From 9f7ebc6e5708c7db8c26376d66782d74b5b8f731 Mon Sep 17 00:00:00 2001
From: Maxime Van Hees <maxime.vanhees99@gmail.com>
Date: Thu, 30 Oct 2025 14:07:08 +0100
Subject: [PATCH] prod & dev docker containers

---
 Dockerfile         | 62 +++++++++++++++++++++++++++++++
 Dockerfile.dev     | 30 +++++++++++++++
 README.md          | 16 ++++++++
 docker-compose.yml | 91 ++++++++++++++++++++++++++++++++++++++++++++++
 src/main.rs        |  4 +-
 5 files changed, 201 insertions(+), 2 deletions(-)
 create mode 100644 Dockerfile
 create mode 100644 Dockerfile.dev
 create mode 100644 docker-compose.yml

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..969bd60
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,62 @@
+# Multi-stage build for production
+# Stage 1: Build the application
+FROM rust:1.90-bookworm AS builder
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y \
+    pkg-config \
+    libssl-dev \
+    protobuf-compiler \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Copy manifests
+COPY Cargo.toml Cargo.lock ./
+
+# Create dummy main to cache dependencies
+RUN mkdir src && \
+    echo "fn main() {}" > src/main.rs && \
+    cargo build --release && \
+    rm -rf src
+
+# Copy actual source code
+COPY src ./src
+
+# Build the actual application
+RUN cargo build --release --bin herodb
+
+# Stage 2: Create minimal runtime image
+FROM debian:bookworm-slim
+
+# Install runtime dependencies (minimal)
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create non-root user
+RUN useradd -m -u 1000 herodb && \
+    mkdir -p /data && \
+    chown -R herodb:herodb /data
+
+WORKDIR /app
+
+# Copy binary from builder
+COPY --from=builder /build/target/release/herodb /usr/local/bin/herodb
+
+# Switch to non-root user
+USER herodb
+
+# Create volume mount point
+VOLUME ["/data"]
+
+# Expose ports
+EXPOSE 6379 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD timeout 2 bash -c '</dev/tcp/localhost/6379' || exit 1
+
+# Default command
+ENTRYPOINT ["herodb"]
+CMD ["--dir", "/data", "--port", "6379", "--enable-rpc", "--rpc-port", "8080"]
\ No newline at end of file
diff --git a/Dockerfile.dev b/Dockerfile.dev
new file mode 100644
index 0000000..62dd001
--- /dev/null
+++ b/Dockerfile.dev
@@ -0,0 +1,30 @@
+# Development Dockerfile with full toolchain
+FROM rust:1.90
+
+# Install development tools
+RUN apt-get update && apt-get install -y \
+    pkg-config \
+    libssl-dev \
+    protobuf-compiler \
+    redis-tools \
+    netcat-openbsd \
+    curl \
+    vim \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install cargo tools for development
+RUN cargo install cargo-watch cargo-edit
+
+WORKDIR /app
+
+# Copy project files
+COPY . .
+
+# Pre-build dependencies (optional, for faster startup)
+RUN cargo build
+
+# Expose ports
+EXPOSE 6379 8080
+
+# Development command with hot reload
+CMD ["cargo", "run", "--", "--dir", "/data", "--port", "6379", "--enable-rpc", "--rpc-port", "8080"]
\ No newline at end of file
diff --git a/README.md b/README.md
index ebad807..6971134 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,22 @@ The main purpose of HeroDB is to offer a lightweight, embeddable, and Redis-comp
 
 ## Quick Start
 
+### Docker
+
+```bash
+# Production
+docker-compose build herodb-prod
+ADMIN_SECRET=your-secret docker-compoae up -d herodb-prod
+
+# Development
+docker-compose build herodb-dev
+docker-compose up herodb-dev
+```
+
+Ports:
+- Redis on 6379 (prod) / 6380 (dev)
+- RPC on 8080 (prod) / 8081 (dev)
+
 ### Building HeroDB
 
 To build HeroDB, navigate to the project root and run:
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..8c6115e
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,91 @@
+services:
+  # Production service
+  herodb-prod:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: herodb-production
+    restart: unless-stopped
+    ports:
+      - "6379:6379"
+      - "8080:8080"
+    volumes:
+      - herodb-data:/data
+      # Optional: Unix socket for IPC
+      - herodb-ipc:/tmp
+    environment:
+      - RUST_LOG=${RUST_LOG:-info}
+    command: >
+      --dir /data
+      --port 6379
+      --admin-secret ${ADMIN_SECRET}
+      --enable-rpc
+      --rpc-port 8080
+      --enable-rpc-ipc
+      --rpc-ipc-path /tmp/herodb.ipc
+    healthcheck:
+      test: ["CMD", "timeout", "2", "bash", "-c", "</dev/tcp/localhost/6379"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s
+    networks:
+      - herodb-network
+
+  # Development service
+  herodb-dev:
+    build:
+      context: .
+      dockerfile: Dockerfile.dev
+    container_name: herodb-development
+    ports:
+      - "6380:6379"  # Different port to avoid conflicts
+      - "8081:8080"
+    volumes:
+      - ./:/app
+      - cargo-cache:/usr/local/cargo/registry
+      - target-cache:/app/target
+      - herodb-dev-data:/data
+    environment:
+      - RUST_LOG=debug
+      - RUST_BACKTRACE=1
+    command: >
+      cargo run --
+      --dir /data
+      --port 6379
+      --admin-secret ${ADMIN_SECRET:-devsecret}
+      --enable-rpc
+      --rpc-port 8080
+      --debug
+    stdin_open: true
+    tty: true
+    networks:
+      - herodb-network
+
+  # Optional: Redis CLI for testing
+  redis-cli:
+    image: redis:7-alpine
+    container_name: herodb-cli
+    command: redis-cli -h herodb-prod -p 6379
+    depends_on:
+      - herodb-prod
+    networks:
+      - herodb-network
+    profiles:
+      - tools
+
+volumes:
+  herodb-data:
+    driver: local
+  herodb-dev-data:
+    driver: local
+  herodb-ipc:
+    driver: local
+  cargo-cache:
+    driver: local
+  target-cache:
+    driver: local
+
+networks:
+  herodb-network:
+    driver: bridge
\ No newline at end of file
diff --git a/src/main.rs b/src/main.rs
index 2f004c2..e2b8141 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -65,7 +65,7 @@ async fn main() {
     // bind port
     let port = args.port.unwrap_or(6379);
     println!("will listen on port: {}", port);
-    let listener = TcpListener::bind(format!("127.0.0.1:{}", port))
+    let listener = TcpListener::bind(format!("0.0.0.0:{}", port))
         .await
         .unwrap();
 
@@ -110,7 +110,7 @@ async fn main() {
 
     // Start RPC server if enabled
     let _rpc_handle = if args.enable_rpc {
-        let rpc_addr = format!("127.0.0.1:{}", args.rpc_port).parse().unwrap();
+        let rpc_addr = format!("0.0.0.0:{}", args.rpc_port).parse().unwrap();
         let base_dir = args.dir.clone();
 
         match rpc_server::start_rpc_server(rpc_addr, base_dir, backend.clone(), args.admin_secret.clone()).await {