PHXGMBH/docker-compose-selfhost
12
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: PHXGMBH:32798cb241978f8d06f27f75e9824da47aba30b0
Branches Tags
PHXGMBH:master
..
compare: PHXGMBH:master
Branches Tags
PHXGMBH:master

14 Commits
32798cb241 ... master

Author SHA1 Message Date
Yuri-Lima
cc164f24e4 🔧 UPDATE: Add CREDENTIAL_ENCRYPTION_KEY to .env for enhanced security configuration. 2025-12-19 13:18:34 +01:00
Yuri-Lima
1573f34736 🔧 UPDATE: Add CREDENTIAL_ENCRYPTION_KEY environment variable to docker-compose configuration for enhanced security. 2025-12-03 12:16:48 +01:00
Yuri-Lima
8ff80fdf46 👌 IMPROVE: DEV-2106 Define logging configuration for your services [2] 2025-10-07 09:23:26 +02:00
Yuri-Lima
7d5838ea81 🔨 REFACTOR: DEV-2052 Excessive HTTP 4xx errors to be 50 errors in 5 min 2025-09-24 15:21:07 +02:00
Yuri-Lima
9dbce8a3a4 🔧 UPDATE: Add custom server volume to docker-compose files for improved asset management across multiple projects. 2025-09-23 09:42:40 +02:00
Yuri-Lima
75a9ffe26a 🔧 UPDATE: Change Redis image to redis:7.2-alpine and update healthcheck and command configurations across multiple docker-compose files. 2025-09-18 07:49:41 +02:00
Yuri-Lima
486ec457d0 👌 IMPROVE: DEV-1999 Improved Pgadmin HealtCheck Browser 2025-09-12 07:39:23 +02:00
Yuri Lima
87bc685d6f SUPER_ADMIN_USER_PASSWORD To PgAdmin Login 2025-09-11 14:07:50 +00:00
Yuri Lima
f462454574 Remove no used PGADMIN_DEFAULT_PASSWORD 2025-09-11 14:04:41 +00:00
Yuri Matos de Lima
51d4555ab2 pgadmin Upgrade 2025-09-11 16:01:55 +02:00
Yuri Matos de Lima
5cc9aaccee Accessing the System update 2025-09-11 16:00:32 +02:00
Yuri-Lima
eff610142f DEV-1989 ALL status codes under /pgadmin4 (including 401, 499, 404, etc.) 2025-09-10 17:17:45 +02:00
Yuri Lima
da8790fd21 Remove resources-limits.md file containing references to Docker Compose resource limits documentation 2025-09-02 17:10:40 +02:00
Yuri Lima
448779fd7e Add Git installation check to Docker installation script 2025-09-02 17:10:34 +02:00
7 changed files with 425 additions and 374 deletions
Expand all files Collapse all files

2
.env
View File

@@ -2,7 +2,6 @@
NODE_ENV=production NODE_ENV=production
# ====== Database Configuration ====== # ====== Database Configuration ======
POSTGRES_PASSWORD="8*6&Ti3TJxN^" POSTGRES_PASSWORD="8*6&Ti3TJxN^"
PGADMIN_DEFAULT_PASSWORD="8*6&Ti3TJxN^"
DB_NAME="phoenix" DB_NAME="phoenix"
DB_HOST="phoenixDB" DB_HOST="phoenixDB"
DB_PORT=5432 DB_PORT=5432
@@ -23,3 +22,4 @@ REDIS_PASSWORD="8*6&Ti3TJxN^"
# ====== PHX-SYSTEM Configuration ====== # ====== PHX-SYSTEM Configuration ======
PHOENIX_SYSTEM_REPLICAS=1 PHOENIX_SYSTEM_REPLICAS=1
PHX_HOST_NAME= PHX_HOST_NAME=
CREDENTIAL_ENCRYPTION_KEY=

4
README.md
View File

@@ -84,5 +84,5 @@ You can access log services like pgAdmin, Postgres, Phoenix ERP, and others afte
# 🌐 Accessing the System # 🌐 Accessing the System
| **Service** | **URL** | **Credentials** | | **Service** | **URL** | **Credentials** |
|------------------|----------------------------------|----------------------------------------------------| |------------------|----------------------------------|----------------------------------------------------|
| **Phoenix ERP** | [http://localhost:4200](http://localhost:4200) | login: superadmin and password as configured in `.env` | | **Phoenix ERP** | [http://HOST_IP](http://HOST_IP) | login: superadmin and password as configured in `.env` -> `SUPER_ADMIN_USER_PASSWORD` |
| **pgAdmin** | [http://localhost:5050](http://localhost:5050) | Email: `info@phx-erp.de` <br> Password: from `.env` | | **pgAdmin** | [http://HOST_IP/pgadmin4/](http://HOST_IP/pgadmin4/) | Email: `info@phx-erp.de` <br> Password: from `SUPER_ADMIN_USER_PASSWORD` |

