From 8b855ca371c8d5f980ef90761757a7a01a781d9a Mon Sep 17 00:00:00 2001
From: "T. Narantuya" <tumurbarsnarantuya@gmail.com>
Date: Fri, 29 Aug 2025 18:15:05 +0900
Subject: [PATCH] Update Docker Compose configuration for security and
 functionality

- Restrict frontend service port to localhost for enhanced security.
- Add volume mapping for secrets to the application container.
- Update healthcheck command for the database service to reflect new user and database names.
---
 compose-plesk.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/compose-plesk.yaml b/compose-plesk.yaml
index 955f06a6..5b689a2a 100644
--- a/compose-plesk.yaml
+++ b/compose-plesk.yaml
@@ -8,7 +8,7 @@ services:
     container_name: portal-frontend
     network_mode: bridge
     ports:
-      - "3000:3000"
+      - "127.0.0.1:3000:3000"  # Only accessible from localhost for security
     environment:
       - NODE_ENV=production
       - PORT=3000
@@ -59,6 +59,8 @@ services:
       - EMAIL_TEMPLATE_RESET=${EMAIL_TEMPLATE_RESET}
       - EMAIL_TEMPLATE_WELCOME=${EMAIL_TEMPLATE_WELCOME}
       - NODE_OPTIONS=${NODE_OPTIONS}
+    volumes:
+      - /var/www/vhosts/asolutions.jp/httpdocs/secrets:/app/secrets:ro
     restart: unless-stopped
     depends_on:
       - database
@@ -86,7 +88,7 @@ services:
       - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U portal_user -d portal_db"]
+      test: ["CMD-SHELL", "pg_isready -U portal -d portal_prod"]
       interval: 10s
       timeout: 5s
       retries: 5