chore: docker compose full-stack setup with migrate and crawler services#1
Open
Pacheco95 wants to merge 3 commits into
Open
chore: docker compose full-stack setup with migrate and crawler services#1Pacheco95 wants to merge 3 commits into
Pacheco95 wants to merge 3 commits into
Conversation
The compose stack published postgres on 0.0.0.0:${DB_PORT} with a
hardcoded postgres/postgres default. On a host with a public IP, that
combination is discovered by internet-wide scanners within hours and is
a well-known target for credential-stuffing and the materialized-view
superuser-escalation chain.
- Bind the host port to 127.0.0.1 so the DB is reachable from the host
only, not the network. The crawler still talks to postgres over the
internal compose network on 5432.
- Require POSTGRES_PASSWORD via the :? operator so compose fails fast
when it is unset, instead of silently falling back to a weak default.
- Drive POSTGRES_USER / POSTGRES_DB from env with safe defaults, and
reuse POSTGRES_USER in the healthcheck.
- Document the new required var in .env.example with a generation hint
and wire DATABASE_URL to interpolate it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
migrateandcrawlerservices todocker-compose.ymlsodocker compose up --buildis the only command needed to run the full stackmigrateapplies the schema viadrizzle-kit pushbefore the crawler starts, using a separateDockerfile.migratethat includes dev dependencies — keeping the productionDockerfilelean (--productioninstall)crawlerrestarts automatically by default; both the command and restart policy are configurable viaCRAWLER_COMMANDandRESTART_POLICYenv varsDB_PORTenv var (default5433) used in the postgres port mapping anddrizzle.config.tsfallback.env.exampleto their own lines to prevent values from being corrupted aftercp .env.example .envTest plan
cp .env.example .env && docker compose up --build— postgres becomes healthy, migrate applies schema and exits 0, crawler starts and begins fetchingCRAWLER_COMMAND="bun run crawl -- --year 2024" docker compose up— crawler runs with custom argsRESTART_POLICY=no docker compose up— crawler runs once and stops without restartingDB_PORT=5434 docker compose up— postgres binds to host port 5434docker compose up -d postgres && bun run db:push && bun run crawlstill works🤖 Generated with Claude Code