From 5c017068065219aa5b1b7a7a724175ff94249cd2 Mon Sep 17 00:00:00 2001
From: Illia Filippov <filippov.illia.ukr@gmail.com>
Date: Sat, 20 Dec 2025 02:12:18 +0100
Subject: [PATCH] refactor: update Docker configuration & docs

- Modified docker-compose.yml to clarify that the server runs as a non-root user.
- Updated Dockerfile to use ARG for VITE_SERVER_URL, allowing build-time overrides.
- Replaced inline Nginx configuration with a separate nginx.conf file for better maintainability.
- Adjusted documentation to reflect changes in Docker setup and troubleshooting steps.
---
 apps/ui/Dockerfile       | 14 ++++----------
 apps/ui/nginx.conf       | 10 ++++++++++
 docker-compose.yml       |  3 ++-
 docs/docker-isolation.md | 12 ++++++------
 4 files changed, 22 insertions(+), 17 deletions(-)
 create mode 100644 apps/ui/nginx.conf

diff --git a/apps/ui/Dockerfile b/apps/ui/Dockerfile
index f2e08a5a..3ccd09c7 100644
--- a/apps/ui/Dockerfile
+++ b/apps/ui/Dockerfile
@@ -23,8 +23,10 @@ COPY apps/ui ./apps/ui
 # Build for web (skip electron)
 # VITE_SERVER_URL tells the UI where to find the API server
 # Using localhost:3008 since both containers expose ports to the host
+# Use ARG to allow overriding at build time: --build-arg VITE_SERVER_URL=http://api.example.com
+ARG VITE_SERVER_URL=http://localhost:3008
 ENV VITE_SKIP_ELECTRON=true
-ENV VITE_SERVER_URL=http://localhost:3008
+ENV VITE_SERVER_URL=${VITE_SERVER_URL}
 RUN npm run build --workspace=apps/ui
 
 # Production stage - serve with nginx
@@ -34,15 +36,7 @@ FROM nginx:alpine
 COPY --from=builder /app/apps/ui/dist /usr/share/nginx/html
 
 # Copy nginx config for SPA routing
-RUN echo 'server { \
-    listen 80; \
-    server_name localhost; \
-    root /usr/share/nginx/html; \
-    index index.html; \
-    location / { \
-        try_files $uri $uri/ /index.html; \
-    } \
-}' > /etc/nginx/conf.d/default.conf
+COPY apps/ui/nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
 
diff --git a/apps/ui/nginx.conf b/apps/ui/nginx.conf
new file mode 100644
index 00000000..2d96d158
--- /dev/null
+++ b/apps/ui/nginx.conf
@@ -0,0 +1,10 @@
+server {
+    listen 80;
+    server_name localhost;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index 89aa7c58..3edbcd4e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -59,11 +59,12 @@ services:
       # If you need to work on a project, create it INSIDE the container
       # or use a separate docker-compose override file
 
-    # Security: Run as non-root user (already set in Dockerfile)
+    # Security: Server runs as non-root user (already set in Dockerfile)
     # Security: No privileged mode
     # Security: No host network access
     # Security: No host filesystem mounts
 
 volumes:
   automaker-data:
+    name: automaker-data
     # Named volume - completely isolated from host filesystem
diff --git a/docs/docker-isolation.md b/docs/docker-isolation.md
index f37e5007..5ebd4c71 100644
--- a/docs/docker-isolation.md
+++ b/docs/docker-isolation.md
@@ -33,7 +33,7 @@ This guide covers running Automaker in a fully isolated Docker container. For ba
 The default `docker-compose.yml` configuration:
 
 - Uses only Docker-managed volumes (no host filesystem access)
-- Runs as a non-root user
+- Server runs as a non-root user
 - Has no privileged access to your system
 
 Projects created in the UI are stored inside the container at `/projects` and persist across restarts via Docker volumes.
@@ -59,8 +59,8 @@ docker-compose -f docker-compose.yml -f docker-compose.project.yml up -d
 
 ## Troubleshooting
 
-| Problem               | Solution                                                                                               |
-| --------------------- | ------------------------------------------------------------------------------------------------------ |
-| Container won't start | Check `.env` has `ANTHROPIC_API_KEY` set. Run `docker-compose logs` for errors.                        |
-| Can't access web UI   | Verify container is running with `docker ps \| grep automaker`                                         |
-| Need a fresh start    | Run `docker-compose down && docker volume rm automaker_automaker-data && docker-compose up -d --build` |
+| Problem               | Solution                                                                                     |
+| --------------------- | -------------------------------------------------------------------------------------------- |
+| Container won't start | Check `.env` has `ANTHROPIC_API_KEY` set. Run `docker-compose logs` for errors.              |
+| Can't access web UI   | Verify container is running with `docker ps \| grep automaker`                               |
+| Need a fresh start    | Run `docker-compose down && docker volume rm automaker-data && docker-compose up -d --build` |