docker-compose.prod.yml at 23b56c3ec6af51ac75aa89c5a7f033bf43957aea · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / docker-compose.prod.yml
at 23b56c3ec6af51ac75aa89c5a7f033bf43957aea 4.8 kB view raw
  1services:
  2  bspds:
  3    build:
  4      context: .
  5      dockerfile: Dockerfile
  6    image: bspds:latest
  7    restart: unless-stopped
  8    ports:
  9      - "127.0.0.1:3000:3000"
 10    environment:
 11      SERVER_HOST: "0.0.0.0"
 12      SERVER_PORT: "3000"
 13      PDS_HOSTNAME: "${PDS_HOSTNAME:?PDS_HOSTNAME is required}"
 14      DATABASE_URL: "postgres://bspds:${DB_PASSWORD:?DB_PASSWORD is required}@db:5432/pds"
 15      S3_ENDPOINT: "http://minio:9000"
 16      AWS_REGION: "us-east-1"
 17      S3_BUCKET: "pds-blobs"
 18      AWS_ACCESS_KEY_ID: "${MINIO_ROOT_USER:-minioadmin}"
 19      AWS_SECRET_ACCESS_KEY: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
 20      VALKEY_URL: "redis://valkey:6379"
 21      JWT_SECRET: "${JWT_SECRET:?JWT_SECRET is required (min 32 chars)}"
 22      DPOP_SECRET: "${DPOP_SECRET:?DPOP_SECRET is required (min 32 chars)}"
 23      MASTER_KEY: "${MASTER_KEY:?MASTER_KEY is required (min 32 chars)}"
 24      APPVIEW_URL: "${APPVIEW_URL:-https://api.bsky.app}"
 25      CRAWLERS: "${CRAWLERS:-https://bsky.network}"
 26      FRONTEND_DIR: "/app/frontend/dist"
 27    depends_on:
 28      db:
 29        condition: service_healthy
 30      minio:
 31        condition: service_healthy
 32      valkey:
 33        condition: service_healthy
 34    healthcheck:
 35      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/xrpc/_health"]
 36      interval: 30s
 37      timeout: 10s
 38      retries: 3
 39      start_period: 10s
 40    deploy:
 41      resources:
 42        limits:
 43          memory: 1G
 44        reservations:
 45          memory: 256M
 46  db:
 47    image: postgres:18-alpine
 48    restart: unless-stopped
 49    environment:
 50      POSTGRES_USER: bspds
 51      POSTGRES_PASSWORD: "${DB_PASSWORD:?DB_PASSWORD is required}"
 52      POSTGRES_DB: pds
 53    volumes:
 54      - postgres_data:/var/lib/postgresql/data
 55    healthcheck:
 56      test: ["CMD-SHELL", "pg_isready -U bspds -d pds"]
 57      interval: 10s
 58      timeout: 5s
 59      retries: 5
 60      start_period: 10s
 61    deploy:
 62      resources:
 63        limits:
 64          memory: 512M
 65        reservations:
 66          memory: 128M
 67  minio:
 68    image: minio/minio:RELEASE.2025-10-15T17-29-55Z
 69    restart: unless-stopped
 70    command: server /data --console-address ":9001"
 71    environment:
 72      MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
 73      MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
 74    volumes:
 75      - minio_data:/data
 76    healthcheck:
 77      test: ["CMD", "mc", "ready", "local"]
 78      interval: 30s
 79      timeout: 10s
 80      retries: 3
 81      start_period: 10s
 82    deploy:
 83      resources:
 84        limits:
 85          memory: 512M
 86        reservations:
 87          memory: 128M
 88  minio-init:
 89    image: minio/mc:RELEASE.2025-07-16T15-35-03Z
 90    depends_on:
 91      minio:
 92        condition: service_healthy
 93    entrypoint: >
 94      /bin/sh -c "
 95      mc alias set local http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD};
 96      mc mb --ignore-existing local/pds-blobs;
 97      mc anonymous set none local/pds-blobs;
 98      exit 0;
 99      "
100    environment:
101      MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
102      MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
103  valkey:
104    image: valkey/valkey:9-alpine
105    restart: unless-stopped
106    command: valkey-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
107    volumes:
108      - valkey_data:/data
109    healthcheck:
110      test: ["CMD", "valkey-cli", "ping"]
111      interval: 10s
112      timeout: 5s
113      retries: 3
114      start_period: 5s
115    deploy:
116      resources:
117        limits:
118          memory: 300M
119        reservations:
120          memory: 64M
121  nginx:
122    image: nginx:1.28-alpine
123    restart: unless-stopped
124    ports:
125      - "80:80"
126      - "443:443"
127    volumes:
128      - ./nginx.prod.conf:/etc/nginx/nginx.conf:ro
129      - ./certs:/etc/nginx/certs:ro
130      - acme_challenge:/var/www/acme:ro
131    depends_on:
132      - bspds
133    healthcheck:
134      test: ["CMD", "nginx", "-t"]
135      interval: 30s
136      timeout: 10s
137      retries: 3
138  certbot:
139    image: certbot/certbot:v5.2.2
140    volumes:
141      - ./certs:/etc/letsencrypt
142      - acme_challenge:/var/www/acme
143    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/acme; sleep 12h & wait $${!}; done'"
144  prometheus:
145    image: prom/prometheus:v3.8.0
146    restart: unless-stopped
147    ports:
148      - "127.0.0.1:9090:9090"
149    volumes:
150      - ./observability/prometheus.yml:/etc/prometheus/prometheus.yml:ro
151      - prometheus_data:/prometheus
152    command:
153      - '--config.file=/etc/prometheus/prometheus.yml'
154      - '--storage.tsdb.path=/prometheus'
155      - '--storage.tsdb.retention.time=30d'
156    deploy:
157      resources:
158        limits:
159          memory: 256M
160volumes:
161  postgres_data:
162  minio_data:
163  valkey_data:
164  prometheus_data:
165  acme_challenge: