Docker Configuration
AuroraSOC provides two Docker Compose configurations: a full production stack and a lightweight development stack.
Production Stack (docker-compose.yml)
Network Isolation
The production stack uses four Docker networks for security:
| Network | Services | Purpose |
|---|---|---|
frontend | dashboard, api | Public-facing |
backend | api, agents, rust-core | Internal services |
data | postgres, redis, qdrant | Data stores |
messaging | nats, mqtt, redis | Event transport |
Why network isolation? If the dashboard is compromised, the attacker cannot directly reach the database or agents. Only the API gateway bridges the frontend and backend networks.
Key Services
services:
api:
build:
context: .
dockerfile: Dockerfile.python
ports:
- "8000:8000"
environment:
- AURORA_PG_HOST=postgres
- AURORA_REDIS_HOST=redis
- AURORA_QDRANT_HOST=qdrant
- AURORA_NATS_URL=nats://nats:4222
- AURORA_MQTT_HOST=mosquitto
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- frontend
- backend
- data
- messaging
Health Checks
Every service defines health checks:
postgres:
healthcheck:
test: ["CMD-SHELL", "pg_isready -U aurora"]
interval: 10s
timeout: 5s
retries: 5
redis:
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
Services wait for their dependencies to be healthy before starting, preventing connection errors during startup.
Development Stack (docker-compose.dev.yml)
The dev stack is lightweight — only external services:
services:
postgres:
image: postgres:16
ports:
- "5432:5432"
redis:
image: redis:7-alpine
ports:
- "6379:6379"
qdrant:
image: qdrant/qdrant:latest
ports:
- "6333:6333"
nats:
image: nats:latest
ports:
- "4222:4222"
mosquitto:
image: eclipse-mosquitto:2
ports:
- "1883:1883"
Run AuroraSOC locally against these services:
# Start infrastructure
docker compose -f docker-compose.dev.yml up -d
# Run API locally
python -m aurorasoc.api.main
Dockerfiles
Dockerfile.python (API + Agents)
Multi-stage build for the Python application:
# Stage 1: Build
FROM python:3.12-slim as builder
WORKDIR /app
COPY pyproject.toml .
RUN pip install --no-cache-dir .
# Stage 2: Runtime
FROM python:3.12-slim
COPY /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY aurorasoc/ /app/aurorasoc/
WORKDIR /app
CMD ["python", "-m", "aurorasoc.api.main"]
Dockerfile.rust (Core Engine)
Multi-stage Rust build:
FROM rust:1.77 as builder
WORKDIR /app
COPY Cargo.toml Cargo.lock ./
COPY src/ ./src/
COPY proto/ ./proto/
RUN cargo build --release
FROM debian:bookworm-slim
COPY /app/target/release/aurora_core /usr/local/bin/
CMD ["aurora_core"]
Dockerfile.dashboard (Next.js)
FROM node:20-alpine as builder
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM node:20-alpine
COPY /app/.next/standalone ./
COPY /app/.next/static ./.next/static
CMD ["node", "server.js"]
Makefile Targets
The Makefile provides convenience wrappers:
make dev # Start dev infrastructure
make dev-down # Stop dev infrastructure
make api # Run API locally
make agents # Start all agent services
make rust # Build and run Rust core
make dashboard # Start Next.js dashboard
make test # Run pytest suite
make lint # Run linting (ruff, mypy)
make build # Build all Docker images
make up # Start full production stack
make down # Stop production stack
make logs # Tail all container logs
make migrate # Run Alembic migrations
make clean # Remove all containers and volumes
Development Workflow
The recommended development workflow:
make dev— Start infrastructure services- Develop in your IDE with hot-reload
make test— Run testsmake lint— Check code qualitymake build— Build Docker images for staging