adelabdelgawad/docker-infrastructure
docker-infrastructure/SKILL.md
# Docker Infrastructure Skill Production-ready Docker infrastructure for full-stack applications with FastAPI backend, Next.js frontend, and supporting services. ## When to Use This Skill Use this skill when asked to: - Set up Docker infrastructure for a project - Configure multi-service Docker Compose environments - Add new services to existing Docker infrastructure - Configure nginx reverse proxy, monitoring, or SSL ## Architecture Overview ``` ┌───────────────────────────────────────────
development
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add adelabdelgawad/claude-fullstack-skills docker-infrastructureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 3:46 AM4.4s7 files scanned
SKILL.md
Docker Infrastructure Skill
Production-ready Docker infrastructure for full-stack applications with FastAPI backend, Next.js frontend, and supporting services.
When to Use This Skill
Use this skill when asked to:
- Set up Docker infrastructure for a project
- Configure multi-service Docker Compose environments
- Add new services to existing Docker infrastructure
- Configure nginx reverse proxy, monitoring, or SSL
Architecture Overview
┌─────────────────────────────────────────────────────────────┐
│ Nginx (80/443) │
│ Reverse Proxy + SSL Termination │
└─────────────────────────┬───────────────────────────────────┘
│
┌─────────────────┼─────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ Frontend │ │ Backend API │ │ SignalR │
│ (Next.js) │ │ (FastAPI) │ │ (Real-time) │
│ :3010 │ │ :8000-8002 │ │ :5000 │
└───────────────┘ └───────┬───────┘ └───────────────┘
│
┌─────────────────┼─────────────────┐
│ │ │
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ PostgreSQL │ │ Redis │ │ MinIO │
│ + PgBouncer│ │ (Cache/PubSub)│ │ (Object Store)│
│ :5432/:6432 │ │ :6379 │ │ :9000 │
└───────────────┘ └───────────────┘ └───────────────┘
│
▼
┌───────────────────┐
│ Celery Worker │
│ (Background Tasks)│
└───────────────────┘
│
▼
┌─────────────────┴─────────────────┐
│ │
▼ ▼
┌───────────────┐ ┌───────────────┐
│ Prometheus │ │ Grafana │
│ :9090 │─────────────────│ :3030 │
└───────────────┘ └───────────────┘
Directory Structure
docker/
├── docker-compose.yml # Main compose file
├── backend/
│ ├── Dockerfile # FastAPI multi-stage build
│ └── .dockerignore
├── frontend/
│ ├── Dockerfile # Next.js build
│ └── .dockerignore
├── env/
│ ├── .env.example.backend # Backend env template
│ ├── .env.example.frontend # Frontend env template
│ ├── .env.example.postgres # Database env template
│ ├── .env.example.redis # Cache env template
│ ├── .env.example.minio # Object storage env template
│ ├── .env.example.coturn # TURN server env template
│ └── ENVIRONMENT_STRUCTURE.md
├── nginx/
│ ├── nginx.conf # Reverse proxy config
│ ├── ssl/ # SSL certificates
│ └── acme-challenge/ # Let's Encrypt
├── monitoring/
│ ├── prometheus/
│ │ ├── prometheus.yml
│ │ ├── alerts/
│ │ └── rules/
│ └── grafana/
│ └── provisioning/
├── coturn/
│ └── turnserver.conf # WebRTC TURN config
└── signalr-service/
├── Dockerfile
└── .dockerignore
Core Services
1. PostgreSQL + PgBouncer
# Database with connection pooling
postgres:
image: postgres:15-alpine
env_file:
- docker/env/.env.postgres
volumes:
- ~/workspace/docker/project/postgres:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
pgbouncer:
image: edoburu/pgbouncer:latest
environment:
- DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@postgres:5432/${DB_NAME}
- POOL_MODE=transaction
- DEFAULT_POOL_SIZE=50
- MAX_CLIENT_CONN=500
depends_on:
postgres:
condition: service_healthy
2. Redis
redis:
image: redis:7-alpine
command: >
sh -c 'redis-server
--maxmemory 2gb
--maxmemory-policy allkeys-lru
--appendonly yes
--notify-keyspace-events Ex
--maxclients 10000
--requirepass $$REDIS_PASSWORD'
healthcheck:
test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
3. FastAPI Backend (Scaled)
backend-1:
build:
context: ./src/backend
dockerfile: ../../docker/backend/Dockerfile
environment:
- INSTANCE_ID=backend-1
env_file:
- docker/env/.env.backend
deploy:
resources:
limits:
cpus: '2'
memory: 2G
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
4. Celery Worker
celery_worker:
build:
context: ./src/backend
dockerfile: ../../docker/backend/Dockerfile
command: celery -A celery_app worker --loglevel=info --concurrency=4 -Q celery,file_queue
env_file:
- docker/env/.env.backend
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
5. Nginx Reverse Proxy
nginx:
