From 5c6089ba84ed5b25d8c8a9c20ad5a90b78cd5eaf Mon Sep 17 00:00:00 2001 From: Carlos Date: Mon, 19 Jan 2026 13:16:35 -0800 Subject: [PATCH 1/2] docker: add production compose override for localhost-only ports Creates production/docker-compose.production.yml that binds all service ports to localhost only, allowing nginx to handle external traffic. Changes: - Add docker-compose.production.yml with localhost-only port bindings: - frontend: 127.0.0.1:3000:80 - backend: 127.0.0.1:8000:8000 - syncserver: 127.0.0.1:8081:8080 - Update production/README.md: - Replace manual docker-compose.yml editing with override file usage - Add useful production commands (logs, restart, rebuild) Usage: docker compose -f docker-compose.yml -f production/docker-compose.production.yml up -d This keeps the base docker-compose.yml unchanged for development while providing a versioned production configuration. Co-Authored-By: Claude Opus 4.5 --- production/README.md | 46 +++++++++++++++--------- production/docker-compose.production.yml | 18 ++++++++++ 2 files changed, 47 insertions(+), 17 deletions(-) create mode 100644 production/docker-compose.production.yml diff --git a/production/README.md b/production/README.md index 39c625ef..5ccbcf39 100644 --- a/production/README.md +++ b/production/README.md @@ -61,25 +61,22 @@ sudo systemctl start nginx sudo systemctl reload nginx ``` -### Step 4: Update docker-compose.yml +### Step 4: Use production Docker Compose override -Modify the port bindings to listen only on localhost (nginx will handle external traffic): +The `production/docker-compose.production.yml` file binds all ports to localhost only, so nginx handles external traffic. Use it as an override file (do not modify the base `docker-compose.yml`): -```yaml -services: - frontend: - ports: - - "127.0.0.1:3000:80" # Changed from "80:80" - - backend: - ports: - - "127.0.0.1:8000:8000" # Bind to localhost only - - syncserver: - ports: - - "127.0.0.1:8081:8080" # Changed from "8080:8080" +```bash +# From the project root directory: +docker compose -f docker-compose.yml -f production/docker-compose.production.yml up -d ``` +This applies the following port changes: +| Service | Development | Production | +|---------|-------------|------------| +| frontend | `80:80` | `127.0.0.1:3000:80` | +| backend | `8000:8000` | `127.0.0.1:8000:8000` | +| syncserver | `8080:8080` | `127.0.0.1:8081:8080` | + ### Step 5: Create environment files Create `.backend.env`: @@ -107,12 +104,27 @@ In Google Cloud Console, add the redirect URI: ### Step 7: Deploy ```bash -docker-compose pull -docker-compose up -d +# Pull latest images +docker compose pull + +# Start with production override (localhost-only ports) +docker compose -f docker-compose.yml -f production/docker-compose.production.yml up -d ``` Your CCSync instance should now be available at `https://your-domain.com` +**Useful commands:** +```bash +# View logs +docker compose -f docker-compose.yml -f production/docker-compose.production.yml logs -f + +# Restart services +docker compose -f docker-compose.yml -f production/docker-compose.production.yml restart + +# Rebuild and restart (after code changes) +docker compose -f docker-compose.yml -f production/docker-compose.production.yml up -d --build +``` + --- ## Option 3: Kubernetes diff --git a/production/docker-compose.production.yml b/production/docker-compose.production.yml new file mode 100644 index 00000000..d1ca4ca8 --- /dev/null +++ b/production/docker-compose.production.yml @@ -0,0 +1,18 @@ +# Production override for docker-compose.yml +# Use with: docker compose -f docker-compose.yml -f production/docker-compose.production.yml up -d +# +# This binds all ports to localhost only, so nginx handles external traffic. +# Do NOT use this file for local development - use docker-compose.yml directly. + +services: + frontend: + ports: + - "127.0.0.1:3000:80" + + backend: + ports: + - "127.0.0.1:8000:8000" + + syncserver: + ports: + - "127.0.0.1:8081:8080" From daf737543283ddb762fc47e2c4ad407a05004a50 Mon Sep 17 00:00:00 2001 From: Carlos Date: Mon, 19 Jan 2026 13:19:46 -0800 Subject: [PATCH 2/2] fix: use !override to replace port arrays instead of merging Without !override, Docker Compose merges the port arrays, resulting in both public and localhost-only ports being exposed. The !override tag ensures the production ports completely replace the development ones. Note: !reset clears to empty but doesn't apply the new values in some Docker Compose versions. !override works correctly. Requires Docker Compose v2.24.0+ (Compose Spec 2.1) Co-Authored-By: Claude Opus 4.5 --- production/docker-compose.production.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/production/docker-compose.production.yml b/production/docker-compose.production.yml index d1ca4ca8..cbfc1cd1 100644 --- a/production/docker-compose.production.yml +++ b/production/docker-compose.production.yml @@ -3,16 +3,19 @@ # # This binds all ports to localhost only, so nginx handles external traffic. # Do NOT use this file for local development - use docker-compose.yml directly. +# +# Note: !override replaces the port arrays instead of merging them. +# Requires Docker Compose v2.24.0+ (Compose Spec 2.1) services: frontend: - ports: + ports: !override - "127.0.0.1:3000:80" backend: - ports: + ports: !override - "127.0.0.1:8000:8000" syncserver: - ports: + ports: !override - "127.0.0.1:8081:8080"