curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Align all app containers to UID 1001, add infra protocol, update README

Browse Source 
- frontend prod: USER root for adduser, then USER appuser (1001:1001); fixes
  build failure caused by nginx-unprivileged already setting USER nginx
- docker-compose: frontend user updated to 1001:1001 (was 101:101)
- CLAUDE.md: add infrastructure change protocol (update README + test both
  stacks after any Dockerfile/compose/nginx change); fix stale passlib ref
- README: container table shows nginx-unprivileged image, UID column, internal
  port 8080 note; Current State notes all containers run as non-root

Both dev and prod stacks tested and verified (health, login, /users/me,
frontend serving, all containers confirmed non-root via docker inspect).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-04-13 17:29:02 +02:00
parent a5baef73d9
commit e117a33a73
5 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+6 -5
View File
@@ -16,17 +16,18 @@ A fullstack SaaS web application built with FastAPI, React, and PostgreSQL.
- Protected dashboard route
- `/api/users/me` — authenticated user info
- 3 separate Docker containers: `db` (PostgreSQL), `backend` (FastAPI), `frontend` (nginx)
- All containers run as non-root users (UID 1001 for backend and frontend, UID 70 for db)
- Dev environment seeds a test user automatically on startup (`test@example.com` / `Test123!`)
- Password policy: min 8 chars, upper + lowercase, digit, special character, no common words
- Pre-commit security hook (`scripts/security_check.py`) runs inside Docker on every commit
## Containers
| Container | Image | Port | Description |
|---|---|---|---|
| `db` | postgres:16-alpine | 5432 | PostgreSQL database |
| `backend` | custom (python:3.12-slim) | 8000 | FastAPI management API |
| `frontend` | custom (nginx:alpine) | 80 | React UI served by nginx |
| Container | Image | Port | User (UID:GID) | Description |
|---|---|---|---|---|
| `db` | postgres:16-alpine | 5432 | 70:70 (postgres) | PostgreSQL database |
| `backend` | custom (python:3.12-slim) | 8000 | 1001:1001 (appuser) | FastAPI management API |
| `frontend` | custom (nginxinc/nginx-unprivileged:alpine) | 80 | 1001:1001 (appuser) | React UI served by nginx (internal port 8080) |
The frontend nginx container proxies `/api/*` to the backend container internally — no CORS headers needed in production.