silberengel
/
newsroom
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
clone of github.com/decent-newsroom/newsroom
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
438 Commits
1 Branch
0 Tags
12 MiB
 
 
 
 
 
 
Tree: 66e01a51c4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '66e01a51c4'
${ noResults }
newsroom/compose.prod.yaml

112 lines
3.3 KiB
Raw Blame History

services:
php:
build:
context: .
target: frankenphp_prod
image: yourapp/php:prod
restart: unless-stopped
environment:
# --- Symfony / App ---
APP_ENV: prod
APP_SECRET: ${APP_SECRET}
# trust your proxy/load balancer networks, adjust as needed
TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
TRUSTED_HOSTS: ${TRUSTED_HOSTS:-.+}
# Set SERVER_NAME to your domain for automatic TLS, or :80 if behind a reverse proxy
SERVER_NAME: ${SERVER_NAME:-:80}
# --- Mercure (Caddy module) ---
MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
MERCURE_PUBLISHER_JWT_ALG: ${MERCURE_PUBLISHER_JWT_ALG:-HS256}
MERCURE_SUBSCRIBER_JWT_ALG: ${MERCURE_SUBSCRIBER_JWT_ALG:-HS256}
# --- Nostr Relay ---
RELAY_DOMAIN: ${RELAY_DOMAIN:-relay.localhost}
NOSTR_DEFAULT_RELAY: ${NOSTR_DEFAULT_RELAY:-ws://strfry:7777}
# --- Database URL (optional: prefer .env.prod) ---
# DATABASE_URL: ${DATABASE_URL}
ports:
- target: 80
published: 80
protocol: tcp
# HTTPS port - required when Caddy handles TLS (SERVER_NAME is a domain, not :80)
- target: 443
published: 443
protocol: tcp
# HTTP/3 (QUIC) - optional but recommended for performance
- target: 443
published: 443
protocol: udp
volumes:
# Caddy state (TLS certs, etc.). Safe to persist.
- caddy_data:/data
- caddy_config:/config
depends_on:
database:
condition: service_healthy
strfry:
condition: service_started
worker:
build:
context: .
target: frankenphp_prod # use the prod stage so vendor/ is baked in
image: yourapp/worker:prod
working_dir: /app
entrypoint: ["php"]
command:
- bin/console
- messenger:consume
- -vv
- --memory-limit=256M
- --keepalive
- "10"
- async
restart: unless-stopped
depends_on:
php:
condition: service_started
database:
condition: service_healthy
ports: []
expose: []
volumes: [] # IMPORTANT: no bind mount in prod
database:
image: postgres:${POSTGRES_VERSION:-16}-alpine
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB:-app}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-!ChangeMe!}
POSTGRES_USER: ${POSTGRES_USER:-app}
volumes:
- database_data:/var/lib/postgresql/data:rw
healthcheck:
test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB:-app} -U ${POSTGRES_USER:-app}"]
interval: 10s
timeout: 5s
retries: 10
start_period: 60s
###> strfry relay ###
strfry:
image: dockurr/strfry:latest
restart: unless-stopped
command:
- /bin/sh
- -c
- |
./strfry relay /etc/strfry.conf &
./strfry router /etc/router.conf &
wait
volumes:
- ./docker/strfry/strfry.conf:/etc/strfry.conf:ro
- ./docker/strfry/write-policy.sh:/app/write-policy.sh:ro
- ./docker/strfry/router.conf:/etc/router.conf:ro
- strfry_data:/var/lib/strfry
###< strfry relay ###
volumes:
caddy_data:
caddy_config:
database_data:
strfry_data: