papa/klg-asutk-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a7da43be0e
klg-asutk-app/docker-compose.yml
Yuriy aa052763f6 Безопасность и качество: 8 исправлений + обновления 
- .env.example: полный шаблон, защита секретов
- .gitignore: явное исключение .env.* и секретов
- layout.tsx: XSS — заменён dangerouslySetInnerHTML на next/script для SW
- ESLint: no-console error (allow warn/error), ignore scripts/
- scripts/remove-console-logs.js: очистка console.log без glob
- backend/routes/modules: README с планом рефакторинга крупных файлов
- SECURITY.md: гид по секретам, XSS, CORS, auth, линту
- .husky/pre-commit: запуск npm run lint

+ прочие правки приложения и бэкенда

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-14 21:29:16 +03:00

130 lines
3.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# КЛГ АСУ ТК v27 — Full Stack
# docker compose up -d
version: '3.8'
services:
# ─── Database ───────────────────────────────────
postgres:
image: postgres:15-alpine
environment:
POSTGRES_USER: ${DB_USER:-klg}
POSTGRES_PASSWORD: ${DB_PASSWORD:-klg}
POSTGRES_DB: ${DB_NAME:-klg}
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./backend/migrations:/docker-entrypoint-initdb.d:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U klg -d klg"]
interval: 5s
timeout: 5s
retries: 5
# ─── Cache ──────────────────────────────────────
redis:
image: redis:7-alpine
ports:
- "6379:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
# ─── Object Storage ────────────────────────────
minio:
image: minio/minio
environment:
MINIO_ROOT_USER: ${MINIO_USER:-minioadmin}
MINIO_ROOT_PASSWORD: ${MINIO_PASSWORD:-minioadmin}
command: server /data --console-address ":9001"
ports:
- "9000:9000"
- "9001:9001"
volumes:
- minio_data:/data
# ─── Auth (Keycloak) ───────────────────────────
keycloak:
image: quay.io/keycloak/keycloak:24.0
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD:-admin}
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-klg}
KC_DB_USERNAME: ${DB_USER:-klg}
KC_DB_PASSWORD: ${DB_PASSWORD:-klg}
command: start-dev
ports:
- "8080:8080"
depends_on:
postgres:
condition: service_healthy
# ─── Backend (FastAPI) ─────────────────────────
backend:
build:
context: ./backend
dockerfile: Dockerfile
environment:
DATABASE_URL: postgresql://${DB_USER:-klg}:${DB_PASSWORD:-klg}@postgres:5432/${DB_NAME:-klg}
REDIS_URL: redis://redis:6379/0
MINIO_ENDPOINT: minio:9000
MINIO_ACCESS_KEY: ${MINIO_USER:-minioadmin}
MINIO_SECRET_KEY: ${MINIO_PASSWORD:-minioadmin}
KEYCLOAK_URL: http://keycloak:8080
KEYCLOAK_REALM: klg
SECRET_KEY: ${SECRET_KEY:-change-me-in-production}
ENVIRONMENT: ${ENVIRONMENT:-production}
# ФГИС РЭВС
FGIS_API_URL: ${FGIS_API_URL:-https://fgis-revs-test.favt.gov.ru/api/v2}
FGIS_ORG_ID: ${FGIS_ORG_ID:-}
FGIS_API_KEY: ${FGIS_API_KEY:-}
FGIS_CERT_PATH: /etc/ssl/fgis/client.pem
ports:
- "8000:8000"
volumes:
- ./certs/fgis:/etc/ssl/fgis:ro
- attachments_data:/app/storage
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
restart: unless-stopped
# ─── Frontend (Next.js) ────────────────────────
frontend:
build:
context: .
dockerfile: Dockerfile
environment:
NEXT_PUBLIC_API_URL: http://backend:8000
NEXT_PUBLIC_WS_URL: ws://backend:8000
ports:
- "3000:3000"
depends_on:
- backend
restart: unless-stopped
# ─── Monitoring ────────────────────────────────
prometheus:
image: prom/prometheus:latest
volumes:
- ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
ports:
- "9090:9090"
profiles:
- monitoring
grafana:
image: grafana/grafana:latest
ports:
- "3001:3000"
profiles:
- monitoring
volumes:
postgres_data:
minio_data:
attachments_data:
Reference in New Issue View Git Blame Copy Permalink