13
basic-instalations.sh
View File

@@ -9,9 +9,22 @@ is_wsl() {
grep -qi microsoft /proc/version 2>/dev/null grep -qi microsoft /proc/version 2>/dev/null
} }
check_git_installed() {
if ! command -v git &> /dev/null; then
echo "🔍 Git not found, installing..."
sudo apt-get update
sudo apt-get install -y git
echo "✅ Git installed successfully!"
else
echo "✔️ Git is already installed: $(git --version)"
fi
}
install_docker_linux() { install_docker_linux() {
echo "🔧 Installing Docker on Linux..." echo "🔧 Installing Docker on Linux..."
check_git_installed
# Remove old versions # Remove old versions
sudo apt-get remove -y docker docker-engine docker.io containerd runc || true sudo apt-get remove -y docker docker-engine docker.io containerd runc || true

762
docker-compose.yaml
View File

@@ -1,361 +1,401 @@
--- ---
services: services:
postgres-auto-upgrade: postgres-auto-upgrade:
profiles: profiles:
- postgres-upgrade # 🟢 This isolates the service - postgres-upgrade # 🟢 This isolates the service
image: alpine:3.19 image: alpine:3.19
container_name: postgres_auto_upgrade container_name: postgres_auto_upgrade
working_dir: /opt/phx working_dir: /opt/phx
volumes: volumes:
- .:/opt/phx:rw - .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
entrypoint: > entrypoint: >
sh -c " sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix && apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins && mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose && curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose && chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./postgres_upgrade.sh && chmod +x ./postgres_upgrade.sh &&
./postgres_upgrade.sh" ./postgres_upgrade.sh"
restart: 'no' restart: 'no'
depends_on: [] depends_on: []
network_mode: bridge network_mode: bridge
postgres-auto-rollback: postgres-auto-rollback:
profiles: profiles:
- postgres-rollback # 🟢 This isolates the service - postgres-rollback # 🟢 This isolates the service
image: alpine:3.19 image: alpine:3.19
container_name: postgres_rollback container_name: postgres_rollback
working_dir: /opt/phx working_dir: /opt/phx
volumes: volumes:
- .:/opt/phx:rw - .:/opt/phx:rw
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
entrypoint: > entrypoint: >
sh -c " sh -c "
apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix && apk add --no-cache bash coreutils grep sed findutils curl docker-cli dos2unix &&
mkdir -p ~/.docker/cli-plugins && mkdir -p ~/.docker/cli-plugins &&
curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose && curl -SL https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose &&
chmod +x ~/.docker/cli-plugins/docker-compose && chmod +x ~/.docker/cli-plugins/docker-compose &&
chmod +x ./rollback_postgres_upgrade.sh && chmod +x ./rollback_postgres_upgrade.sh &&
./rollback_postgres_upgrade.sh" ./rollback_postgres_upgrade.sh"
restart: 'no' restart: 'no'
depends_on: [] depends_on: []
network_mode: bridge network_mode: bridge
postgres: postgres:
restart: always restart: always
image: "postgres:17.5-alpine" image: "postgres:17.5-alpine"
container_name: phoenixDB # Hostname container_name: phoenixDB # Hostname
# logging: logging:
# driver: loki driver: "json-file"
# options: options:
# loki-url: "${LOKI_URL}" max-size: "100m"
# loki-retries: "${LOKI_RETRIES}" max-file: "5"
# loki-batch-size: "${LOKI_BATCH_SIZE}" # logging:
# loki-external-labels: "service=phx-postgres,env=prod" # driver: loki
networks: # options:
- backend # loki-url: "${LOKI_URL}"
environment: # loki-retries: "${LOKI_RETRIES}"
DEBUG: true # loki-batch-size: "${LOKI_BATCH_SIZE}"
POSTGRES_DB: ${DB_NAME} # loki-external-labels: "service=phx-postgres,env=prod"
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} networks:
volumes: - backend
- "./database:/var/lib/postgresql/data" environment:
# deploy: DEBUG: true
# restart_policy: # Define how the service should restart when it fails POSTGRES_DB: ${DB_NAME}
# condition: on-failure # Only restart if the container exits with a non-zero code POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
# delay: 5s # Wait 5 seconds before attempting to restart volumes:
# max_attempts: 5 # Maximum number of restart attempts before giving up - "./database:/var/lib/postgresql/data"
# window: 120s # Time window to evaluate restart attempts (resets counter after this period) # deploy:
# resources: # Resource allocation and limits for the container # restart_policy: # Define how the service should restart when it fails
# limits: # Maximum resources the container can use # condition: on-failure # Only restart if the container exits with a non-zero code
# cpus: "0.75" # Maximum CPU cores (75% of one core) # delay: 5s # Wait 5 seconds before attempting to restart
# memory: 768M # Maximum memory usage (768 megabytes) # max_attempts: 5 # Maximum number of restart attempts before giving up
# reservations: # Guaranteed minimum resources for the container # window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# cpus: "0.25" # Reserved CPU cores (25% of one core) # resources: # Resource allocation and limits for the container
# memory: 256M # Reserved memory (256 megabytes) # limits: # Maximum resources the container can use
healthcheck: # cpus: "0.75" # Maximum CPU cores (75% of one core)
test: [ "CMD-SHELL", "pg_isready -U postgres" ] # memory: 768M # Maximum memory usage (768 megabytes)
interval: 5s # Time between each health check # reservations: # Guaranteed minimum resources for the container
timeout: 2s # Number of failures before marking as unhealthy # cpus: "0.25" # Reserved CPU cores (25% of one core)
retries: 5 # Grace period before health checks start # memory: 256M # Reserved memory (256 megabytes)
pgadmin: healthcheck:
restart: always test: [ "CMD-SHELL", "pg_isready -U postgres" ]
image: dpage/pgadmin4:9.6.0 interval: 5s # Time between each health check
container_name: pgadmin4-ui timeout: 2s # Number of failures before marking as unhealthy
user: "5050:5050" retries: 5 # Grace period before health checks start
# logging: pgadmin:
# driver: loki restart: always
# options: image: dpage/pgadmin4:9.8.0
# loki-url: "${LOKI_URL}" container_name: pgadmin4-ui
# loki-retries: "${LOKI_RETRIES}" user: "5050:5050"
# loki-batch-size: "${LOKI_BATCH_SIZE}" logging:
# loki-external-labels: "service=phx-pgadmin,env=prod" driver: "json-file"
networks: options:
- backend max-size: "100m"
- frontend max-file: "5"
environment: # logging:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL} # driver: loki
PGADMIN_DEFAULT_PASSWORD: ${SUPER_ADMIN_USER_PASSWORD} # options:
PGADMIN_CONFIG_SERVER_MODE: 'True' # loki-url: "${LOKI_URL}"
PGADMIN_CONFIG_WSGI_SCRIPT_NAME: "'/pgadmin4'" # loki-retries: "${LOKI_RETRIES}"
PGADMIN_CONFIG_PROXY_X_PROTO_COUNT: 1 # loki-batch-size: "${LOKI_BATCH_SIZE}"
PGADMIN_SERVER_JSON_FILE: '/var/lib/pgadmin/servers.json' # loki-external-labels: "service=phx-pgadmin,env=prod"
PGADMIN_REPLACE_SERVERS_ON_STARTUP: 'True' networks:
PGADMIN_CONFIG_DATA_DIR: "'/var/lib/pgadmin'" - backend
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False' - frontend
environment:
# pgpass dynamic vars PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGPASSFILE: /var/lib/pgadmin/pgpass PGADMIN_DEFAULT_PASSWORD: ${SUPER_ADMIN_USER_PASSWORD}
PGPASS_HOST: ${DB_HOST} PGADMIN_CONFIG_SERVER_MODE: 'True'
PGPASS_PORT: ${DB_PORT} PGADMIN_CONFIG_WSGI_SCRIPT_NAME: "'/pgadmin4'"
PGPASS_DB: ${DB_NAME} PGADMIN_CONFIG_PROXY_X_PROTO_COUNT: 1
PGPASS_USER: ${DB_USERNAME} PGADMIN_SERVER_JSON_FILE: '/var/lib/pgadmin/servers.json'
PGPASS_PASSWORD: ${POSTGRES_PASSWORD} PGADMIN_REPLACE_SERVERS_ON_STARTUP: 'True'
PGADMIN_CONFIG_DATA_DIR: "'/var/lib/pgadmin'"
# Other config PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
ALLOW_SAVE_PASSWORD: 'False'
MFA_ENABLED: 'True' # pgpass dynamic vars
MFA_FORCE_REGISTRATION: 'False' PGPASSFILE: /var/lib/pgadmin/pgpass
MFA_SUPPORTED_METHODS: 'email' PGPASS_HOST: ${DB_HOST}
MFA_EMAIL_SUBJECT: 'Your MFA code by PHX-ERP' PGPASS_PORT: ${DB_PORT}
MAX_LOGIN_ATTEMPTS: 5 PGPASS_DB: ${DB_NAME}
ENHANCED_COOKIE_PROTECTION: 'True' PGPASS_USER: ${DB_USERNAME}
SHOW_GRAVATAR_IMAGE: 'True' PGPASS_PASSWORD: ${POSTGRES_PASSWORD}
SECURITY_EMAIL_SENDER: ${SECURITY_EMAIL_SENDER}
MAIL_SERVER: ${MAIL_SERVER} # Other config
MAIL_PORT: ${MAIL_PORT} ALLOW_SAVE_PASSWORD: 'False'
MAIL_USE_SSL: 'False' MFA_ENABLED: 'True'
MAIL_USE_TLS: 'False' MFA_FORCE_REGISTRATION: 'False'
MAIL_USERNAME: ${MAIL_USERNAME} MFA_SUPPORTED_METHODS: 'email'
MAIL_PASSWORD: ${MAIL_PASSWORD} MFA_EMAIL_SUBJECT: 'Your MFA code by PHX-ERP'
MAIL_DEBUG: 'False' MAX_LOGIN_ATTEMPTS: 5
volumes: ENHANCED_COOKIE_PROTECTION: 'True'
- ./pgadmin/data:/var/lib/pgadmin SHOW_GRAVATAR_IMAGE: 'True'
- ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro SECURITY_EMAIL_SENDER: ${SECURITY_EMAIL_SENDER}
mem_limit: 512M MAIL_SERVER: ${MAIL_SERVER}
memswap_limit: 512M MAIL_PORT: ${MAIL_PORT}
deploy: MAIL_USE_SSL: 'False'
restart_policy: # Define how the service should restart when it fails MAIL_USE_TLS: 'False'
condition: on-failure # Only restart if the container exits with a non-zero code MAIL_USERNAME: ${MAIL_USERNAME}
delay: 5s # Wait 5 seconds before attempting to restart MAIL_PASSWORD: ${MAIL_PASSWORD}
max_attempts: 5 # Maximum number of restart attempts before giving up MAIL_DEBUG: 'False'
window: 120s # Time window to evaluate restart attempts (resets counter after this period) volumes:
resources: # Resource allocation and limits for the container - ./pgadmin/data:/var/lib/pgadmin
limits: # Maximum resources the container can use - ./pgadmin/pgadmin-entrypoint.sh:/docker-entrypoint.sh:ro
cpus: "1.0" # Maximum CPU cores (100% of one core) mem_limit: 512M
memory: 512M # Maximum memory usage (512 megabytes) memswap_limit: 512M
reservations: # Guaranteed minimum resources for the container deploy:
cpus: "0.15" # Reserved CPU cores (15% of one core) restart_policy: # Define how the service should restart when it fails
memory: 250M # Reserved memory (250 megabytes) condition: on-failure # Only restart if the container exits with a non-zero code
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"] delay: 5s # Wait 5 seconds before attempting to restart
depends_on: max_attempts: 5 # Maximum number of restart attempts before giving up
postgres: window: 120s # Time window to evaluate restart attempts (resets counter after this period)
condition: service_healthy resources: # Resource allocation and limits for the container
healthcheck: limits: # Maximum resources the container can use
test: ["CMD", "wget", "-O", "-", "http://localhost:80/misc/ping"] cpus: "1.0" # Maximum CPU cores (100% of one core)
interval: 15s memory: 512M # Maximum memory usage (512 megabytes)
timeout: 10s reservations: # Guaranteed minimum resources for the container
retries: 5 cpus: "0.15" # Reserved CPU cores (15% of one core)
start_period: 120s memory: 250M # Reserved memory (250 megabytes)
phoenix-app: entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
restart: always depends_on:
image: "phxerp/phoenix-app:alpha" postgres:
container_name: phoenix-app condition: service_healthy
ports: healthcheck:
- '80:80' test: ["CMD-SHELL", "wget -qO- http://localhost:80/misc/ping && wget -qO- http://localhost:80/browser/"]
- '443:443' interval: 15s
- '3000:3000' timeout: 10s
- '4200:4200' retries: 5
# logging: start_period: 150s
# driver: loki phoenix-app:
# options: restart: always
# loki-url: "${LOKI_URL}" image: "phxerp/phoenix-app:alpha"
# loki-retries: "${LOKI_RETRIES}" container_name: phoenix-app
# loki-batch-size: "${LOKI_BATCH_SIZE}" logging:
# loki-external-labels: "service=phx-app,env=prod,project=phoenix" driver: "json-file"
volumes: options:
- ./app_custom:/usr/share/nginx/html/assets/custom max-size: "100m"
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Uncomment this if you want to use override the default nginx.conf max-file: "5"
# - ./nginx/includes:/etc/nginx/includes:ro # Uncomment this if you want to use override the default includes ports:
networks: - '80:80'
- backend - '443:443'
- frontend - '3000:3000'
# deploy: - '4200:4200'
# restart_policy: # Define how the service should restart when it fails # logging:
# condition: on-failure # Only restart if the container exits with a non-zero code # driver: loki
# delay: 5s # Wait 5 seconds before attempting to restart # options:
# max_attempts: 5 # Maximum number of restart attempts before giving up # loki-url: "${LOKI_URL}"
# window: 120s # Time window to evaluate restart attempts (resets counter after this period) # loki-retries: "${LOKI_RETRIES}"
# resources: # Resource allocation and limits for the container # loki-batch-size: "${LOKI_BATCH_SIZE}"
# limits: # Maximum resources the container can use # loki-external-labels: "service=phx-app,env=prod,project=phoenix"
# cpus: "0.35" # Maximum CPU cores (35% of one core) volumes:
# memory: 384M # Maximum memory usage (384 megabytes) - ./app_custom:/usr/share/nginx/html/assets/custom
# reservations: # Guaranteed minimum resources for the container # - ./nginx/nginx.conf:/etc/nginx/nginx.conf # Uncomment this if you want to use override the default nginx.conf
# cpus: "0.10" # Reserved CPU cores (10% of one core) # - ./nginx/includes:/etc/nginx/includes:ro # Uncomment this if you want to use override the default includes
# memory: 128M # Reserved memory (128 megabytes) networks:
healthcheck: - backend
test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root - frontend
interval: 10s # check every 10 seconds # deploy:
timeout: 5s # allow 5 seconds per check # restart_policy: # Define how the service should restart when it fails
retries: 5 # mark as unhealthy after 5 failures # condition: on-failure # Only restart if the container exits with a non-zero code
start_period: 15s # wait 15 seconds after container start before checking # delay: 5s # Wait 5 seconds before attempting to restart
phoenix-system: # max_attempts: 5 # Maximum number of restart attempts before giving up
restart: always # window: 120s # Time window to evaluate restart attempts (resets counter after this period)
image: "phxerp/phoenix-system:alpha" # resources: # Resource allocation and limits for the container
# logging: # limits: # Maximum resources the container can use
# driver: loki # cpus: "0.35" # Maximum CPU cores (35% of one core)
# options: # memory: 384M # Maximum memory usage (384 megabytes)
# loki-url: "${LOKI_URL}" # reservations: # Guaranteed minimum resources for the container
# loki-retries: "${LOKI_RETRIES}" # cpus: "0.10" # Reserved CPU cores (10% of one core)
# loki-batch-size: "${LOKI_BATCH_SIZE}" # memory: 128M # Reserved memory (128 megabytes)
# loki-external-labels: "service=phoenix-system,env=prod" healthcheck:
environment: test: ["CMD", "wget", "--spider", "-q", "http://phoenix-app/login"] # localhost checks that the NGINX server inside the container is serving something at the root
- "DB_HOST=${DB_HOST}" interval: 10s # check every 10 seconds
- "DB_NAME=${DB_NAME}" timeout: 5s # allow 5 seconds per check
- "DB_PASSWORD=${POSTGRES_PASSWORD}" retries: 5 # mark as unhealthy after 5 failures
- "DB_USERNAME=${DB_USERNAME}" start_period: 15s # wait 15 seconds after container start before checking
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}" phoenix-system:
- "REDIS_PASSWORD=${REDIS_PASSWORD}" restart: always
- NODE_ENV=${NODE_ENV} image: "phxerp/phoenix-system:alpha"
- PHX_HOST_NAME=${PHX_HOST_NAME} logging:
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING} driver: "json-file"
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD} options:
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY} max-size: "100m"
command: ["npm", "run", "start:server"] max-file: "5"
deploy: # logging:
replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now # driver: loki
# restart_policy: # Define how the service should restart when it fails # options:
# condition: on-failure # Only restart if the container exits with a non-zero code # loki-url: "${LOKI_URL}"
# delay: 5s # Wait 5 seconds before attempting to restart # loki-retries: "${LOKI_RETRIES}"
# max_attempts: 5 # Maximum number of restart attempts before giving up # loki-batch-size: "${LOKI_BATCH_SIZE}"
# window: 120s # Time window to evaluate restart attempts (resets counter after this period) # loki-external-labels: "service=phoenix-system,env=prod"
# resources: # Resource allocation and limits for the container environment:
# limits: # Maximum resources the container can use - "DB_HOST=${DB_HOST}"
# cpus: "1.50" # Maximum CPU cores (150% of one core) - "DB_NAME=${DB_NAME}"
# memory: 1600M # Maximum memory usage (1600 megabytes) - "DB_PASSWORD=${POSTGRES_PASSWORD}"
# reservations: # Guaranteed minimum resources for the container - "DB_USERNAME=${DB_USERNAME}"
# cpus: "0.50" # Reserved CPU cores (50% of one core) - "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
# memory: 768M # Reserved memory (768 megabytes) - "REDIS_PASSWORD=${REDIS_PASSWORD}"
networks: - NODE_ENV=${NODE_ENV}
backend: - PHX_HOST_NAME=${PHX_HOST_NAME}
aliases: - CREDENTIAL_ENCRYPTION_KEY=${CREDENTIAL_ENCRYPTION_KEY}
- phoenix-system - PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
depends_on: - PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
postgres: - PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
condition: service_healthy command: ["npm", "run", "start:server"]
healthcheck: deploy:
test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status replicas: ${PHOENIX_SYSTEM_REPLICAS} #change here if u want to have more replicas. Cant find a way to set via variable right now
interval: 10s # Time between each health check # restart_policy: # Define how the service should restart when it fails
timeout: 10s # Max time to wait for each check # condition: on-failure # Only restart if the container exits with a non-zero code
retries: 20 # Number of failures before marking as unhealthy # delay: 5s # Wait 5 seconds before attempting to restart
start_period: 60s # Grace period before health checks start # max_attempts: 5 # Maximum number of restart attempts before giving up
volumes: # window: 120s # Time window to evaluate restart attempts (resets counter after this period)
- "./assets:/usr/src/app/packages/dev-server/assets" # resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# - "./logs:/usr/src/app/packages/dev-server/logs" # cpus: "1.50" # Maximum CPU cores (150% of one core)
phoenix-worker: # memory: 1600M # Maximum memory usage (1600 megabytes)
restart: always # reservations: # Guaranteed minimum resources for the container
image: "phxerp/phoenix-system:alpha" # cpus: "0.50" # Reserved CPU cores (50% of one core)
container_name: "phoenix-worker" # memory: 768M # Reserved memory (768 megabytes)
ports: networks:
- "3001:3001" # Restrict to only allow access from Grafana Server IP backend:
# logging: aliases:
# driver: loki - phoenix-system
# options: depends_on:
# loki-url: "${LOKI_URL}" postgres:
# loki-retries: "${LOKI_RETRIES}" condition: service_healthy
# loki-batch-size: "${LOKI_BATCH_SIZE}" healthcheck:
# loki-external-labels: "service=phx-worker,env=prod" test: ["CMD-SHELL", "curl -s http://phoenix-system:3000/health | grep -q '\"admin-api\":{\"status\":\"up\"}' && curl -s http://phoenix-system:3000/health | grep -q '\"database\":{\"status\":\"up\"}'"] # Checks both admin-api and database status
networks: interval: 10s # Time between each health check
- backend timeout: 10s # Max time to wait for each check
environment: retries: 20 # Number of failures before marking as unhealthy
- "DB_HOST=${DB_HOST}" start_period: 60s # Grace period before health checks start
- "DB_NAME=${DB_NAME}" volumes:
- "DB_PASSWORD=${POSTGRES_PASSWORD}" - "./assets:/usr/src/app/packages/dev-server/assets"
- "DB_USERNAME=${DB_USERNAME}" - "./server_custom:/usr/src/app/packages/dev-server/custom"
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}" # - "./logs:/usr/src/app/packages/dev-server/logs"
- REDIS_PASSWORD=${REDIS_PASSWORD} phoenix-worker:
- NODE_ENV=${NODE_ENV} restart: always
- PHX_HOST_NAME=${PHX_HOST_NAME} image: "phxerp/phoenix-system:alpha"
- PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING} container_name: "phoenix-worker"
- PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD} ports:
- PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY} - "3001:3001" # Restrict to only allow access from Grafana Server IP
command: ['npm', 'run', 'start:worker'] logging:
# deploy: driver: "json-file"
# restart_policy: # Define how the service should restart when it fails options:
# condition: on-failure # Only restart if the container exits with a non-zero code max-size: "100m"
# delay: 5s # Wait 5 seconds before attempting to restart max-file: "5"
# max_attempts: 5 # Maximum number of restart attempts before giving up # logging:
# window: 120s # Time window to evaluate restart attempts (resets counter after this period) # driver: loki
# resources: # Resource allocation and limits for the container # options:
# limits: # Maximum resources the container can use # loki-url: "${LOKI_URL}"
# cpus: '2.0' # Maximum CPU cores (200% of one core) # loki-retries: "${LOKI_RETRIES}"
# memory: 2G # Maximum memory usage (2 gigabytes) # loki-batch-size: "${LOKI_BATCH_SIZE}"
# reservations: # Guaranteed minimum resources for the container # loki-external-labels: "service=phx-worker,env=prod"
# cpus: '0.5' # Reserved CPU cores (50% of one core) networks:
# memory: 512M # Reserved memory (512 megabytes) - backend
depends_on: environment:
phoenix-system: - "DB_HOST=${DB_HOST}"
condition: service_healthy - "DB_NAME=${DB_NAME}"
postgres: - "DB_PASSWORD=${POSTGRES_PASSWORD}"
condition: service_healthy - "DB_USERNAME=${DB_USERNAME}"
healthcheck: - "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
test: [ "CMD-SHELL", "curl -s http://phoenix-worker:3001/health | grep -q '\"status\":\"ok\"'" ] # Check if worker responds with status ok - REDIS_PASSWORD=${REDIS_PASSWORD}
interval: 10s # Time between each health check - NODE_ENV=${NODE_ENV}
timeout: 6s # Max time to wait for each check - PHX_HOST_NAME=${PHX_HOST_NAME}
retries: 20 # Grace period before health checks start - CREDENTIAL_ENCRYPTION_KEY=${CREDENTIAL_ENCRYPTION_KEY}
start_period: 30s # Grace period before health checks start - PERFORMANCE_STRUCTURED_LOGGING=${PERFORMANCE_STRUCTURED_LOGGING}
volumes: - PERFORMANCE_WARNING_THRESHOLD=${PERFORMANCE_WARNING_THRESHOLD}
- "./assets:/usr/src/app/packages/dev-server/assets" - PERFORMANCE_DETAILED_MEMORY=${PERFORMANCE_DETAILED_MEMORY}
command: ['npm', 'run', 'start:worker']
