241 lines
7.7 KiB
YAML
241 lines
7.7 KiB
YAML
---
|
|
|
|
services:
|
|
postgres:
|
|
restart: always
|
|
image: "postgres:15.6-alpine"
|
|
container_name: phoenixDB
|
|
networks:
|
|
- backend
|
|
ports:
|
|
- "5432:5432"
|
|
environment:
|
|
- PGUSER=postgres
|
|
- DEBUG=false
|
|
- POSTGRES_DB=phoenix
|
|
- "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
|
|
volumes:
|
|
- "./database:/var/lib/postgresql/data"
|
|
- "./database/pg_hba.conf:/etc/postgresql/pg_hba.conf" # Correct location
|
|
command: ["postgres", "-c", "hba_file=/etc/postgresql/pg_hba.conf"] # ✅ Tell PostgreSQL where to find it
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- pg_isready -U postgres
|
|
interval: 5s
|
|
timeout: 2s
|
|
retries: 5
|
|
pgadmin:
|
|
image: dpage/pgadmin4
|
|
container_name: pgadmin_container
|
|
networks:
|
|
- backend
|
|
- frontend
|
|
environment:
|
|
PGADMIN_DEFAULT_EMAIL: "pgadmin4@pgadmin.org"
|
|
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
|
|
PGADMIN_CONFIG_SERVER_MODE: 'False'
|
|
ports:
|
|
- "${PGADMIN_PORT:-5050}:80"
|
|
volumes:
|
|
- "pgadmin:/var/lib/pgadmin"
|
|
phoenix-app:
|
|
restart: always
|
|
image: "yurimatoslima/phoenix-frontend:alpha"
|
|
container_name: phoenixApp
|
|
volumes:
|
|
- "./app_custom:/usr/share/nginx/html/assets/custom"
|
|
networks:
|
|
- backend # primary network [external]
|
|
- frontend # internal network
|
|
depends_on:
|
|
- phoenix-system
|
|
phoenix-system:
|
|
restart: always
|
|
image: "yurimatoslima/phoenix-backend:alpha"
|
|
environment:
|
|
- "DB_HOST=phoenixDB"
|
|
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
|
|
- "DB_USERNAME=postgres"
|
|
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
|
|
- "REDIS_PASSWORD=${REDIS_PASSWORD}"
|
|
- RUN_JOB_QUEUE=${RUN_JOB_QUEUE}
|
|
- SMTP_FROM=${SMTP_FROM}
|
|
- SMTP_TYPE=${SMTP_TYPE}
|
|
- SMTP_NAME=${SMTP_NAME}
|
|
- SMTP_HOST=${SMTP_HOST}
|
|
- SMTP_PORT=${SMTP_PORT}
|
|
- SMTP_SECURE=${SMTP_SECURE}
|
|
- SMTP_USER=${SMTP_USER}
|
|
- SMTP_PASS=${SMTP_PASS}
|
|
- SMTP_LOGGING=${SMTP_LOGGING}
|
|
- SMTP_DEBUG=${SMTP_DEBUG}
|
|
- SMTP_TLS_REJECT_UNAUTHORIZED=${SMTP_TLS_REJECT_UNAUTHORIZED}
|
|
- SMTP_SECURE_CONNECTION=${SMTP_SECURE_CONNECTION}
|
|
- ENV_MODE=${ENV_MODE}
|
|
- NODE_ENV=${NODE_ENV}
|
|
- SMTP_TLS_CIPHERS={SMTP_TLS_CIPHERS}
|
|
- BILL_BEE_ACTIVE=${BILL_BEE_ACTIVE}
|
|
- BILL_BEE_API_KEY=${BILL_BEE_API_KEY}
|
|
- BILL_BEE_API_USERNAME=${BILL_BEE_API_USERNAME}
|
|
- BILL_BEE_API_SECRET=${BILL_BEE_API_SECRET}
|
|
- BILL_BEE_API_URL=${BILL_BEE_API_URL}
|
|
- CHANNEL_PILOT_PRO_ACTIVE=${CHANNEL_PILOT_PRO_ACTIVE}
|
|
- CHANNEL_PILOT_PRO_URL=${CHANNEL_PILOT_PRO_URL}
|
|
- CHANNEL_PILOT_PRO_API_MERCHANT_ID=${CHANNEL_PILOT_PRO_API_MERCHANT_ID}
|
|
- CHANNEL_PILOT_PRO_API_TOKEN=${CHANNEL_PILOT_PRO_API_TOKEN}
|
|
- CHANNEL_PILOT_PRO_ACCESS_TOKEN=${CHANNEL_PILOT_PRO_ACCESS_TOKEN}
|
|
- CHANNEL_PILOT_PRO_EXPIRED_AT=${CHANNEL_PILOT_PRO_EXPIRED_AT}
|
|
- SHOPIFY_ACTIVE=${SHOPIFY_ACTIVE}
|
|
- SHOPIFY_HOST_NAME=${SHOPIFY_HOST_NAME}
|
|
- SHOPIFY_API_KEY=${SHOPIFY_API_KEY}
|
|
- SHOPIFY_API_SECRET=${SHOPIFY_API_SECRET}
|
|
- SHOPIFY_HOST_SCHEME=${SHOPIFY_HOST_SCHEME}
|
|
- SHOPIFY_IS_EMBEDDED_APP=${SHOPIFY_IS_EMBEDDED_APP}
|
|
|
|
command: ["npm", "run", "start:server"]
|
|
deploy:
|
|
replicas: 1 #change here if u want to have more replicas. Cant find a way to set via variable right now
|
|
networks:
|
|
- backend
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
phoenix-redis:
|
|
condition: service_healthy
|
|
volumes:
|
|
- "./logs:/usr/src/app/packages/dev-server/logs"
|
|
- "./assets:/usr/src/app/packages/dev-server/assets"
|
|
- "./server_custom:/usr/src/app/packages/dev-server/custom"
|
|
phoenix-worker:
|
|
restart: always
|
|
