Docker Deployment
Better Reports includes a production-ready Docker setup with Traefik reverse proxy for automatic TLS.
Quick Start
bash
# Clone the repository
git clone https://github.com/dlampatricio/better-reports.git
cd better-reports
# Start with Docker Compose
docker compose up -dThe app will be available at the domain configured in your docker-compose.yml.
Docker Compose Configuration
yaml
# docker-compose.yml
services:
app:
build: .
environment:
- NODE_ENV=production
- REPORTS_USER=admin
- REPORTS_PASS=${REPORTS_PASS}
- CORS_ORIGIN=https://reports.yourdomain.com
volumes:
- reports-data:/data
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.reports.rule=Host(`reports.yourdomain.com`)"
- "traefik.http.routers.reports.tls=true"
- "traefik.http.routers.reports.tls.certresolver=letsencrypt"
traefik:
image: traefik:v3.3
command:
- "--providers.docker=true"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.email=admin@yourdomain.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
networks:
- traefik
volumes:
reports-data:
letsencrypt:Multi-stage Dockerfile
The Dockerfile uses a multi-stage build:
- Rust build stage — Compiles the native Typst addon
- UI build stage — Builds the React frontend
- Runtime stage — Minimal Node.js image with compiled artifacts
Environment Variables
Set these in your docker-compose.yml or .env file:
| Variable | Description |
|---|---|
REPORTS_USER | Basic auth username |
REPORTS_PASS | Basic auth password |
CORS_ORIGIN | Allowed CORS origin |
Health Checks
Docker health checks use the /api/health endpoint:
yaml
healthcheck:
test: ["CMD", "node", "scripts/health-check.mjs"]
interval: 30s
timeout: 5s
retries: 3Traefik Configuration
The included traefik/config.yml provides:
- Automatic TLS via Let's Encrypt
- Gzip compression
- Security headers (HSTS, X-Content-Type-Options, etc.)
- HTTP to HTTPS redirect