Le repo ship desormais un docker-compose.yml qui tourne EN LOCAL sans rien
configurer (`docker compose up -d` -> http://kiosk.localhost:8080 et
http://admin.localhost:8080), facon projet open-source self-hostable.
- docker-compose.yml : reseau interne seul, wakdo-web publie ${HTTP_PORT:-8080}:80,
plus de dependance au reseau externe Traefik ni de labels. Commentaires retires.
- Renommage TRAEFIK_DOMAIN_* -> APP_HOST_* (ce sont les ServerName des deux vhosts
Apache, pas du Traefik) : vhost.conf + compose. Defaut local *.localhost.
- .env.example : local-first (HTTP_PORT, APP_HOST_*=*.localhost, APP_URL_*/CORS sur
localhost, valeurs DB dev qui marchent sans edition). Les variables proxy
(REVERSE_PROXY_NETWORK) sont reclassees dans un bloc "Deploiement prod" optionnel.
- Prod : chaque hote derriere un reverse proxy maintient son propre
docker-compose.prod.yml (gitignore, hors repo) ; meme stack exposee via Traefik
sans port hote. README : quickstart local 3 lignes + section prod separee
(l'install Docker Debian inline est remplacee par un lien).
Verifie : `docker compose config` valide pour les deux fichiers (base = port publie
sans reverse_proxy ; prod = reverse_proxy + labels Host(APP_HOST_*) sans port).
Smoke-test runtime `docker compose up` a faire sur machine propre (les container_name
fixes empechent un up parallele a la stack en cours).
Deliver the full Docker stack for Bloc 5 DevOps (Cr 7.c.3 and 7.c.4):
- docker/apache/ Custom httpd:2.4-alpine with hardened main config,
MPM event tuning and 3 vhosts (healthz, kiosk static,
admin reverse FCGI to wakdo-app:9000). Kiosk vhost
explicitly denies .php to enforce Bloc 1 isolation.
- docker/php-fpm/ Custom php:8.3-fpm-alpine3.20 with pdo_mysql, opcache,
intl, exif, zip and tini for signal handling.
Dynamic pool 3-10 workers listening on TCP 9000.
- docker/cron/ Custom alpine:3.20 with dcron, mariadb-client, gzip.
Nightly mysqldump at 03h00 with 14-day rotation and
512-byte sanity check. Purge and stats jobs templated.
- docker-compose.yml 4 services orchestrated on 2 networks (internal
bridge + external reverse-proxy). 2 named volumes
for DB and uploads, bind-mount for backups.
Traefik labels for 2 routers with HTTPS redirect.
Makefile adds `make backup` (manual dump) and `make backup-ls`.
.gitignore adds /var/ for backup bind-mount path.
docs/journal/2026-04-24--infra-docker.md documents 5 decisions with
alternatives, maps 16 RNCP criteria to artefacts and prepares 6 jury Q&A.
Validated: `docker compose config --quiet` passes. Smoke test deferred
to next session (requires server .env).
Ajout de la structure docs/journal/ pour les retrospectives par feature,
destinees a la preparation de l'oral RNCP et a la tracabilite de la demarche
pour le jury.
Contenu :
- docs/journal/README.md : index + template d'entree (what/why/how/criteres
RNCP/Q&A jury/ameliorations conscientes)
- docs/journal/2026-04-23--cadrage-projet.md : retrospective complete de la
session de cadrage (brief RNCP, PROJECT_CONTEXT, bootstrap Git, decisions
d'architecture, transparence methodologie IA)
- .gitignore : ajout de /docs/notes/ pour la couche de notes techniques
personnelles (revisions oral, non versionnees)
