feat(infra): create staging docker-compose and environment configuration (#67)
This pull request introduces a production-grade, security-hardened Docker Staging environment configuration for **NexusReader**, prepared directly from the `develop` branch. ### 🚀 Key Additions 1. **`docker-compose.stage.yml`**: - Deploys five isolated containers (`nexus-web-stage`, `nexus-db-stage`, `nexus-qdrant-stage`, `nexus-neo4j-stage`) inside a dedicated `nexus-stage` bridge network. - Sets non-conflicting port mappings to allow staging to run concurrently with other environments on the same host (e.g., Web on `5080`, Postgres on `5438`, Neo4j HTTP on `7488`). - Configures robust container healthchecks (`curl` for Qdrant, `wget` for Neo4j, `pg_isready` for Postgres). - Maps dedicated named persistent volumes for databases (`pgdata_stage`, `qdrant_stage_data`, `neo4j_stage_data`) to prevent data loss. - Maps separate persistent volumes specifically for dynamic web uploads (`stage_www_uploads` for EPUBs, `stage_www_covers` for covers) without overriding the compiled static web client files. 2. **`.env.stage.template`**: - A clean deployment environment template providing a blueprint of all variables. - Copied to `.env.stage` locally during deployment to inject secrets securely. - Mandates a secure `NEXUS_ADMIN_PASSWORD` (checked by `DbInitializer` for staging/production builds). 3. **`.gitignore`**: - Explicitly ignores local environment configurations (such as `.env.stage`) to prevent accidentally committing credentials, while keeping the `.env.stage.template` tracked. --- ### 🧪 Verification Performed - **Docker Compose Validation**: Ran `docker compose -f docker-compose.stage.yml --env-file .env.stage config` successfully with zero configuration or parsing errors. - **Solution Compilation**: Ran `dotnet build NexusReader.slnx --no-restore` from root — **SUCCESS** with `0` compile errors. - **Automated Tests**: Ran `dotnet test --no-restore` — **SUCCESS** (all 20/20 unit tests passed). --------- Co-authored-by: Marek Jasiński <jasins.marek@gmail.com> Reviewed-on: #67 Co-authored-by: Antigravity <antigravity@google.com> Co-committed-by: Antigravity <antigravity@google.com>
This commit was merged in pull request #67.
This commit is contained in:
@@ -0,0 +1,42 @@
|
||||
# ===================================================================
|
||||
# NexusReader — Staging (Stage) Environment Variables
|
||||
# ===================================================================
|
||||
# Copy this file to `.env.stage` and fill in the values before deployment:
|
||||
# cp .env.stage.template .env.stage
|
||||
#
|
||||
# Then deploy with:
|
||||
# docker compose -f docker-compose.stage.yml --env-file .env.stage up -d --build
|
||||
# ===================================================================
|
||||
|
||||
# === PostgreSQL ===
|
||||
POSTGRES_USER=nexus_user_stage
|
||||
POSTGRES_PASSWORD=CHANGE_ME_TO_STRONG_PASSWORD
|
||||
POSTGRES_DB=nexus_stage_db
|
||||
POSTGRES_PORT=5438
|
||||
|
||||
# === Neo4j ===
|
||||
NEO4J_USERNAME=neo4j
|
||||
NEO4J_PASSWORD=CHANGE_ME_TO_STRONG_PASSWORD
|
||||
|
||||
# === Qdrant (leave empty to disable API key auth in staging) ===
|
||||
QDRANT_API_KEY=
|
||||
|
||||
# === Web App ===
|
||||
WEB_PORT=5080
|
||||
|
||||
# === Google OAuth (Staging credentials) ===
|
||||
GOOGLE_CLIENT_ID=placeholder_google_client_id_stage
|
||||
GOOGLE_CLIENT_SECRET=placeholder_google_client_secret_stage
|
||||
|
||||
# === Gemini AI ===
|
||||
GOOGLE_AI_API_KEY=placeholder_gemini_api_key_stage
|
||||
|
||||
# === Secure Admin Seed Password (MANDATORY in Staging environment) ===
|
||||
# This password is used by DbInitializer during startup. Cannot be empty or 'Admin123!'.
|
||||
NEXUS_ADMIN_PASSWORD=CHANGE_ME_TO_SECURE_ADMIN_PASSWORD
|
||||
|
||||
# === Non-standard ports for auxiliary services ===
|
||||
QDRANT_HTTP_PORT=6383
|
||||
QDRANT_GRPC_PORT=6384
|
||||
NEO4J_HTTP_PORT=7488
|
||||
NEO4J_BOLT_PORT=7688
|
||||
Reference in New Issue
Block a user