refactor: update Docker configuration & docs

- Modified docker-compose.yml to clarify that the server runs as a non-root user.
- Updated Dockerfile to use ARG for VITE_SERVER_URL, allowing build-time overrides.
- Replaced inline Nginx configuration with a separate nginx.conf file for better maintainability.
- Adjusted documentation to reflect changes in Docker setup and troubleshooting steps.

apps/ui/Dockerfile

@@ -23,8 +23,10 @@ COPY apps/ui ./apps/ui
 # Build for web (skip electron)
 # VITE_SERVER_URL tells the UI where to find the API server
 # Using localhost:3008 since both containers expose ports to the host
+# Use ARG to allow overriding at build time: --build-arg VITE_SERVER_URL=http://api.example.com
+ARG VITE_SERVER_URL=http://localhost:3008
 ENV VITE_SKIP_ELECTRON=true
-ENV VITE_SERVER_URL=http://localhost:3008
+ENV VITE_SERVER_URL=${VITE_SERVER_URL}
 RUN npm run build --workspace=apps/ui
 
 # Production stage - serve with nginx
@@ -34,15 +36,7 @@ FROM nginx:alpine
 COPY --from=builder /app/apps/ui/dist /usr/share/nginx/html
 
 # Copy nginx config for SPA routing
-RUN echo 'server { \
-    listen 80; \
-    server_name localhost; \
-    root /usr/share/nginx/html; \
-    index index.html; \
-    location / { \
-        try_files $uri $uri/ /index.html; \
-    } \
-}' > /etc/nginx/conf.d/default.conf
+COPY apps/ui/nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
 

apps/ui/nginx.conf

@@ -0,0 +1,10 @@
+server {
+    listen 80;
+    server_name localhost;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}

docker-compose.yml

@@ -59,11 +59,12 @@ services:
       # If you need to work on a project, create it INSIDE the container
       # or use a separate docker-compose override file
 
-    # Security: Run as non-root user (already set in Dockerfile)
+    # Security: Server runs as non-root user (already set in Dockerfile)
     # Security: No privileged mode
     # Security: No host network access
     # Security: No host filesystem mounts
 
 volumes:
   automaker-data:
+    name: automaker-data
     # Named volume - completely isolated from host filesystem

docs/docker-isolation.md

@@ -33,7 +33,7 @@ This guide covers running Automaker in a fully isolated Docker container. For ba
 The default `docker-compose.yml` configuration:
 
 - Uses only Docker-managed volumes (no host filesystem access)
-- Runs as a non-root user
+- Server runs as a non-root user
 - Has no privileged access to your system
 
 Projects created in the UI are stored inside the container at `/projects` and persist across restarts via Docker volumes.
@@ -59,8 +59,8 @@ docker-compose -f docker-compose.yml -f docker-compose.project.yml up -d
 
 ## Troubleshooting
 
-| Problem               | Solution                                                                                               |
-| --------------------- | ------------------------------------------------------------------------------------------------------ |
-| Container won't start | Check `.env` has `ANTHROPIC_API_KEY` set. Run `docker-compose logs` for errors.                        |
-| Can't access web UI   | Verify container is running with `docker ps \| grep automaker`                                         |
-| Need a fresh start    | Run `docker-compose down && docker volume rm automaker_automaker-data && docker-compose up -d --build` |
+| Problem               | Solution                                                                                     |
+| --------------------- | -------------------------------------------------------------------------------------------- |
+| Container won't start | Check `.env` has `ANTHROPIC_API_KEY` set. Run `docker-compose logs` for errors.              |
+| Can't access web UI   | Verify container is running with `docker ps \| grep automaker`                               |
+| Need a fresh start    | Run `docker-compose down && docker volume rm automaker-data && docker-compose up -d --build` |