FIX: Resolve Docker build and deployment critical issues

- Upgrade Node.js to 24 for dependency compatibility (better-sqlite3, vite) - Add openssl to Alpine image for SSL certificate generation - Fix Docker file permissions for /app/config directory (node user access) - Update npm syntax: --only=production → --omit=dev (modern npm) - Implement persistent configuration storage via Docker volumes - Modify security checks to warn instead of exit for auto-generated keys - Remove incorrect root Dockerfile/docker-compose.yml files - Enable proper SSL/TLS certificate auto-generation in containers All Docker deployment issues resolved. Application now starts successfully with persistent configuration and auto-generated security keys. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-23 06:52:08 +08:00
parent 2a37ea0f8c
commit 009f258996
10 changed files with 149 additions and 260 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,15 +1,55 @@
 services:
  termix:
-    image: ghcr.io/lukegus/termix:latest
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
    container_name: termix
    restart: unless-stopped
    ports:
-      - "8080:8080"
+      # HTTP port (redirects to HTTPS if SSL enabled)
+      - "${PORT:-8080}:8080"
+      # HTTPS port (when SSL is enabled)
+      - "${SSL_PORT:-8443}:8443"
    volumes:
      - termix-data:/app/data
+      - termix-config:/app/config
+      # Optional: Mount custom SSL certificates
+      # - ./ssl:/app/ssl:ro
    environment:
-      PORT: "8080"
+      # Basic configuration
+      - PORT=${PORT:-8080}
+      - NODE_ENV=${NODE_ENV:-production}
+
+      # SSL/TLS Configuration
+      - ENABLE_SSL=${ENABLE_SSL:-false}
+      - SSL_PORT=${SSL_PORT:-8443}
+      - SSL_DOMAIN=${SSL_DOMAIN:-localhost}
+      - SSL_CERT_PATH=${SSL_CERT_PATH:-/app/ssl/termix.crt}
+      - SSL_KEY_PATH=${SSL_KEY_PATH:-/app/ssl/termix.key}
+
+      # Security keys (set these for production)
+      - JWT_SECRET=${JWT_SECRET:-}
+      - DATABASE_KEY=${DATABASE_KEY:-}
+
+      # Database configuration
+      - DATABASE_ENCRYPTION=${DATABASE_ENCRYPTION:-true}
+
+      # CORS configuration
+      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-*}
+
+    # Health check for both HTTP and HTTPS
+    healthcheck:
+      test: |
+        curl -f -k https://localhost:8443/health 2>/dev/null ||
+        curl -f http://localhost:8080/health 2>/dev/null ||
+        exit 1
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s

 volumes:
  termix-data:
    driver: local
+  termix-config:
+    driver: local