15. Docker & Infrastructure Optimization

meta: id: web-production-15 feature: web-production priority: P2 depends_on: [] tags: [infrastructure, docker, production]

objective:

Optimize Docker images and infrastructure for production deployment with security and efficiency

deliverables:

steps:

Create optimized Dockerfile for web app:
- Multi-stage build (deps → build → runtime)
- Use node:22-alpine for minimal image size
- Run as non-root user
- Copy only necessary files to runtime stage
- Health check in Dockerfile
Optimize scheduler Dockerfile:
- Reduce image size (currently copies many files)
- Use .dockerignore to exclude unnecessary files
- Pin base image versions
Create docker-compose.prod.yml:
- Web app service with replicas
- Redis service with persistence
- Database is external (Turso) — no container needed
- Nginx reverse proxy with SSL termination
- Watchtower for automatic updates
Add security scanning:
- Trivy or Snyk scan in CI pipeline
- Fail build on CRITICAL vulnerabilities
- Weekly automated scan of production images
Implement Infrastructure as Code:
- Terraform configuration for AWS/GCP/Vultr
- VPC, subnets, security groups
- ECS/Fargate or Kubernetes deployment
- Load balancer with SSL
- Turso database (managed — no IaaS needed, configure via environment variables)
- ElastiCache/Memorystore for Redis
Add environment-specific configs:
- Production nginx.conf with rate limiting
- SSL certificate management (Let's Encrypt)
- Firewall rules

tests:

acceptance_criteria:

validation:

notes:

Current scheduler/Dockerfile copies many source files — optimize with .dockerignore
Consider using distroless images for even smaller footprint
Use AWS Fargate or Google Cloud Run for serverless containers
Turso is fully managed — no database container or IaaS needed, just DATABASE_URL and DATABASE_AUTH_TOKEN