image: nginx:alpine
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./docker/nginx/ssl:/etc/nginx/ssl:ro
ports:
- "80:80"
- "443:443"
Environment Variable Strategy
Single Source of Truth Pattern
Root .env (shared secrets)
├── POSTGRES_PASSWORD → Used by: postgres, backend
├── REDIS_PASSWORD → Used by: redis, backend, celery
├── JWT_SECRET_KEY → Used by: backend, frontend, signalr
└── SESSION_SECRET → Used by: backend, frontend
Service .env files reference shared vars:
# docker/env/.env.backend
DATABASE_URL=postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}
REDIS_URL=redis://:${REDIS_PASSWORD}@redis:6379/0
Network Architecture
networks:
# Main application network
app_network:
driver: bridge
# Isolated network for object storage (security)
minio_network:
driver: bridge
internal: true # No external connectivity
Dockerfile Patterns
Multi-Stage Python Build
# Stage 1: Builder
FROM python:3.13-slim AS builder
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
WORKDIR /app
RUN apt-get update && apt-get install -y gcc g++ libpq-dev
COPY pyproject.toml uv.lock ./
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-install-project --no-dev
COPY . .
RUN --mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-dev
# Stage 2: Runtime
FROM python:3.13-slim
ENV PATH="/app/.venv/bin:$PATH"
RUN apt-get update && apt-get install -y libpq5 curl
COPY --from=builder /app/.venv /app/.venv
COPY --from=builder /app /app
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s \
CMD curl -f http://localhost:8000/health || exit 1
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Key Patterns
- Health Checks - Every service has health checks for orchestration
- Resource Limits - CPU and memory limits prevent runaway containers
- Dependency Conditions -
depends_onwithcondition: service_healthy - Volume Persistence - Data volumes for databases, uploads, logs
- Internal Networks - Isolated networks for sensitive services
- Environment Substitution -
${VAR}references in env files
References
See the references/ directory for:
docker-compose-pattern.md- Full compose file patternsdockerfile-pattern.md- Multi-stage build patternsnginx-pattern.md- Reverse proxy configurationenv-pattern.md- Environment variable managementmonitoring-pattern.md- Prometheus/Grafana setup
Related Skills
adelabdelgawad/tasks-management
tools
VerifiedTrustedCommunity
# Tasks Management Skill Background task management system using APScheduler for scheduling and Celery for distributed execution. ## When to Use This Skill Use this skill when asked to: - Set up background task processing - Create scheduled jobs with APScheduler - Implement Celery workers for task execution - Add job management endpoints - Configure task queues and retries ## Architecture Overview ``` ┌─────────────────────────────────────────────────────────────┐ │ FastA
SKILL.mdUpdated Apr 4, 2026
adelabdelgawad/nextjs-template
tools
VerifiedTrustedCommunity
# Next.js Template Skill Generate production-ready Next.js pages with SSR initial load, SWR client-side data management, and server-response-based cache updates. ## When to Use This Skill Use this skill when asked to: - Create a new Next.js page with data table - Add CRUD functionality to a Next.js application - Generate pages with server-side rendering and client-side updates - Build admin/settings pages with filtering, pagination, and bulk actions ## Architecture Overview ``` ┌───────────
SKILL.mdUpdated Apr 4, 2026
adelabdelgawad/nextjs-data-table-page
development
VerifiedTrustedCommunity
Create Next.js data table pages with SSR initial load, SWR caching, and server-response-based UI updates. Use when asked to create a new data table page, entity management page, CRUD table, or admin list view. Generates page.tsx (SSR), table components, columns, context, actions, and API routes following a proven architecture with centralized reusable data-table component.
SKILL.mdUpdated Apr 4, 2026
adelabdelgawad/fetch-architecture
tools
VerifiedTrustedCommunity
# Fetch Architecture Skill Client and server-side fetch utilities for Next.js applications with API route proxying to FastAPI backends. ## When to Use This Skill Use this skill when asked to: - Set up fetch utilities for Next.js - Configure client-side API calls with auth refresh - Implement server-side data fetching - Create API route proxies to backend services - Handle authentication tokens across layers ## Architecture Overview ``` ┌──────────────────────────────────────────────────────
SKILL.mdUpdated Apr 4, 2026