feat(docker): add Docker deployment configuration

Add production-ready Docker setup with multi-stage Dockerfile, docker-compose orchestration for API, PostgreSQL, Redis, and Nginx services. Includes health checks, non-root user execution, and proper networking. - Add multi-stage Dockerfile with gunicorn/gevent workers - Add docker-compose.yml with api, db, redis, nginx services - Add nginx reverse proxy configuration with security headers - Update .env.example with Docker and production variables - Add email provider configuration (Mailgun, SendGrid) - Add requests dependency for HTTP client support - Update documentation with Docker deployment guide - Rebrand project name from Gatehouse to Secuird
2026-04-04 16:51:19 +10:30
parent 2f2a20adfb
commit d90a06437e
10 changed files with 414 additions and 23 deletions
@@ -64,7 +64,7 @@ python scripts/init_db.py

 6. **Seed sample data** (optional):
 ```bash
-python scripts/seed_data.py
+python -m scripts.seed_data
 ```

 7. **Run the application**:
@@ -77,6 +77,71 @@ python wsgi.py
 The API will be available at `http://localhost:5000`


+## Docker Deployment
+
+### Prerequisites
+- Docker 20.10+
+- Docker Compose 2.0+
+
+### Quick Start
+
+1. **Start all services**:
+```bash
+docker-compose up -d
+```
+
+2. **Initialize the database** (run migrations):
+```bash
+docker-compose exec api python manage.py db upgrade
+```
+
+3. **Seed sample data** (optional):
+```bash
+docker-compose exec api python scripts/seed_data.py
+```
+
+4. **Verify health**:
+```bash
+curl http://localhost:5000/api/health
+```
+
+### Useful Commands
+
+```bash
+# View logs
+docker-compose logs -f api
+
+# Run migrations
+docker-compose exec api python manage.py db upgrade
+
+# Open shell in container
+docker-compose exec api /bin/bash
+
+# Rebuild after changes
+docker-compose up -d --build
+
+# Stop all services
+docker-compose down
+```
+
+### Environment Variables
+
+Copy `.env.example` to `.env` and configure:
+- `POSTGRES_USER` / `POSTGRES_PASSWORD` - Database credentials
+- `SECRET_KEY` - Flask secret key (required in production)
+- `ENCRYPTION_KEY` - Data encryption key
+- `CA_ENCRYPTION_KEY` - CA private key encryption
+- `CORS_ORIGINS` - Allowed CORS origins (comma-separated)
+
+### Production Considerations
+
+- Use a strong `SECRET_KEY` (256-bit random)
+- Enable HTTPS via nginx (configure SSL certificates)
+- Set `BCRYPT_LOG_ROUNDS=13` for stronger password hashing
+- Use Redis persistence (`--appendonly yes`)
+- Configure log aggregation as needed
+
+
 ## API Endpoints

 ### Authentication
@@ -197,22 +262,45 @@ python manage.py db upgrade



-## running seed
-python -m scripts.seed_data
+## Development Commands

-## Running flask in dev
+### Run Flask in Development
+```bash
 FLASK_ENV=development flask run --debug --port 8888
+```
+
+### Seed Sample Data
+```bash
+python -m scripts.seed_data
+# Or with Docker:
+docker-compose exec api python scripts/seed_data.py
+```
+
+### Database Migration
+```bash
+# Apply migrations
+flask db upgrade
+
+# With Docker:
+docker-compose exec api python manage.py db upgrade
+```
+
+### SQLite Browser (Development)
+```bash
+sqlite_web instance/db_file.db --port 9999 --host 0.0.0.0
+```


-# Test creds
-## OIDC Client
-client_id: acme-portal-001
-client_secret: acme_secret_portal_2024
+## Test Credentials

-## User
-email: bob@acme-corp.com
-password: UserPass123!
+### OIDC Client
+| Field | Value |
+|-------|-------|
+| client_id | `acme-portal-001` |
+| client_secret | `acme_secret_portal_2024` |

-
-## Sqlite editor
-sqlite_web instance/db_file.db --port 9999 --host 0.0.0.0
+### Test User
+| Field | Value |
+|-------|-------|
+| email | `bob@acme-corp.com` |
+| password | `UserPass123!` |