.yml

@@ -3,11 +3,9 @@ services:
     build:
       context: ./../../
       dockerfile: Dockerfile.all-in-one
-    container_name: all-in-one
+    restart: unless-stopped
     ports:
       - "8123:80"
-    networks:
-      - hi-events-network
     environment:
       - VITE_FRONTEND_URL=${VITE_FRONTEND_URL}
       - VITE_API_URL_CLIENT=${VITE_API_URL_CLIENT}
@@ -37,7 +35,7 @@ services:
       - MAIL_FROM_NAME=${MAIL_FROM_NAME}
       - FILESYSTEM_PUBLIC_DISK=${FILESYSTEM_PUBLIC_DISK}
       - FILESYSTEM_PRIVATE_DISK=${FILESYSTEM_PRIVATE_DISK}
-      - DATABASE_URL=postgresql://postgres:secret@postgres:5432/hi-events
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-secret}@postgres:5432/${POSTGRES_DB:-hi-events}
       - REDIS_HOST=redis
       - REDIS_PASSWORD=
       - REDIS_PORT=6379
@@ -53,43 +51,31 @@ services:
         condition: service_healthy
 
   redis:
-    image: redis:latest
-    container_name: redis
-    networks:
-      - hi-events-network
+    image: redis:7-alpine
+    restart: unless-stopped
     healthcheck:
       test: [ "CMD", "redis-cli", "ping" ]
       interval: 10s
       timeout: 5s
       retries: 5
-    ports:
-      - "6379:6379"
     volumes:
       - redisdata:/data
 
   postgres:
-    image: postgres:17
-    container_name: postgres
-    networks:
-      - hi-events-network
+    image: postgres:17-alpine
+    restart: unless-stopped
     healthcheck:
       test: [ "CMD-SHELL", "pg_isready -U postgres" ]
       interval: 10s
       timeout: 5s
       retries: 5
     environment:
-      POSTGRES_DB: hi-events
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: secret
+      POSTGRES_DB: ${POSTGRES_DB:-hi-events}
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-secret}
     volumes:
       - pgdata:/var/lib/postgresql/data
 
-networks:
-  hi-events-network:
-    driver: bridge
-
 volumes:
   pgdata:
-    driver: local
   redisdata:
-    driver: local