docker-compose.prod.yml at d01c1445b6b69d47e67107496c9c8bc827fef5ce · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / docker-compose.prod.yml
at d01c1445b6b69d47e67107496c9c8bc827fef5ce 4.8 kB view raw
  1services:
  2  bspds:
  3    build:
  4      context: .
  5      dockerfile: Dockerfile
  6    image: bspds:latest
  7    restart: unless-stopped
  8    ports:
  9      - "127.0.0.1:3000:3000"
 10    environment:
 11      SERVER_HOST: "0.0.0.0"
 12      SERVER_PORT: "3000"
 13      PDS_HOSTNAME: "${PDS_HOSTNAME:?PDS_HOSTNAME is required}"
 14      DATABASE_URL: "postgres://bspds:${DB_PASSWORD:?DB_PASSWORD is required}@db:5432/pds"
 15      S3_ENDPOINT: "http://minio:9000"
 16      AWS_REGION: "us-east-1"
 17      S3_BUCKET: "pds-blobs"
 18      AWS_ACCESS_KEY_ID: "${MINIO_ROOT_USER:-minioadmin}"
 19      AWS_SECRET_ACCESS_KEY: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
 20      VALKEY_URL: "redis://valkey:6379"
 21      JWT_SECRET: "${JWT_SECRET:?JWT_SECRET is required (min 32 chars)}"
 22      DPOP_SECRET: "${DPOP_SECRET:?DPOP_SECRET is required (min 32 chars)}"
 23      MASTER_KEY: "${MASTER_KEY:?MASTER_KEY is required (min 32 chars)}"
 24      APPVIEW_URL: "${APPVIEW_URL:-https://api.bsky.app}"
 25      CRAWLERS: "${CRAWLERS:-https://bsky.network}"
 26      FRONTEND_DIR: "/app/frontend/dist"
 27    depends_on:
 28      db:
 29        condition: service_healthy
 30      minio:
 31        condition: service_healthy
 32      valkey:
 33        condition: service_healthy
 34    healthcheck:
 35      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/xrpc/_health"]
 36      interval: 30s
 37      timeout: 10s
 38      retries: 3
 39      start_period: 10s
 40    deploy:
 41      resources:
 42        limits:
 43          memory: 1G
 44        reservations:
 45          memory: 256M
 46
 47  db:
 48    image: postgres:18-alpine
 49    restart: unless-stopped
 50    environment:
 51      POSTGRES_USER: bspds
 52      POSTGRES_PASSWORD: "${DB_PASSWORD:?DB_PASSWORD is required}"
 53      POSTGRES_DB: pds
 54    volumes:
 55      - postgres_data:/var/lib/postgresql/data
 56    healthcheck:
 57      test: ["CMD-SHELL", "pg_isready -U bspds -d pds"]
 58      interval: 10s
 59      timeout: 5s
 60      retries: 5
 61      start_period: 10s
 62    deploy:
 63      resources:
 64        limits:
 65          memory: 512M
 66        reservations:
 67          memory: 128M
 68
 69  minio:
 70    image: minio/minio:RELEASE.2025-10-15T17-29-55Z
 71    restart: unless-stopped
 72    command: server /data --console-address ":9001"
 73    environment:
 74      MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
 75      MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
 76    volumes:
 77      - minio_data:/data
 78    healthcheck:
 79      test: ["CMD", "mc", "ready", "local"]
 80      interval: 30s
 81      timeout: 10s
 82      retries: 3
 83      start_period: 10s
 84    deploy:
 85      resources:
 86        limits:
 87          memory: 512M
 88        reservations:
 89          memory: 128M
 90
 91  minio-init:
 92    image: minio/mc:RELEASE.2025-07-16T15-35-03Z
 93    depends_on:
 94      minio:
 95        condition: service_healthy
 96    entrypoint: >
 97      /bin/sh -c "
 98      mc alias set local http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD};
 99      mc mb --ignore-existing local/pds-blobs;
100      mc anonymous set none local/pds-blobs;
101      exit 0;
102      "
103    environment:
104      MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
105      MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
106
107  valkey:
108    image: valkey/valkey:9-alpine
109    restart: unless-stopped
110    command: valkey-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
111    volumes:
112      - valkey_data:/data
113    healthcheck:
114      test: ["CMD", "valkey-cli", "ping"]
115      interval: 10s
116      timeout: 5s
117      retries: 3
118      start_period: 5s
119    deploy:
120      resources:
121        limits:
122          memory: 300M
123        reservations:
124          memory: 64M
125
126  nginx:
127    image: nginx:1.28-alpine
128    restart: unless-stopped
129    ports:
130      - "80:80"
131      - "443:443"
132    volumes:
133      - ./nginx.prod.conf:/etc/nginx/nginx.conf:ro
134      - ./certs:/etc/nginx/certs:ro
135      - acme_challenge:/var/www/acme:ro
136    depends_on:
137      - bspds
138    healthcheck:
139      test: ["CMD", "nginx", "-t"]
140      interval: 30s
141      timeout: 10s
142      retries: 3
143
144  certbot:
145    image: certbot/certbot:v5.2.2
146    volumes:
147      - ./certs:/etc/letsencrypt
148      - acme_challenge:/var/www/acme
149    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/acme; sleep 12h & wait $${!}; done'"
150
151  prometheus:
152    image: prom/prometheus:v3.8.0
153    restart: unless-stopped
154    ports:
155      - "127.0.0.1:9090:9090"
156    volumes:
157      - ./observability/prometheus.yml:/etc/prometheus/prometheus.yml:ro
158      - prometheus_data:/prometheus
159    command:
160      - '--config.file=/etc/prometheus/prometheus.yml'
161      - '--storage.tsdb.path=/prometheus'
162      - '--storage.tsdb.retention.time=30d'
163    deploy:
164      resources:
165        limits:
166          memory: 256M
167
168volumes:
169  postgres_data:
170  minio_data:
171  valkey_data:
172  prometheus_data:
173  acme_challenge: