fix(infra): harden health checks and fix directus security warnings

2026-02-12 17:19:12 +01:00
parent b85312c433
commit f2e38f9c29
2 changed files with 14 additions and 3 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -60,6 +60,11 @@ services:
      AUTH_COOKIE_NAME: ${AUTH_COOKIE_NAME}
      GATEKEEPER_PASSWORD: ${GATEKEEPER_PASSWORD}
      NEXT_PUBLIC_BASE_URL: ${GATEKEEPER_ORIGIN}
+    healthcheck:
+      test: [ "CMD", "node", "-e", "fetch('http://127.0.0.1:3000/gatekeeper/login').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.${PROJECT_NAME}-gatekeeper.loadbalancer.server.port=3000"
@@ -81,8 +86,8 @@ services:
      DB_PORT: '5432'
      WEBSOCKETS_ENABLED: 'true'
      PUBLIC_URL: ${DIRECTUS_URL}
-      KEY: ${DIRECTUS_KEY}
-      SECRET: ${DIRECTUS_SECRET}
+      KEY: ${DIRECTUS_KEY:-01234567-89ab-cdef-0123-456789abcdef}
+      SECRET: ${DIRECTUS_SECRET:-long-secret-for-signing-tokens-must-be-32-chars}
      ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL}
      ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD}
      DB_DATABASE: ${DIRECTUS_DB_NAME:-directus}
@@ -105,6 +110,12 @@ services:
      - "traefik.http.routers.${PROJECT_NAME}-directus.middlewares=${PROJECT_NAME}-forward,compress"
      - "traefik.http.services.${PROJECT_NAME}-directus.loadbalancer.server.port=8055"
      - "traefik.docker.network=infra"
+    healthcheck:
+      test: [ "CMD", "node", "-e", "fetch('http://localhost:8055/admin').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s

  directus-db:
    image: postgres:15-alpine