steve
b4824655dd
- Add .dockerignore: a local .env, the live SQLite database in data/, .git, and node_modules were previously copied into the published image by COPY - Run the app as the unprivileged node user; pre-create /app/data with matching ownership so named volumes inherit it - Set NODE_ENV=production in the image - Document the one-time volume chown needed when upgrading existing deployments