yurilima/Phx-Yuri
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor Docker Compose for PostgreSQL and Redis services

Browse Source
This commit is contained in:
Yuri Matos de Lima
2025-02-17 09:09:51 +00:00
parent 56756d7c85
commit 709362b1c0
5 changed files with 91 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docker-compose.yaml
View File

@@ -16,6 +16,8 @@ services:
- "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}" - "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
volumes: volumes:
- "./database:/var/lib/postgresql/data" - "./database:/var/lib/postgresql/data"
- "./database/pg_hba.conf:/etc/postgresql/pg_hba.conf" # Correct location
command: ["postgres", "-c", "hba_file=/etc/postgresql/pg_hba.conf"] # ✅ Tell PostgreSQL where to find it
healthcheck: healthcheck:
test: test:
- CMD-SHELL - CMD-SHELL
@@ -128,8 +130,8 @@ services:
phoenix-redis: phoenix-redis:
image: 'bitnami/redis:latest' image: 'bitnami/redis:latest'
container_name: redis container_name: redis
command: /opt/bitnami/scripts/redis/run.sh --maxmemory 100mb command: /opt/bitnami/scripts/redis/run.sh --maxmemory 100mb --dir /bitnami/redis/data
user: root user: 1001:1001 # Non-root user in Bitnami images The /bitnami/redis/data directory inside the container is already owned by 1001, avoiding permission issues.
networks: networks:
- backend - backend
restart: always restart: always
@@ -139,13 +141,22 @@ services:
REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_PASSWORD: ${REDIS_PASSWORD}
healthcheck: healthcheck:
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ] test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
interval: 5s
retries: 10 # Increase retries if Redis takes a while to start
timeout: 5s # Increase timeout if needed
volumes: volumes:
- "./redis/data:/bitnami/redis/data" - "./redis/data:/bitnami/redis/data"
- /opt/phx/redis/tmp:/opt/bitnami/redis/tmp # ✅ Fix permission issue
- /opt/phx/redis/logs:/opt/bitnami/redis/logs # ✅ Fix logs permission issue
- ./redis.conf:/opt/bitnami/redis/etc/redis.conf # ✅ Use a writable redis.conf
depends_on:
postgres:
condition: service_healthy
node_exporter: node_exporter:
image: quay.io/prometheus/node-exporter:latest image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter container_name: node_exporter
network_mode: host networks:
pid: host - metrics
restart: unless-stopped restart: unless-stopped
ports: ports:
- "9100:9100" - "9100:9100"
@@ -162,7 +173,6 @@ services:
container_name: https_portal container_name: https_portal
image: "steveltn/https-portal:1.21" image: "steveltn/https-portal:1.21"
restart: unless-stopped restart: unless-stopped
user: "root"
networks: networks:
- frontend # [ PgAdmin, Phoenix-App ] - frontend # [ PgAdmin, Phoenix-App ]
- external # [ Outside of the World] - external # [ Outside of the World]
@@ -181,25 +191,50 @@ services:
volumes: volumes:
- ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs - ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
- ./https_portal/log:/var/log/nginx # nginx logs - ./https_portal/log:/var/log/nginx # nginx logs
- ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path
depends_on: depends_on:
- phoenix-app - phoenix-app
- phoenix-system - phoenix-system
- pgadmin - pgadmin
- phoenix-redis - phoenix-redis
- postgres - postgres
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
network_mode: 'host'
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ./fail2ban/data:/data
- ./fail2ban/jail.d:/etc/fail2ban/jail.d
- /var/log:/var/log:ro
restart: always
networks: networks:
backend: backend:
driver: bridge driver: bridge
external: false external: false
ipam:
config:
- subnet: 172.19.0.0/16
frontend: frontend:
driver: bridge driver: bridge
external: false external: false
ipam:
config:
- subnet: 172.20.0.0/16
external: external:
driver: bridge driver: bridge
external: true external: false
metrics:
driver: bridge
external: false
ipam:
config:
- subnet: 172.22.0.0/16
volumes: volumes:
pgadmin: null pgadmin: null

BIN
fail2ban/data/db/fail2ban.sqlite3 Normal file
View File

Binary file not shown.

41
https_portal/config/custom_nginx.conf Normal file
View File

@@ -0,0 +1,41 @@
# /https_portal/config/custom_nginx.conf
server {
listen 80;
server_name yuri.phx-erp.de;
# Rate limiting
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
# Global security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# Enable DDoS protection
client_body_timeout 10s;
client_header_timeout 10s;
keepalive_timeout 5s 5s;
send_timeout 10s;
# IP blocking for repeated failed attempts
geo $bad_user {
default 0;
include /etc/nginx/conf.d/blocked_ips.conf;
}
# Block suspicious requests
map $http_user_agent $bad_bot {
default 0;
~*(curl|wget|python|nikto|sqlmap) 1;
}
location / {
proxy_pass http://phoenix-app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

4
redis.conf Normal file
View File

@@ -0,0 +1,4 @@
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG ""

21
server_custom/config.ts
View File

@@ -9,8 +9,6 @@ import { EmailPlugin, FileBasedTemplateLoader, defaultEmailHandlers } from '@pho
import { BillBeePlugin } from "@phoenix/bill-bee-plugin"; import { BillBeePlugin } from "@phoenix/bill-bee-plugin";
import { ChannelPilotProPlugin } from "@phoenix/channel-pilot-pro-plugin"; import { ChannelPilotProPlugin } from "@phoenix/channel-pilot-pro-plugin";
import { ShopifyPlugin } from '@phoenix/shopify-plugin'; import { ShopifyPlugin } from '@phoenix/shopify-plugin';
//import { BonnAPIPlugin } from '../plugins/bonn-api-plugin/bonn-api-plugin.module';
// import { DefaultJobQueuePlugin } from '@phoenix/system_service';
/** /**
* Config settings used during development * Config settings used during development
@@ -89,7 +87,9 @@ export const customConfig: SystemConfig = {
port: 5002, port: 5002,
assetUrlPrefix: "\\remote-assets\\" // to make it relative for client assetUrlPrefix: "\\remote-assets\\" // to make it relative for client
}), }),
DefaultJobQueuePlugin.init({}), DefaultJobQueuePlugin.init({
useDatabaseForBuffer: true
}),
EmailPlugin.init({ EmailPlugin.init({
sendRealEmails: true, sendRealEmails: true,
route: 'mailbox', route: 'mailbox',
@@ -128,20 +128,7 @@ export const customConfig: SystemConfig = {
} }
}), }),
ShopifyPlugin.init({ ShopifyPlugin.init({
active: process.env.SHOPIFY_ACTIVE === 'true', active: process.env.SHOPIFY_ACTIVE === 'true'
connectionInfo: {
url: process.env.SHOPIFY_HOST_NAME,
apiKey: process.env.SHOPIFY_API_KEY,
apiSecretKey: process.env.SHOPIFY_API_SECRET,
token: process.env.SHOPIFY_TOKEN,
// scopes: process.env.SHOPIFY_SCOPES.split(','),
hostName: process.env.SHOPIFY_HOST_NAME,
hostScheme: process.env.SHOPIFY_HOST_SCHEME === 'https' ? 'https' : 'http',
isEmbeddedApp: process.env.SHOPIFY_IS_EMBEDDED_APP === 'true',
header: {
'X-Shopify-Access-Token': process.env.SHOPIFY_TOKEN,
}
}
}), }),
// DefaultStoragePlaceRankPlugin.init({}) // DefaultStoragePlaceRankPlugin.init({})
// new DefaultSearchPlugin(), // new DefaultSearchPlugin(),