Vectry/agentlens
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity
Files
b3e51195686c7787f40c89f62ce25bcdf4010c38
agentlens/docker-compose.yml
Vectry cccb3123ed security: P1/P2 hardening — rate limiting, CORS, Redis auth, network isolation 
- Add Redis-based sliding window rate limiting on login, register, forgot-password, reset-password
- Fix user enumeration: register returns generic 200 for both new and existing emails
- Add Redis authentication (requirepass) and password in .env
- Docker network isolation: postgres/redis on internal-only network
- Whitelist Stripe redirect origins (prevent open redirect)
- Add 10MB request size limit on trace ingestion
- Limit API keys to 10 per user
- Add CORS headers via middleware (whitelist agentlens.vectry.tech + localhost)
- Reduce JWT max age from 30 days to 7 days
2026-02-10 17:03:48 +00:00

119 lines
3.0 KiB
YAML
Raw Blame History

services:
web:
build:
context: .
target: web
ports:
- "4200:3000"
environment:
- NODE_ENV=production
- REDIS_URL=redis://:${REDIS_PASSWORD}@redis:6379
- DATABASE_URL=postgresql://${POSTGRES_USER:-agentlens}:${POSTGRES_PASSWORD:-agentlens}@postgres:5432/${POSTGRES_DB:-agentlens}
- AUTH_SECRET=${AUTH_SECRET}
- AUTH_TRUST_HOST=true
- STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY:-}
- STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
- STRIPE_STARTER_PRICE_ID=${STRIPE_STARTER_PRICE_ID:-price_1SzJUlR8i0An4Wz7gZeYgzBY}
- STRIPE_PRO_PRICE_ID=${STRIPE_PRO_PRICE_ID:-price_1SzJVWR8i0An4Wz755hBrxzn}
- EMAIL_PASSWORD=${EMAIL_PASSWORD:-}
depends_on:
redis:
condition: service_healthy
postgres:
condition: service_healthy
migrate:
condition: service_completed_successfully
networks:
- frontend
- backend
healthcheck:
test: ["CMD", "wget", "--spider", "--quiet", "http://127.0.0.1:3000/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
deploy:
resources:
limits:
memory: 512M
reservations:
memory: 256M
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
restart: always
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=${POSTGRES_USER:-agentlens}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-agentlens}
- POSTGRES_DB=${POSTGRES_DB:-agentlens}
volumes:
- agentlens_postgres_data:/var/lib/postgresql/data
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready -U agentlens"]
interval: 10s
timeout: 5s
retries: 5
deploy:
resources:
limits:
memory: 256M
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
restart: always
migrate:
build:
context: .
target: builder
command: npx prisma db push --schema=packages/database/prisma/schema.prisma --skip-generate
environment:
- DATABASE_URL=postgresql://${POSTGRES_USER:-agentlens}:${POSTGRES_PASSWORD:-agentlens}@postgres:5432/${POSTGRES_DB:-agentlens}
depends_on:
postgres:
condition: service_healthy
networks:
- backend
restart: "no"
redis:
image: redis:7-alpine
command: redis-server --maxmemory 64mb --maxmemory-policy allkeys-lru --requirepass ${REDIS_PASSWORD}
volumes:
- agentlens_redis_data:/data
networks:
- backend
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
interval: 10s
timeout: 5s
retries: 3
deploy:
resources:
limits:
memory: 128M
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: always
networks:
frontend:
backend:
internal: true
volumes:
agentlens_postgres_data:
agentlens_redis_data:
Reference in New Issue View Git Blame Copy Permalink