forked from syntaxbullet/aurorabot
106 lines
2.8 KiB
YAML
106 lines
2.8 KiB
YAML
# Production Docker Compose Configuration
|
|
# Usage: docker compose -f docker-compose.prod.yml up -d
|
|
#
|
|
# IMPORTANT: Database data is preserved in ./shared/db/data volume
|
|
|
|
services:
|
|
db:
|
|
image: postgres:17-alpine
|
|
container_name: aurora_db
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_USER=${DB_USER}
|
|
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
|
- POSTGRES_DB=${DB_NAME}
|
|
volumes:
|
|
# Database data - persisted across container rebuilds
|
|
- ./shared/db/data:/var/lib/postgresql/data
|
|
- ./shared/db/log:/var/log/postgresql
|
|
networks:
|
|
- internal
|
|
healthcheck:
|
|
test: [ "CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}" ]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
# Security: limit resources
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 512M
|
|
|
|
socket-proxy:
|
|
image: tecnativa/docker-socket-proxy
|
|
container_name: socket_proxy
|
|
restart: unless-stopped
|
|
environment:
|
|
- CONTAINERS=1
|
|
- POST=1
|
|
- BUILD=1
|
|
- NETWORKS=1
|
|
- IMAGES=1 # Needed for pulling/pruning
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- internal
|
|
|
|
app:
|
|
container_name: aurora_app
|
|
restart: unless-stopped
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.prod
|
|
target: production
|
|
image: aurora-app:latest
|
|
ports:
|
|
- "127.0.0.1:3000:3000"
|
|
# Volumes for bot-triggered deployments
|
|
volumes:
|
|
# Project directory - allows git pull and rebuild
|
|
- .:/app/deploy
|
|
# SSH Keys for git authentication
|
|
- ~/.ssh/aurora_bot_key:/home/bun/.ssh/id_ed25519:ro
|
|
- ~/.ssh/known_hosts:/home/bun/.ssh/known_hosts:ro
|
|
working_dir: /app
|
|
environment:
|
|
- NODE_ENV=production
|
|
- HOST=0.0.0.0
|
|
- DB_USER=${DB_USER}
|
|
- DB_PASSWORD=${DB_PASSWORD}
|
|
- DB_NAME=${DB_NAME}
|
|
- DB_PORT=5432
|
|
- DB_HOST=db
|
|
- DISCORD_BOT_TOKEN=${DISCORD_BOT_TOKEN}
|
|
- DISCORD_GUILD_ID=${DISCORD_GUILD_ID}
|
|
- DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}
|
|
- DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@db:5432/${DB_NAME}
|
|
# Deploy directory path for bot-triggered deployments
|
|
- DEPLOY_DIR=/app/deploy
|
|
- DOCKER_HOST=tcp://socket-proxy:2375
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
socket-proxy:
|
|
condition: service_started
|
|
networks:
|
|
- internal
|
|
- web
|
|
# Security: limit resources
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 1G
|
|
# Logging configuration
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
networks:
|
|
internal:
|
|
driver: bridge
|
|
internal: true # No external access - DB isolated
|
|
web:
|
|
driver: bridge # App accessible from host (via reverse proxy)
|