fix(docker): secure port bindings for production

- Remove PostgreSQL public port exposure
- Restrict backend to localhost-only access (127.0.0.1:8080)
- Services now only accessible via reverse proxy

Author: fazirta

docker-compose.yml

@@ -9,8 +9,6 @@ services:
       POSTGRES_USER: ${DB_USER}
       POSTGRES_PASSWORD: ${DB_PASSWORD}
       POSTGRES_DB: ${DB_NAME}
-    ports:
-      - "5432:5432"
     volumes:
       - postgres_data:/var/lib/postgresql/data
     healthcheck:
@@ -30,7 +28,7 @@ services:
       postgres:
         condition: service_healthy
     ports:
-      - "8080:8080"
+      - "127.0.0.1:8080:8080"
 
 volumes:
   postgres_data: