feat(docker): add .env.production for secure environment variable management

2025-12-18 22:29:09 +00:00 · 2025-09-19 18:32:31 +08:00
parent 5935f83dd8
commit 34f81beb92
2 changed files with 22 additions and 9 deletions
--- a/deploy/.env.production
+++ b/deploy/.env.production
@@ -0,0 +1,6 @@
+POSTGRES_DB=apple_exchange
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=Kp9#mX8$vL2@nQ5!wR7
+DATABASE_URL=postgresql+asyncpg://postgres:Kp9#mX8$vL2@nQ5!wR7@db:5432/apple_exchange
+REDIS_PASSWORD=Df4$jG7&zN9@pL1#tY3
+REDIS_URL=redis://:Df4$jG7&zN9@pL1#tY3@redis:6379/0
--- a/deploy/docker-compose.production.yml
+++ b/deploy/docker-compose.production.yml
@@ -30,12 +30,13 @@ services:
      context: ../backend
      dockerfile: Dockerfile
    container_name: apple-exchange-api
+    env_file:
+      - ./.env.production
    environment:
      - SERVICE_TYPE=api
      - ENVIRONMENT=production
-      - DATABASE_URL=postgresql+asyncpg://postgres:Kp9#mX8$vL2@nQ5!wR7@db:5432/apple_exchange
-      - REDIS_URL=redis://:Df4$jG7&zN9@pL1#tY3@redis:6379/0
-
+      - DATABASE_URL=${DATABASE_URL}
+      - REDIS_URL=${REDIS_URL}
      - WORKERS=4
      - SCREENSHOT_DIR=/app/data/snapshot
      - LOG_DIR=/app/logs
@@ -60,11 +61,13 @@ services:
      context: ../backend
      dockerfile: Dockerfile.worker
    container_name: apple-exchange-worker
+    env_file:
+      - ./.env.production
    environment:
      - SERVICE_TYPE=worker
      - ENVIRONMENT=production
-      - DATABASE_URL=postgresql+asyncpg://postgres:Kp9#mX8$vL2@nQ5!wR7@db:5432/apple_exchange
-      - REDIS_URL=redis://:Df4$jG7&zN9@pL1#tY3@redis:6379/0
+      - DATABASE_URL=${DATABASE_URL}
+      - REDIS_URL=${REDIS_URL}
      - WORKER_MAX_CONCURRENT_TASKS=5
      - SCREENSHOT_DIR=/app/data/snapshot
      - LOG_DIR=/app/logs
@@ -93,10 +96,12 @@ services:
  db:
    image: postgres:17-alpine
    container_name: apple-exchange-db
+    env_file:
+      - ./.env.production
    environment:
-      - POSTGRES_DB=apple_exchange
-      - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD=Kp9#mX8$vL2@nQ5!wR7
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
@@ -113,7 +118,9 @@ services:
  redis:
    image: redis:7-alpine
    container_name: apple-exchange-redis
-    command: redis-server --requirepass Df4$jG7&zN9@pL1#tY3
+    env_file:
+      - ./.env.production
+    command: redis-server --requirepass ${REDIS_PASSWORD}
    volumes:
      - redis_data:/data
    networks: