hatch-surf/docker-compose.yml
Chris Anderson a63d2dbf62 Add security headers, rate limiting, and input validation middleware
- SecurityHeaders: X-Frame-Options, CSP, HSTS, X-XSS-Protection, etc.
- RateLimiter: in-memory sliding window, 100 req/min per IP
- ValidateSlug: alphanumeric + hyphens, 3-100 chars
- SanitizeSearchQuery: strips injection-prone characters
- REDIS_URL env var passthrough in docker-compose for future caching

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-25 22:18:21 +02:00

35 lines
745 B
YAML

services:
hatch:
build: .
restart: unless-stopped
ports:
- "127.0.0.1:8080:8080"
volumes:
- hatch-data:/data
environment:
- HATCH_PORT=8080
- HATCH_DB_PATH=/data/hatch.db
- HATCH_BASE_URL=${HATCH_BASE_URL:-http://localhost}
- REDIS_URL=${REDIS_URL:-}
caddy:
image: caddy:2-alpine
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy-data:/data
- caddy-config:/config
environment:
- HATCH_HOSTNAME=${HATCH_HOSTNAME:-localhost}
# Caddy runs even without a real hostname (self-signed)
profiles:
- with-caddy
volumes:
hatch-data:
caddy-data:
caddy-config: