first commit

Server/docker-compose.yml

@@ -0,0 +1,39 @@
+services:
+  webhook-service:
+    build: .
+    container_name: webhook-service
+    restart: unless-stopped
+    environment:
+      - FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
+      - WEBHOOK_SECRET=${WEBHOOK_SECRET}
+      - PARTICLE_WEBHOOK_SECRET=${PARTICLE_WEBHOOK_SECRET}
+      - SMTP_EMAIL=${SMTP_EMAIL}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - RECIPIENT_EMAIL=${RECIPIENT_EMAIL}
+    networks:
+      - traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.webhook.rule=Host(`webhook.maverickapplications.com`)"
+      - "traefik.http.routers.webhook.entrypoints=websecure"
+      - "traefik.http.routers.webhook.tls.certresolver=letsencrypt"
+      - "traefik.http.services.webhook.loadbalancer.server.port=5000"
+
+      # Security middleware
+      - "traefik.http.routers.webhook.middlewares=webhook-headers,webhook-ratelimit"
+
+      # Security headers
+      - "traefik.http.middlewares.webhook-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.X-Content-Type-Options=nosniff"
+      - "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.X-Frame-Options=DENY"
+      - "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.X-XSS-Protection=1; mode=block"
+      - "traefik.http.middlewares.webhook-headers.headers.customresponseheaders.Referrer-Policy=strict-origin-when-cross-origin"
+
+      # Rate limiting
+      - "traefik.http.middlewares.webhook-ratelimit.ratelimit.average=10"
+      - "traefik.http.middlewares.webhook-ratelimit.ratelimit.burst=20"
+      - "traefik.http.middlewares.webhook-ratelimit.ratelimit.period=1m"
+
+networks:
+  traefik:
+    external: true