Skip to content

fix(compose-file):updated mysql version, added health chk, volume #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aman-wednesdaysol wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(compose-file):updated mysql version, added health chk, volume #93

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 32 additions & 19 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,32 +1,45 @@
version: '3'
services:
db_mysql:
image: mysql:5.7
image: mysql:8.0.35
ports:
- '3306:3306'
restart: always
env_file:
- .env.docker
environment:
MYSQL_ROOT_PASSWORD: password
volumes:
- mysql_data:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
interval: 10s
timeout: 5s
retries: 5

redis:
image: 'redis:alpine'
ports:
- '6379:6379'
command: ['redis-server', '--bind', 'redis', '--port', '6379']
command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379']
Copy link

@gemini-code-assist gemini-code-assist bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The Redis service is configured to bind to 0.0.0.0 and is exposed on port 6379 to the host. Since Redis does not have authentication enabled by default, this allows anyone with network access to the host to connect to the Redis instance. This can lead to unauthorized data access, modification, or even remote code execution on the container. It is highly recommended to enable authentication if the port must be exposed to the host.

    command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379', '--requirepass', '${REDIS_PASSWORD}']

healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
Comment on lines +21 to +26
Copy link

@coderabbitai coderabbitai bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Redis is exposed to the host without authentication.

--bind 0.0.0.0 combined with the published port 6379:6379 makes Redis reachable from any process on the Docker host. Without a requirepass / --requirepass argument, this is an open, unauthenticated endpoint. Even for local dev this can become a supply-chain or insider risk. Consider either restricting to the Docker bridge network (drop ports and let app containers communicate internally) or requiring a password.

Additionally, same start_period observation applies here — adding it prevents premature failure flags on slow hosts.

⚙️ Proposed fix (auth + start_period) 
     command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379']
+    # command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379', '--requirepass', '${REDIS_PASSWORD}']
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
       interval: 10s
       timeout: 5s
       retries: 5
+      start_period: 10s
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379']
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379']
# command: ['redis-server', '--bind', '0.0.0.0', '--port', '6379', '--requirepass', '${REDIS_PASSWORD}']
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` around lines 21 - 26, The Redis service is exposed
without authentication via the command array (command: ['redis-server',
'--bind', '0.0.0.0', '--port', '6379']) and lacks a start_period in the
healthcheck; update the command to enable authentication (add --requirepass or
use requirepass in redis.conf) or remove the published ports to restrict to the
Docker bridge network, and add a healthcheck start_period (under healthcheck) to
avoid premature failures; modify the 'command' entry and the 'healthcheck' block
accordingly and ensure any clients (other containers) are updated to use the
password if you enable --requirepass.


app:
depends_on:
- redis
- db_mysql
build:
context: .
args:
ENVIRONMENT_NAME: .docker
BUILD_NAME: docker
restart: always
ports:
- 9000:9000
env_file:
- .env.docker
volumes:
mysql_data:


# app:
# depends_on:
# - redis
# - db_mysql
# build:
# context: .
# args:
# ENVIRONMENT_NAME: .docker
# BUILD_NAME: docker
# restart: always
# ports:
# - 9000:9000
# env_file:
# - .env.docker
Loading