# - "./logs:/usr/src/app/packages/dev-server/logs" # deploy:
phoenix-redis: # restart_policy: # Define how the service should restart when it fails
image: 'bitnami/redis:latest' # condition: on-failure # Only restart if the container exits with a non-zero code
container_name: redis # delay: 5s # Wait 5 seconds before attempting to restart
command: /opt/bitnami/scripts/redis/run.sh # Not good, but as agreed. At some point i can start using this: --maxmemory + add eviction policy # max_attempts: 5 # Maximum number of restart attempts before giving up
user: root # window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# logging: # resources: # Resource allocation and limits for the container
# driver: loki # limits: # Maximum resources the container can use
# options: # cpus: '2.0' # Maximum CPU cores (200% of one core)
# loki-url: "${LOKI_URL}" # memory: 2G # Maximum memory usage (2 gigabytes)
# loki-retries: "${LOKI_RETRIES}" # reservations: # Guaranteed minimum resources for the container
# loki-batch-size: "${LOKI_BATCH_SIZE}" # cpus: '0.5' # Reserved CPU cores (50% of one core)
# loki-external-labels: "service=phx-redis,env=prod" # memory: 512M # Reserved memory (512 megabytes)
networks: depends_on:
- backend phoenix-system:
restart: always condition: service_healthy
environment: postgres:
ALLOW_EMPTY_PASSWORD: "no" condition: service_healthy
REDIS_PASSWORD: ${REDIS_PASSWORD} healthcheck:
# deploy: test: [ "CMD-SHELL", "curl -s http://phoenix-worker:3001/health | grep -q '\"status\":\"ok\"'" ] # Check if worker responds with status ok
# restart_policy: # Define how the service should restart when it fails interval: 10s # Time between each health check
# condition: on-failure # Only restart if the container exits with a non-zero code timeout: 6s # Max time to wait for each check
# delay: 5s # Wait 5 seconds before attempting to restart retries: 20 # Grace period before health checks start
# max_attempts: 5 # Maximum number of restart attempts before giving up start_period: 30s # Grace period before health checks start
# window: 120s # Time window to evaluate restart attempts (resets counter after this period) volumes:
# resources: # Resource allocation and limits for the container - "./assets:/usr/src/app/packages/dev-server/assets"
# limits: # Maximum resources the container can use - "./server_custom:/usr/src/app/packages/dev-server/custom"
# cpus: "0.25" # Maximum CPU cores (25% of one core) # - "./logs:/usr/src/app/packages/dev-server/logs"
# memory: 100M # Maximum memory usage (100 megabytes) phoenix-redis:
# reservations: # Guaranteed minimum resources for the container image: redis:7.2-alpine
# cpus: "0.05" # Reserved CPU cores (5% of one core) container_name: redis
# memory: 32M # Reserved memory (32 megabytes) logging:
depends_on: driver: "json-file"
postgres: options:
condition: service_healthy max-size: "100m"
volumes: max-file: "5"
- "./redis/data:/bitnami/redis/data" # logging:
# driver: loki
networks: # options:
backend: # loki-url: "${LOKI_URL}"
driver: bridge # loki-retries: "${LOKI_RETRIES}"
external: false # loki-batch-size: "${LOKI_BATCH_SIZE}"
ipam: # loki-external-labels: "service=phx-redis,env=prod"
config: networks:
- subnet: 172.19.0.0/16 - backend
restart: always
frontend: environment:
driver: bridge TZ: Europe/Berlin
external: false # deploy:
ipam: # restart_policy: # Define how the service should restart when it fails
config: # condition: on-failure # Only restart if the container exits with a non-zero code
- subnet: 172.20.0.0/16 # delay: 5s # Wait 5 seconds before attempting to restart
# max_attempts: 5 # Maximum number of restart attempts before giving up
# window: 120s # Time window to evaluate restart attempts (resets counter after this period)
# resources: # Resource allocation and limits for the container
# limits: # Maximum resources the container can use
# cpus: "0.25" # Maximum CPU cores (25% of one core)
# memory: 100M # Maximum memory usage (100 megabytes)
# reservations: # Guaranteed minimum resources for the container
# cpus: "0.05" # Reserved CPU cores (5% of one core)
# memory: 32M # Reserved memory (32 megabytes)
command: >
redis-server
--requirepass ${REDIS_PASSWORD}
healthcheck:
test: [
"CMD-SHELL",
"redis-cli -a ${REDIS_PASSWORD} ping | grep PONG && test -w /data"
]
interval: 5s
retries: 10
timeout: 5s
depends_on:
postgres:
condition: service_healthy
volumes:
- ./redis/data:/data
networks:
backend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.19.0.0/16
frontend:
driver: bridge
external: false
ipam:
config:
- subnet: 172.20.0.0/16

9
fail2ban/filter.d/nginx-4xx.conf
View File

@@ -1,6 +1,11 @@
[Definition] [Definition]
# Match either x_forwarded_for (preferred) or remote_addr
# ✅ Match any 4xx status (including 401, 499) for all paths
failregex = ^.*"x_forwarded_for":"<HOST>".*"status":4\d\d.*$ failregex = ^.*"x_forwarded_for":"<HOST>".*"status":4\d\d.*$
^.*"remote_addr":"<HOST>".*"status":4\d\d.*$ ^.*"remote_addr":"<HOST>".*"status":4\d\d.*$
ignoreregex = ^.*"request_uri":"\/(?:stub_status|health\/system|health\/worker|pgadmin4(?:\/|$)|\.well-known\/acme-challenge\/|.*\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))".*$ # ❌ Ignore:
# - ALL status codes under /pgadmin4 (including 401, 499, 404, etc.)
# - Static files and known safe URIs
ignoreregex = ^.*"request_uri":"\/pgadmin4(?:\/[^"]*)?".*$
^.*"request_uri":"\/(?:stub_status|health\/system|health\/worker|\.well-known\/acme-challenge\/[^"]*|[^"]*\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))".*$

2
fail2ban/jail.d/nginx-phoenix.local
View File

@@ -47,7 +47,7 @@ filter = nginx-4xx
logpath = /data/nginx-logs/access_json.log logpath = /data/nginx-logs/access_json.log
port = 80,443,3000 port = 80,443,3000
findtime = 5m findtime = 5m
maxretry = 20 maxretry = 50
bantime = 15m bantime = 15m
# ----------------------------- # -----------------------------

7
resources-limits.md
View File

@@ -1,7 +0,0 @@
## 📚 **References**
- **YouTrack Documentation:** [Docker Compose Resource Limits](https://phx-erp.youtrack.cloud/articles/INT-A-107/Docker-Compose-Resource-Limits) - Comprehensive resource allocation guide for Phoenix ERP stack
- **Docker Documentation:** [Resource constraints](https://docs.docker.com/config/containers/resource_constraints/)
- **Docker Compose:** [Deploy specification](https://docs.docker.com/compose/compose-file/deploy/)
_Last updated: 2025-07-16 (Comprehensive revision based on production docker-compose.yaml)_