senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/config/docker
History
senke c0e2fe2e12 fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 
MEDIUM-002: Remove manual X-Forwarded-For parsing in metrics_protection.go,
  use c.ClientIP() only (respects SetTrustedProxies)
MEDIUM-003: Pin ClamAV Docker image to 1.4 across all compose files
MEDIUM-004: Add clampLimit(100) to 15+ handlers that parsed limit directly
MEDIUM-006: Remove unsafe-eval from CSP script-src on Swagger routes
MEDIUM-007: Pin all GitHub Actions to SHA in 11 workflow files
MEDIUM-008: Replace rabbitmq:3-management-alpine with rabbitmq:3-alpine in prod
MEDIUM-009: Add trial-already-used check in subscription service
MEDIUM-010: Add 60s periodic token re-validation to WebSocket connections
MEDIUM-011: Mask email in auth handler logs with maskEmail() helper
MEDIUM-012: Add k-anonymity threshold (k=5) to playback analytics stats
LOW-001: Align frontend password policy to 12 chars (matching backend)
LOW-003: Replace deprecated dotenv with dotenvy crate in Rust stream server
LOW-004: Enable xpack.security in Elasticsearch dev/local compose files
LOW-005: Accept context.Context in CleanupExpiredSessions instead of Background()
LOW-002: Noted — Hyperswitch version update deferred (requires payment integration tests)

29/30 findings remediated. 1 noted (LOW-002).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 06:13:38 +01:00
..
docker-compose.local.yml fix(v0.12.6.1): remediate remaining 15 MEDIUM + LOW pentest findings 2026-03-12 06:13:38 +01:00
README.md chore(cleanup): remove veza-chat-server directory and all operational references 2026-02-22 21:13:00 +01:00

README.md

Docker Compose Files — Usage Guide

This project uses multiple docker-compose files for different environments. After the cleanup in the audit remediation, the following files remain and are canonical:

Root-level files

File Purpose Usage
docker-compose.yml Local development docker compose up
docker-compose.prod.yml Production (canonical) docker compose -f docker-compose.prod.yml up -d
docker-compose.staging.yml Staging environment docker compose -f docker-compose.staging.yml up -d
docker-compose.test.yml Integration tests docker compose -f docker-compose.test.yml up -d

Service-specific files

File Purpose Usage
veza-stream-server/docker-compose.yml Standalone stream server dev cd veza-stream-server && docker compose up

Infrastructure monitoring

File Purpose Usage
config/docker/docker-compose.local.yml Local monitoring (Prometheus, Grafana) docker compose -f config/docker/docker-compose.local.yml up -d

Deleted files (audit remediation C9)

The following deprecated/duplicate files were removed:

  • docker-compose.production.yml (root) — superseded by docker-compose.prod.yml
  • config/docker/docker-compose.production.yml — deprecated copy
  • veza-stream-server/docker-compose.production.yml — deprecated copy

Production deployment notes

docker-compose.prod.yml requires the following environment variables to be set (it will fail if any are missing):

  • DB_PASS — PostgreSQL password
  • JWT_SECRET — JWT signing secret (minimum 32 characters)
  • RABBITMQ_PASS — RabbitMQ password

All database connections use sslmode=require.