docker conf updated

Author: markokraemer

backend/Dockerfile

@@ -1,26 +1,60 @@
 FROM python:3.11-slim
 
-WORKDIR /app
-RUN pip install --no-cache-dir gunicorn
-
-COPY requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+# Set environment variables
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    ENV_MODE="production" \
+    PYTHONPATH=/app
 
+WORKDIR /app
 
-# Copy the .env file first
-# COPY .env . # ATTENTION. We shouldn't copy secrets to the image
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
 
-# Copy the backend code
-COPY . .
+# Create non-root user and set up directories
+RUN useradd -m -u 1000 appuser && \
+    mkdir -p /app/logs && \
+    chown -R appuser:appuser /app
 
-# Set environment variable
-ENV PYTHONPATH=/app
+# Install Python dependencies
+COPY --chown=appuser:appuser requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt gunicorn
 
+# Switch to non-root user
+USER appuser
 
-ENV ENV_MODE="production"
+# Copy application code
+COPY --chown=appuser:appuser . .
 
 # Expose the port the app runs on
 EXPOSE 8000
 
-# 24 workers
-CMD ["gunicorn", "api:app", "--workers", "24", "--worker-class", "uvicorn.workers.UvicornWorker", "--bind", "0.0.0.0:8000", "--timeout", "600", "--graceful-timeout", "300", "--keep-alive", "250", "--max-requests", "0", "--max-requests-jitter", "0", "--forwarded-allow-ips", "*", "--worker-connections", "5000", "--worker-tmp-dir", "/dev/shm", "--preload"]
+# Calculate optimal worker count based on 16 vCPUs
+# Using (2*CPU)+1 formula for CPU-bound applications
+ENV WORKERS=33
+ENV THREADS=2
+ENV WORKER_CONNECTIONS=2000
+
+# Gunicorn configuration
+CMD ["sh", "-c", "gunicorn api:app \
+     --workers $WORKERS \
+     --worker-class uvicorn.workers.UvicornWorker \
+     --bind 0.0.0.0:8000 \
+     --timeout 600 \
+     --graceful-timeout 300 \
+     --keep-alive 250 \
+     --max-requests 2000 \
+     --max-requests-jitter 400 \
+     --forwarded-allow-ips '*' \
+     --worker-connections $WORKER_CONNECTIONS \
+     --worker-tmp-dir /dev/shm \
+     --preload \
+     --log-level info \
+     --access-logfile - \
+     --error-logfile - \
+     --capture-output \
+     --enable-stdio-inheritance \
+     --threads $THREADS"]

backend/docker-compose.yml

@@ -11,6 +11,7 @@ services:
       - .env
     volumes:
       - .:/app
+      - ./logs:/app/logs
     restart: unless-stopped
     depends_on:
       redis:
@@ -21,6 +22,26 @@ services:
       - REDIS_HOST=redis
       - REDIS_PORT=6379
       - REDIS_PASSWORD=
+      - LOG_LEVEL=INFO
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+    deploy:
+      resources:
+        limits:
+          cpus: '14'
+          memory: 48G
+        reservations:
+          cpus: '8'
+          memory: 32G
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
 
   redis:
     image: redis:7-alpine
@@ -31,13 +52,26 @@ services:
     restart: unless-stopped
     networks:
       - app-network
-    command: redis-server --appendonly yes --bind 0.0.0.0 --protected-mode no
+    command: redis-server --appendonly yes --bind 0.0.0.0 --protected-mode no --maxmemory 8gb --maxmemory-policy allkeys-lru
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
-      interval: 5s
-      timeout: 3s
-      retries: 3
-      start_period: 5s
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 12G
+        reservations:
+          cpus: '1'
+          memory: 8G
 
 networks:
   app-network: