Parameterize docker-compose for server deployment
All checks were successful
CI / test (push) Successful in 20s
All checks were successful
CI / test (push) Successful in 20s
Compose settings: - Reworked docker-compose.yml to use environment-variable driven configuration. - Added shared app env anchors for backend and worker to reduce duplication. - Made ports, credentials, security limits, SMTP, and storage options configurable. Production profile: - Added docker-compose.prod.yml override to close internal service ports. - Keeps external attack surface minimal for Linux server deployments. Docs and ops: - Added .env.docker.example with full variable set for server setup. - Updated README with quick-start and production launch commands.
This commit is contained in:
@@ -1,17 +1,53 @@
|
||||
x-app-env: &app-env
|
||||
APP_NAME: ${APP_NAME:-BenyaMessenger}
|
||||
ENVIRONMENT: ${ENVIRONMENT:-production}
|
||||
DEBUG: ${DEBUG:-false}
|
||||
API_V1_PREFIX: ${API_V1_PREFIX:-/api/v1}
|
||||
AUTO_CREATE_TABLES: ${AUTO_CREATE_TABLES:-true}
|
||||
SECRET_KEY: ${SECRET_KEY:-change-me-please-with-a-long-random-secret}
|
||||
JWT_ALGORITHM: ${JWT_ALGORITHM:-HS256}
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES:-30}
|
||||
REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS:-30}
|
||||
EMAIL_VERIFICATION_TOKEN_EXPIRE_HOURS: ${EMAIL_VERIFICATION_TOKEN_EXPIRE_HOURS:-24}
|
||||
PASSWORD_RESET_TOKEN_EXPIRE_HOURS: ${PASSWORD_RESET_TOKEN_EXPIRE_HOURS:-1}
|
||||
POSTGRES_DSN: postgresql+asyncpg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-messenger}
|
||||
REDIS_URL: redis://redis:6379/0
|
||||
S3_ENDPOINT_URL: http://minio:9000
|
||||
S3_ACCESS_KEY: ${MINIO_ROOT_USER:-minioadmin}
|
||||
S3_SECRET_KEY: ${MINIO_ROOT_PASSWORD:-minioadmin}
|
||||
S3_REGION: ${S3_REGION:-us-east-1}
|
||||
S3_BUCKET_NAME: ${S3_BUCKET_NAME:-messenger-media}
|
||||
S3_PRESIGN_EXPIRE_SECONDS: ${S3_PRESIGN_EXPIRE_SECONDS:-900}
|
||||
MAX_UPLOAD_SIZE_BYTES: ${MAX_UPLOAD_SIZE_BYTES:-104857600}
|
||||
FRONTEND_BASE_URL: ${FRONTEND_BASE_URL:-http://localhost}
|
||||
SMTP_HOST: ${SMTP_HOST:-mailpit}
|
||||
SMTP_PORT: ${SMTP_PORT:-1025}
|
||||
SMTP_USERNAME: ${SMTP_USERNAME:-}
|
||||
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
|
||||
SMTP_USE_TLS: ${SMTP_USE_TLS:-false}
|
||||
SMTP_FROM_EMAIL: ${SMTP_FROM_EMAIL:-no-reply@benyamessenger.local}
|
||||
LOGIN_RATE_LIMIT_PER_MINUTE: ${LOGIN_RATE_LIMIT_PER_MINUTE:-10}
|
||||
REGISTER_RATE_LIMIT_PER_MINUTE: ${REGISTER_RATE_LIMIT_PER_MINUTE:-5}
|
||||
RESET_RATE_LIMIT_PER_MINUTE: ${RESET_RATE_LIMIT_PER_MINUTE:-5}
|
||||
REFRESH_RATE_LIMIT_PER_MINUTE: ${REFRESH_RATE_LIMIT_PER_MINUTE:-30}
|
||||
MESSAGE_RATE_LIMIT_PER_MINUTE: ${MESSAGE_RATE_LIMIT_PER_MINUTE:-30}
|
||||
DUPLICATE_MESSAGE_COOLDOWN_SECONDS: ${DUPLICATE_MESSAGE_COOLDOWN_SECONDS:-10}
|
||||
CELERY_TASK_ALWAYS_EAGER: ${CELERY_TASK_ALWAYS_EAGER:-false}
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:16-alpine
|
||||
container_name: messenger-postgres
|
||||
environment:
|
||||
POSTGRES_DB: messenger
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: postgres
|
||||
POSTGRES_DB: ${POSTGRES_DB:-messenger}
|
||||
POSTGRES_USER: ${POSTGRES_USER:-postgres}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
|
||||
ports:
|
||||
- "5432:5432"
|
||||
- "${POSTGRES_PORT:-5432}:5432"
|
||||
volumes:
|
||||
- pg_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U postgres -d messenger"]
|
||||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-messenger}"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 20
|
||||
@@ -20,7 +56,7 @@ services:
|
||||
image: redis:7-alpine
|
||||
container_name: messenger-redis
|
||||
ports:
|
||||
- "6379:6379"
|
||||
- "${REDIS_PORT:-6379}:6379"
|
||||
volumes:
|
||||
- redis_data:/data
|
||||
healthcheck:
|
||||
@@ -34,11 +70,11 @@ services:
|
||||
container_name: messenger-minio
|
||||
command: server /data --console-address ":9001"
|
||||
environment:
|
||||
MINIO_ROOT_USER: minioadmin
|
||||
MINIO_ROOT_PASSWORD: minioadmin
|
||||
MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
|
||||
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin}
|
||||
ports:
|
||||
- "9000:9000"
|
||||
- "9001:9001"
|
||||
- "${MINIO_API_PORT:-9000}:9000"
|
||||
- "${MINIO_CONSOLE_PORT:-9001}:9001"
|
||||
volumes:
|
||||
- minio_data:/data
|
||||
|
||||
@@ -48,8 +84,8 @@ services:
|
||||
- minio
|
||||
entrypoint: >
|
||||
/bin/sh -c "
|
||||
mc alias set local http://minio:9000 minioadmin minioadmin &&
|
||||
mc mb --ignore-existing local/messenger-media
|
||||
mc alias set local http://minio:9000 ${MINIO_ROOT_USER:-minioadmin} ${MINIO_ROOT_PASSWORD:-minioadmin} &&
|
||||
mc mb --ignore-existing local/${S3_BUCKET_NAME:-messenger-media}
|
||||
"
|
||||
restart: "no"
|
||||
|
||||
@@ -66,35 +102,9 @@ services:
|
||||
minio-init:
|
||||
condition: service_completed_successfully
|
||||
environment:
|
||||
APP_NAME: BenyaMessenger
|
||||
ENVIRONMENT: production
|
||||
DEBUG: "false"
|
||||
API_V1_PREFIX: /api/v1
|
||||
AUTO_CREATE_TABLES: "true"
|
||||
SECRET_KEY: "change-me-please-with-a-long-random-secret"
|
||||
JWT_ALGORITHM: HS256
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES: "30"
|
||||
REFRESH_TOKEN_EXPIRE_DAYS: "30"
|
||||
EMAIL_VERIFICATION_TOKEN_EXPIRE_HOURS: "24"
|
||||
PASSWORD_RESET_TOKEN_EXPIRE_HOURS: "1"
|
||||
POSTGRES_DSN: postgresql+asyncpg://postgres:postgres@postgres:5432/messenger
|
||||
REDIS_URL: redis://redis:6379/0
|
||||
S3_ENDPOINT_URL: http://minio:9000
|
||||
S3_ACCESS_KEY: minioadmin
|
||||
S3_SECRET_KEY: minioadmin
|
||||
S3_REGION: us-east-1
|
||||
S3_BUCKET_NAME: messenger-media
|
||||
S3_PRESIGN_EXPIRE_SECONDS: "900"
|
||||
MAX_UPLOAD_SIZE_BYTES: "104857600"
|
||||
FRONTEND_BASE_URL: http://localhost
|
||||
SMTP_HOST: mailpit
|
||||
SMTP_PORT: "1025"
|
||||
SMTP_USERNAME: ""
|
||||
SMTP_PASSWORD: ""
|
||||
SMTP_USE_TLS: "false"
|
||||
SMTP_FROM_EMAIL: no-reply@benyamessenger.local
|
||||
<<: *app-env
|
||||
ports:
|
||||
- "8000:8000"
|
||||
- "${BACKEND_PORT:-8000}:8000"
|
||||
|
||||
worker:
|
||||
build:
|
||||
@@ -108,40 +118,15 @@ services:
|
||||
backend:
|
||||
condition: service_started
|
||||
environment:
|
||||
APP_NAME: BenyaMessenger
|
||||
ENVIRONMENT: production
|
||||
DEBUG: "false"
|
||||
API_V1_PREFIX: /api/v1
|
||||
AUTO_CREATE_TABLES: "false"
|
||||
SECRET_KEY: "change-me-please-with-a-long-random-secret"
|
||||
JWT_ALGORITHM: HS256
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES: "30"
|
||||
REFRESH_TOKEN_EXPIRE_DAYS: "30"
|
||||
EMAIL_VERIFICATION_TOKEN_EXPIRE_HOURS: "24"
|
||||
PASSWORD_RESET_TOKEN_EXPIRE_HOURS: "1"
|
||||
POSTGRES_DSN: postgresql+asyncpg://postgres:postgres@postgres:5432/messenger
|
||||
REDIS_URL: redis://redis:6379/0
|
||||
S3_ENDPOINT_URL: http://minio:9000
|
||||
S3_ACCESS_KEY: minioadmin
|
||||
S3_SECRET_KEY: minioadmin
|
||||
S3_REGION: us-east-1
|
||||
S3_BUCKET_NAME: messenger-media
|
||||
S3_PRESIGN_EXPIRE_SECONDS: "900"
|
||||
MAX_UPLOAD_SIZE_BYTES: "104857600"
|
||||
FRONTEND_BASE_URL: http://localhost
|
||||
SMTP_HOST: mailpit
|
||||
SMTP_PORT: "1025"
|
||||
SMTP_USERNAME: ""
|
||||
SMTP_PASSWORD: ""
|
||||
SMTP_USE_TLS: "false"
|
||||
SMTP_FROM_EMAIL: no-reply@benyamessenger.local
|
||||
<<: *app-env
|
||||
AUTO_CREATE_TABLES: false
|
||||
|
||||
mailpit:
|
||||
image: axllent/mailpit:latest
|
||||
container_name: messenger-mailpit
|
||||
ports:
|
||||
- "1025:1025"
|
||||
- "8025:8025"
|
||||
- "${MAILPIT_SMTP_PORT:-1025}:1025"
|
||||
- "${MAILPIT_UI_PORT:-8025}:8025"
|
||||
|
||||
web:
|
||||
build:
|
||||
@@ -151,7 +136,7 @@ services:
|
||||
depends_on:
|
||||
- backend
|
||||
ports:
|
||||
- "80:80"
|
||||
- "${WEB_PORT:-80}:80"
|
||||
|
||||
volumes:
|
||||
pg_data:
|
||||
|
||||
Reference in New Issue
Block a user