docker-compose.yml: Implement network isolation between containers

Also stop exposing all services on the container host.

docker-compose.yml

 version: '3'
 
 networks:
-  internal:
+  fcrepo:
+    internal: true
+  fcrepodb:
+    internal: true
+  solr:
+    internal: true
+  redis:
+    internal: true
+  appdb:
+    internal: true
+  app:
 
 services:
   fcrepo:
@@ -9,15 +19,14 @@ services:
       context: fcrepo
     restart: unless-stopped
     expose:
-      - 8080
+      - 8080/tcp
     depends_on:
       - fcrepodb
     networks:
-      internal:
+      fcrepo:
+      fcrepodb:
     environment:
       - CATALINA_OPTS=-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server -Xms512m -Xmx1024m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=256m -XX:+DisableExplicitGC -Dfcrepo.home=/data -Dfcrepo.object.directory=/data/objects -Dfcrepo.binary.directory=/data/binaries -Dfcrepo.postgresql.username=$POSTGRES_USER -Dfcrepo.postgresql.password=$POSTGRES_PASSWORD -Dfcrepo.postgresql.host=$POSTGRES_HOST_FCREPO -Dfcrepo.postgresql.port=$POSTGRES_PORT -Dfcrepo.modeshape.configuration=classpath:/config/jdbc-postgresql/repository.json
-    ports:
-      - 8080:8080
     volumes:
       - ${DOCKER_VOLUMES_PATH_PREFIX}fcrepo:/data
 
@@ -25,9 +34,7 @@ services:
     image: solr:8
     restart: unless-stopped
     expose:
-      - 8983
-    ports:
-      - 8983:8983
+      - 8983/tcp
     env_file:
       - .env
     environment:
@@ -38,7 +45,7 @@ services:
       timeout: 5s
       retries: 3
     networks:
-      internal:
+      solr:
     volumes:
       - ${DOCKER_VOLUMES_PATH_PREFIX}solr:/var/solr
       - ./hyrax/solr/conf:/opt/solr/solr_conf
@@ -57,9 +64,7 @@ services:
     volumes:
       - ${DOCKER_VOLUMES_PATH_PREFIX}db-fcrepo:/var/lib/postgresql/data
     networks:
-      internal:
-    expose:
-      - 5432
+      fcrepodb:
     healthcheck:
       test: ["CMD-SHELL", "POSTGRES_PASSWORD=${POSTGRES_PASSWORD} pg_isready -U ${POSTGRES_USER} -h localhost -d ${POSTGRES_DB_FCREPO}"]
       interval: 30s
@@ -76,9 +81,9 @@ services:
     volumes:
       - ${DOCKER_VOLUMES_PATH_PREFIX}db-app:/var/lib/postgresql/data
     networks:
-      internal:
+      appdb:
     expose:
-      - 5432
+      - 5432/tcp
     healthcheck:
       test: ["CMD-SHELL", "POSTGRES_PASSWORD=${POSTGRES_PASSWORD} pg_isready -U ${POSTGRES_USER} -h localhost -d ${POSTGRES_DB_APP}"]
       interval: 30s
@@ -104,7 +109,11 @@ services:
       - ${CRC_FOLDER_IMPORT_PATH}:/rub-test-data
       - ${DOCKER_VOLUMES_PATH_PREFIX}downloads:${DOWNLOAD_PATH}
     networks:
-      internal:
+      app:
+      appdb:
+      fcrepo:
+      solr:
+      redis:
 
   web:
     <<: *app
@@ -118,14 +127,11 @@ services:
       - solr
       - fcrepo
       - redis
-    ports:
-      - 3000:3000
-    networks:
-      internal:
-        aliases:
-          - web
     expose:
-      - 3000
+      - 3000/tcp
+    ports:
+      - "[::1]:3000:3000"
+      - "127.0.0.1:3000:3000"
 
   workers:
     <<: *app
@@ -142,16 +148,14 @@ services:
     command: redis-server --appendonly yes
     restart: unless-stopped
     networks:
-      internal:
+      redis:
     healthcheck:
       test: ["CMD-SHELL", "redis-cli ping"]
       interval: 30s
       timeout: 5s
       retries: 3
     expose:
-      - 6379
-    ports:
-      - 6379:6379
+      - 6379/tcp
     volumes:
       - ${DOCKER_VOLUMES_PATH_PREFIX}redis:/data