image: "yurimatoslima/phoenix-backend:alpha"
|
|
networks:
|
|
- backend
|
|
environment:
|
|
- DB_HOST=phoenixDB
|
|
- "DB_PASSWORD=${POSTGRES_PASSWORD}"
|
|
- DB_USERNAME=postgres
|
|
- "SUPER_ADMIN_USER_PASSWORD=${SUPER_ADMIN_USER_PASSWORD}"
|
|
- REDIS_PASSWORD=${REDIS_PASSWORD}
|
|
# command: ["npm", "run", "start:worker"]
|
|
entrypoint: ./entrypoint-phoenix-worker.sh
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
volumes:
|
|
- "./assets:/usr/src/app/packages/dev-server/assets"
|
|
- "./server_custom:/usr/src/app/packages/dev-server/custom"
|
|
- "./logs:/usr/src/app/packages/dev-server/logs"
|
|
phoenix-redis:
|
|
image: 'bitnami/redis:latest'
|
|
container_name: redis
|
|
command: /opt/bitnami/scripts/redis/run.sh --maxmemory 100mb --dir /bitnami/redis/data
|
|
user: 1001:1001 # Non-root user in Bitnami images The /bitnami/redis/data directory inside the container is already owned by 1001, avoiding permission issues.
|
|
networks:
|
|
- backend
|
|
restart: always
|
|
environment:
|
|
ALLOW_EMPTY_PASSWORD: "no"
|
|
REDIS_DISABLE_COMMANDS: FLUSHDB,FLUSHALL,CONFIG
|
|
REDIS_PASSWORD: ${REDIS_PASSWORD}
|
|
healthcheck:
|
|
test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
|
|
interval: 5s
|
|
retries: 10 # Increase retries if Redis takes a while to start
|
|
timeout: 5s # Increase timeout if needed
|
|
volumes:
|
|
- "./redis/data:/bitnami/redis/data"
|
|
- /opt/phx/redis/tmp:/opt/bitnami/redis/tmp # ✅ Fix permission issue
|
|
- /opt/phx/redis/logs:/opt/bitnami/redis/logs # ✅ Fix logs permission issue
|
|
- ./redis.conf:/opt/bitnami/redis/etc/redis.conf # ✅ Use a writable redis.conf
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
node_exporter:
|
|
image: quay.io/prometheus/node-exporter:latest
|
|
container_name: node_exporter
|
|
networks:
|
|
- metrics
|
|
restart: unless-stopped
|
|
ports:
|
|
- "9100:9100"
|
|
command:
|
|
- "--path.procfs=/host/proc"
|
|
- "--path.sysfs=/host/sys"
|
|
- "--path.rootfs=/host"
|
|
- "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev)($$|/)"
|
|
volumes:
|
|
- "/proc:/host/proc:ro"
|
|
- "/sys:/host/sys:ro"
|
|
- "/:/host:ro,rslave"
|
|
https_portal:
|
|
container_name: https_portal
|
|
image: "steveltn/https-portal:1.21"
|
|
restart: unless-stopped
|
|
networks:
|
|
- frontend # [ PgAdmin, Phoenix-App ]
|
|
- external # [ Outside of the World]
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# - host:container
|
|
environment:
|
|
STAGE: "production" # Use Let's Encrypt production server
|
|
WEBSOCKET: "true" # Enable websocket support
|
|
DEBUG: "true"
|
|
RENEW_MARGIN_DAYS: 30
|
|
CLIENT_MAX_BODY_SIZE: 0
|
|
# FORCE_RENEW: 'true'
|
|
DOMAINS: 'yuri.phx-erp.de -> phoenix-app'
|
|
volumes:
|
|
- ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
|
|
- ./https_portal/log:/var/log/nginx # nginx logs
|
|
- ./https_portal/config/custom_nginx.conf:/opt/custom_nginx.conf:ro # ✅ Mount file in a safe path
|
|
depends_on:
|
|
- phoenix-app
|
|
- phoenix-system
|
|
- pgadmin
|
|
- phoenix-redis
|
|
- postgres
|
|
fail2ban:
|
|
image: crazymax/fail2ban:latest
|
|
container_name: fail2ban
|
|
network_mode: 'host'
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
volumes:
|
|
- ./fail2ban/data:/data
|
|
- ./fail2ban/jail.d:/etc/fail2ban/jail.d
|
|
- /var/log:/var/log:ro
|
|
restart: always
|
|
networks:
|
|
backend:
|
|
driver: bridge
|
|
external: false
|
|
ipam:
|
|
config:
|
|
- subnet: 172.19.0.0/16
|
|
|
|
frontend:
|
|
driver: bridge
|
|
external: false
|
|
ipam:
|
|
config:
|
|
- subnet: 172.20.0.0/16
|
|
|
|
external:
|
|
driver: bridge
|
|
external: false
|
|
|
|
metrics:
|
|
driver: bridge
|
|
external: false
|
|
ipam:
|
|
config:
|
|
- subnet: 172.22.0.0/16
|
|
|
|
volumes:
|
|
pgadmin: null
|