ATMATA/zerp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deploy): restrict backend and postgres ports to localhost

Browse Source 
Limit direct network exposure on staging by binding backend and Postgres to 127.0.0.1 while keeping frontend public via the reverse proxy.

Made-with: Cursor
This commit is contained in:
Talal Sharabi
2026-04-13 12:34:34 +04:00
parent bda70feb18
commit 7270c4961f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.yml
View File

@@ -12,7 +12,7 @@ services:
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
ports: ports:
- "5432:5432" - "127.0.0.1:5432:5432"
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"] test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s interval: 10s
@@ -40,7 +40,7 @@ services:
postgres: postgres:
condition: service_healthy condition: service_healthy
ports: ports:
- "5001:5001" - "127.0.0.1:5001:5001"
healthcheck: healthcheck:
test: ["CMD-SHELL", "wget -qO- http://localhost:5001/api/v1/health || exit 1"] test: ["CMD-SHELL", "wget -qO- http://localhost:5001/api/v1/health || exit 1"]
interval: 30s interval: 30s