# Docker Deployment

## Production Dockerfile

The production Dockerfile uses a multi-stage build for optimized image size and security.

### Build the image

```bash
docker build -t pantry:latest -f Dockerfile .
```

### Run the container

```bash
docker run -d \
  --name pantry \
  -p 3000:3000 \
  -e NUXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co \
  -e NUXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key \
  pantry:latest
```

### Environment Variables

Required:
- `NUXT_PUBLIC_SUPABASE_URL` - Your Supabase project URL
- `NUXT_PUBLIC_SUPABASE_ANON_KEY` - Your Supabase anon/public key

Optional:
- `PORT` - Port to listen on (default: 3000)
- `HOST` - Host to bind to (default: 0.0.0.0)

### Health Check

The container includes a health check endpoint at `/api/health`

```bash
curl http://localhost:3000/api/health
```

Expected response:
```json
{
  "status": "ok",
  "timestamp": "2026-02-25T00:00:00.000Z",
  "uptime": 123.456
}
```

### Image Features

- **Multi-stage build**: Separate build and runtime stages
- **Alpine Linux**: Minimal base image (~50MB base)
- **Non-root user**: Runs as unprivileged user (nodejs:1001)
- **dumb-init**: Proper signal handling and zombie reaping
- **Health checks**: Built-in container health monitoring
- **Production-optimized**: Only production dependencies included

### Image Size

Approximate sizes:
- Base Alpine + Node.js: ~50MB
- Dependencies: ~150MB
- Built app: ~20MB
- **Total**: ~220MB

### Security

- Runs as non-root user (nodejs)
- No unnecessary packages
- Minimal attack surface
- Regular security updates via Alpine base

### Troubleshooting

View logs:
```bash
docker logs pantry
```

Interactive shell:
```bash
docker exec -it pantry sh
```

Check health:
```bash
docker inspect --format='{{json .State.Health}}' pantry
```