@mounaji_npm/docker

Production-ready Docker + Nginx infrastructure generator for Mounaji SaaS apps. Module-aware — only includes the services your app actually needs (Redis for chat/workflows, Qdrant for knowledge-base).

Usage

Run in your project directory:

npx @mounaji_npm/docker

# Or via the Mounaji CLI shorthand
mounaji add docker

Both commands are interactive — they detect which @mounaji_npm/* packages you have installed and generate the appropriate infrastructure.

What Gets Generated

your-project/
├── docker-compose.yml     ← dynamic — includes only needed services
├── Dockerfile             ← multi-stage Next.js or Vite + Nginx build
├── nginx/
│   ├── nginx.conf         ← security headers, gzip, rate limiting, SPA routing
│   └── Dockerfile         ← minimal Nginx Alpine image
├── .env.example           ← global env file template (all services)
├── .dockerignore          ← optimized for fast Docker builds
├── Makefile               ← common dev/ops commands
└── DOCKER.md              ← team documentation

Module → Service Mapping

The generator reads your package.json dependencies and adds services as needed:

| Package installed | Extra Docker service | |---|---| | @mounaji_npm/chat | Redis | | @mounaji_npm/knowledge-base | Qdrant | | @mounaji_npm/saas-template (workflows) | Redis |

A project with chat + knowledge-base will get:

# docker-compose.yml (excerpt)
services:
  frontend:  ...
  nginx:     ...
  redis:     image: redis:7-alpine
  qdrant:    image: qdrant/qdrant

A project with only UI modules gets only frontend + nginx.

docker-compose.yml

The generated Compose file includes:

• frontend — your Next.js or Vite app (multi-stage build, standalone output)
• nginx — reverse proxy with SSL termination, gzip, security headers, SPA routing
• redis — (conditional) for chat sessions and workflow job queues
• qdrant — (conditional) for vector embeddings and RAG search
• api — commented block for adding a self-hosted Mounaji backend

# Uncomment to add a self-hosted backend
# api:
#   image: your-registry/mounaji-api:latest
#   env_file: .env
#   depends_on: [redis, qdrant]

Makefile Commands

make setup    # First-time setup: copy .env.example → .env, create nginx/ssl dir
make up       # Start all services (docker compose up -d)
make down     # Stop all services
make logs     # Tail logs from all services
make build    # Build images without starting
make rebuild  # Rebuild and restart (use after code changes)
make shell    # Open shell in the frontend container
make clean    # Stop + remove containers, volumes, and images

.env.example

All services read from a single .env file at the project root. The generated template includes sections for every service:

# ── App ────────────────────────────────────────────────────────
NODE_ENV=production
NEXT_PUBLIC_APP_URL=https://app.example.com

# ── Frontend public vars ────────────────────────────────────────
NEXT_PUBLIC_API_URL=https://api.example.com
NEXT_PUBLIC_FIREBASE_API_KEY=
NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=
NEXT_PUBLIC_FIREBASE_PROJECT_ID=
NEXT_PUBLIC_MOUNAJI_API_KEY=

# ── Redis (added if chat/workflows installed) ───────────────────
REDIS_URL=redis://redis:6379

# ── Qdrant (added if knowledge-base installed) ─────────────────
QDRANT_URL=http://qdrant:6333

# ── AI Models ──────────────────────────────────────────────────
OPENAI_API_KEY=
ANTHROPIC_API_KEY=

# ── Storage ────────────────────────────────────────────────────
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_S3_BUCKET=

Nginx Configuration

The generated nginx/nginx.conf includes:

• HTTPS redirect — HTTP 80 → HTTPS 443
• Security headers — X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, CSP
• Gzip compression — for HTML, CSS, JS, JSON, SVG
• Rate limiting — 10 requests/second per IP
• SPA routing — try_files $uri $uri/ /index.html for client-side routing
• Static asset caching — 1-year cache for hashed assets (_next/static, assets/)

SSL Setup

# Create SSL directory
mkdir -p nginx/ssl

# Development: self-signed cert
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout nginx/ssl/key.pem \
  -out nginx/ssl/cert.pem \
  -subj "/CN=localhost"

# Production: use Let's Encrypt (certbot)
certbot certonly --webroot -w /var/www/html -d app.example.com
# Then update nginx.conf to point to /etc/letsencrypt/live/app.example.com/

Dockerfile (Next.js)

Multi-stage build — keeps the final image small:

Stage 1: deps     → npm ci (production deps cached as a layer)
Stage 2: builder  → npm run build (Next.js standalone output)
Stage 3: runner   → copies .next/standalone only — no src, no node_modules

The final image uses node:20-alpine and runs as a non-root user.

Dockerfile (Vite + React)

Stage 1: builder  → npm ci + npm run build → dist/
Stage 2: nginx    → copies dist/ into Nginx Alpine, serves as static files

First Deploy Checklist

1. Copy .env.example → .env and fill in all values
2. Set up SSL certs in nginx/ssl/
3. Run make build to build images
4. Run make up to start all services
5. Run make logs to verify everything started cleanly
6. Point your domain DNS to the server IP