Configuration for Production

Security Considerations

1. Change default database credentials

Edit docker-compose.yaml:

environment:
  POSTGRES_DB: inventory
  POSTGRES_USER: your_custom_user        # Change this
  POSTGRES_PASSWORD: your_secure_password  # Change this

Also update in backend service:

DATABASE_URL: postgresql://your_custom_user:your_secure_password@db:5432/inventory

2. Restrict database port exposure

For production, remove external database access:

# REMOVE or comment out this section in db service:
# ports:
#   - "5432:5432"

Database will only be accessible to backend container (more secure).

3. Configure CORS properly

Only allow your actual frontend domains:

CORS_ORIGINS: https://yourdomain.com,https://www.yourdomain.com

Never use wildcards (*) in production.

Reverse Proxy Setup (Optional)

For production, consider using a reverse proxy (Nginx Proxy Manager, Traefik, etc.):

Example Nginx config:

server {
    listen 80;
    server_name inventory.yourdomain.com;

    location / {
        proxy_pass http://your-server-ip:56421;
    }

    location /api/ {
        proxy_pass http://your-server-ip:8000/api/;
    }
}

Then update html/config.js:

window.APP_CONFIG = {
  API_BASE_URL: '/api'  // Relative URL when using reverse proxy
};

Backup Strategy

Backup database (while running):

# Create backup
docker exec inventory-db pg_dump -U inventory_user -d inventory > backup_$(date +%Y%m%d_%H%M%S).sql

# Restore backup (⚠️ overwrites existing data)
docker exec -i inventory-db psql -U inventory_user -d inventory < backup_20250117_120000.sql

Backup everything (while stopped):

docker compose down
tar -czf claw-machine-backup.tar.gz \
  docker-compose.yaml \
  backend/ \
  html/ \
  db/ \
  nginx.conf