Noch ein paar Hardening-Sachen

2025-09-25 14:08:45 +00:00
parent 744488fb5b
commit da9d08c149
4 changed files with 80 additions and 67 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,38 +7,18 @@ services:
    profiles:
      - default
    environment:
-      MYSQL_ROOT_PASSWORD: rezepte123
-      MYSQL_DATABASE: rezepte
-      MYSQL_USER: rezepte_user
-      MYSQL_PASSWORD: rezepte_pass
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-change_this_root_password}
+      MYSQL_DATABASE: ${MYSQL_DATABASE:-rezepte}
+      MYSQL_USER: ${MYSQL_USER:-rezepte_user}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-change_this_password}
    ports:
-      - "3307:3306"
+      - "${MYSQL_PORT:-3307}:3306"
    volumes:
      - mysql_data:/var/lib/mysql
      - ./sql-init:/docker-entrypoint-initdb.d
    networks:
      - rezepte_network

-  # PHP Application with Apache
-  php-app:
-    build: .
-    container_name: rezepte_app
-    restart: always
-    profiles:
-      - legacy
-    ports:
-      - "8082:80"
-    volumes:
-      - .:/var/www/html
-    depends_on:
-      - mysql
-    networks:
-      - rezepte_network
-    environment:
-      DB_HOST: mysql
-      DB_NAME: rezepte
-      DB_USER: rezepte_user
-      DB_PASS: rezepte_pass

  # phpMyAdmin
  phpmyadmin:
@@ -48,12 +28,12 @@ services:
    profiles:
      - admin
    ports:
-      - "8083:80"
+      - "${PHPMYADMIN_PORT:-8083}:80"
    environment:
      PMA_HOST: mysql
-      PMA_USER: rezepte_user
-      PMA_PASSWORD: rezepte_pass
-      MYSQL_ROOT_PASSWORD: rezepte123
+      PMA_USER: ${MYSQL_USER:-rezepte_user}
+      PMA_PASSWORD: ${MYSQL_PASSWORD:-change_this_password}
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-change_this_root_password}
    depends_on:
      - mysql
    networks:
@@ -68,16 +48,15 @@ services:
    profiles:
      - default
    environment:
-      NODE_ENV: production
-      PORT: 3001
-      DATABASE_URL: mysql://rezepte_user:rezepte_pass@mysql:3306/rezepte
-      JWT_SECRET: your-super-secret-jwt-key-change-in-production
-      UPLOAD_PATH: /app/uploads
-      MAX_FILE_SIZE: 5242880
-      # CORS_ORIGIN: Restrict in production (example: http://esprimo:3000,http://localhost:3000)
-      CORS_ORIGIN: "*"
+      NODE_ENV: ${NODE_ENV:-production}
+      PORT: ${BACKEND_PORT:-3001}
+      DATABASE_URL: ${DATABASE_URL:-mysql://${MYSQL_USER:-rezepte_user}:${MYSQL_PASSWORD:-change_this_password}@mysql:3306/${MYSQL_DATABASE:-rezepte}}
+      JWT_SECRET: ${JWT_SECRET:-please_change_to_secure_32_char_min}
+      UPLOAD_PATH: ${UPLOAD_PATH:-/app/uploads}
+      MAX_FILE_SIZE: ${MAX_FILE_SIZE:-5242880}
+      CORS_ORIGIN: ${CORS_ORIGIN:-http://localhost:3000}
    ports:
-      - "3001:3001"
+      - "${BACKEND_PORT:-3001}:${BACKEND_PORT:-3001}"
    volumes:
      - uploads_data:/app/uploads
      - ./uploads:/app/legacy-uploads:ro
@@ -98,7 +77,7 @@ services:
    profiles:
      - default
    ports:
-      - "3000:80"
+      - "${FRONTEND_PORT:-3000}:80"
    networks:
      - rezepte_network
    depends_on: