FIX: Resolve Docker build and deployment critical issues

- Upgrade Node.js to 24 for dependency compatibility (better-sqlite3, vite)
- Add openssl to Alpine image for SSL certificate generation
- Fix Docker file permissions for /app/config directory (node user access)
- Update npm syntax: --only=production → --omit=dev (modern npm)
- Implement persistent configuration storage via Docker volumes
- Modify security checks to warn instead of exit for auto-generated keys
- Remove incorrect root Dockerfile/docker-compose.yml files
- Enable proper SSL/TLS certificate auto-generation in containers

All Docker deployment issues resolved. Application now starts successfully
with persistent configuration and auto-generated security keys.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

docker/Dockerfile

@@ -45,7 +45,7 @@ ENV npm_config_target_platform=linux
 ENV npm_config_target_arch=x64
 ENV npm_config_target_libc=glibc
 
-RUN npm ci --only=production --ignore-scripts --force && \
+RUN npm ci --omit=dev --ignore-scripts --force && \
     npm cache clean --force
 
 # Stage 5: Build native modules
@@ -61,7 +61,7 @@ ENV npm_config_target_arch=x64
 ENV npm_config_target_libc=glibc
 
 # Install native modules and compile them properly
-RUN npm ci --only=production --force && \
+RUN npm ci --omit=dev --force && \
     npm rebuild better-sqlite3 bcryptjs --force && \
     npm cache clean --force
 
@@ -71,9 +71,9 @@ ENV DATA_DIR=/app/data \
     PORT=8080 \
     NODE_ENV=production
 
-RUN apk add --no-cache nginx gettext su-exec && \
-    mkdir -p /app/data && \
-    chown -R node:node /app/data
+RUN apk add --no-cache nginx gettext su-exec openssl && \
+    mkdir -p /app/data /app/config && \
+    chown -R node:node /app/data /app/config
 
 COPY docker/nginx.conf /etc/nginx/nginx.conf
 COPY docker/nginx-https.conf /etc/nginx/nginx-https.conf
@@ -87,7 +87,8 @@ COPY --from=native-builder /app/node_modules /app/node_modules
 COPY --from=backend-builder /app/dist/backend ./dist/backend
 
 COPY package.json ./
-RUN chown -R node:node /app
+RUN chown -R node:node /app && \
+    chmod 755 /app/config
 
 VOLUME ["/app/data"]
 

docker/docker-compose.yml

@@ -1,15 +1,55 @@
 services:
   termix:
-    image: ghcr.io/lukegus/termix:latest
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
     container_name: termix
     restart: unless-stopped
     ports:
-      - "8080:8080"
+      # HTTP port (redirects to HTTPS if SSL enabled)
+      - "${PORT:-8080}:8080"
+      # HTTPS port (when SSL is enabled)
+      - "${SSL_PORT:-8443}:8443"
     volumes:
       - termix-data:/app/data
+      - termix-config:/app/config
+      # Optional: Mount custom SSL certificates
+      # - ./ssl:/app/ssl:ro
     environment:
-      PORT: "8080"
+      # Basic configuration
+      - PORT=${PORT:-8080}
+      - NODE_ENV=${NODE_ENV:-production}
+
+      # SSL/TLS Configuration
+      - ENABLE_SSL=${ENABLE_SSL:-false}
+      - SSL_PORT=${SSL_PORT:-8443}
+      - SSL_DOMAIN=${SSL_DOMAIN:-localhost}
+      - SSL_CERT_PATH=${SSL_CERT_PATH:-/app/ssl/termix.crt}
+      - SSL_KEY_PATH=${SSL_KEY_PATH:-/app/ssl/termix.key}
+
+      # Security keys (set these for production)
+      - JWT_SECRET=${JWT_SECRET:-}
+      - DATABASE_KEY=${DATABASE_KEY:-}
+
+      # Database configuration
+      - DATABASE_ENCRYPTION=${DATABASE_ENCRYPTION:-true}
+
+      # CORS configuration
+      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-*}
+
+    # Health check for both HTTP and HTTPS
+    healthcheck:
+      test: |
+        curl -f -k https://localhost:8443/health 2>/dev/null ||
+        curl -f http://localhost:8080/health 2>/dev/null ||
+        exit 1
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
 
 volumes:
   termix-data:
     driver: local
+  termix-config:
+    driver: local