curo1305
a5baef73d9
- backend: appuser UID/GID 1001 via useradd, USER directive, --chown on COPY - frontend builder: appuser UID/GID 1001 via adduser, USER directive - frontend prod: switch to nginxinc/nginx-unprivileged:alpine (nginx UID 101), listen on 8080 - docker-compose: explicit user: for all services (70:70 db, 1001:1001 backend/frontend-dev, 101:101 frontend-prod) - nginx.conf: listen 8080 to match unprivileged image Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
8 lines
531 B
Markdown
8 lines
531 B
Markdown
# TODO
|
|
|
|
## Infrastructure
|
|
|
|
- [x] **Rootless containers** — run backend and frontend containers as non-root users (add `USER` directive to Dockerfiles, map UID/GID appropriately)
|
|
- [ ] **Persistent storage** — ensure database data, config files, and any uploaded assets survive container restarts and rebuilds (named volumes, bind mounts for config)
|
|
- [ ] **Docker development workflow** — document and streamline the full dev loop: hot reload, one-command startup, migration handling, seed data, and how to attach a debugger
|