-
-
Notifications
You must be signed in to change notification settings - Fork 29
Expand file tree
/
Copy pathdocker-compose.prod.yml
More file actions
189 lines (182 loc) · 5.56 KB
/
docker-compose.prod.yml
File metadata and controls
189 lines (182 loc) · 5.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# Production Docker Compose for Raspberry Pi (ARM64)
# Production Docker Compose
services:
# PostgreSQL Database
postgres:
image: postgres:15-alpine
container_name: wardrobe_postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-wardrobe}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env}
POSTGRES_DB: ${POSTGRES_DB:-wardrobe}
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-wardrobe}"]
interval: 10s
timeout: 5s
retries: 5
networks:
- wardrobe_net
# Redis for job queue
redis:
image: redis:7-alpine
container_name: wardrobe_redis
restart: unless-stopped
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
networks:
- wardrobe_net
# FastAPI Backend
backend:
build:
context: ./backend
dockerfile: Dockerfile
container_name: wardrobe_backend
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
- "${OIDC_HOST:-localhost}:${OIDC_HOST_IP:-127.0.0.1}"
environment:
DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-wardrobe}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-wardrobe}
REDIS_URL: redis://redis:6379
STORAGE_PATH: /data/uploads
AI_BASE_URL: ${AI_BASE_URL:-http://host.docker.internal:4141/v1}
AI_VISION_MODEL: ${AI_VISION_MODEL:-gpt-4o}
AI_TEXT_MODEL: ${AI_TEXT_MODEL:-gpt-4o}
AI_TIMEOUT: ${AI_TIMEOUT:-120}
AI_MAX_RETRIES: ${AI_MAX_RETRIES:-3}
LOG_LEVEL: ${LOG_LEVEL:-INFO}
SECRET_KEY: ${SECRET_KEY:?Set SECRET_KEY in .env}
# OIDC (set these if using OIDC instead of forward auth)
OIDC_ISSUER_URL: ${OIDC_ISSUER_URL:-}
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-}
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-}
# Auth header from TinyAuth
AUTH_TRUST_HEADER: ${AUTH_TRUST_HEADER:-true}
AUTH_HEADER_NAME: "Remote-User"
# Notifications (default ntfy for form pre-fill)
NTFY_SERVER: ${NTFY_SERVER:-}
NTFY_TOPIC: ${NTFY_TOPIC:-}
NTFY_TOKEN: ${NTFY_TOKEN:-}
APP_URL: ${APP_URL:-https://localhost:3000}
OIDC_SKIP_SSL_VERIFY: ${OIDC_SKIP_SSL_VERIFY:-false}
volumes:
- uploads_data:/data/uploads
dns:
- ${LOCAL_DNS:-8.8.8.8}
- 8.8.8.8
- 1.1.1.1
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3
networks:
- wardrobe_net
# arq Worker for background jobs
worker:
build:
context: ./backend
dockerfile: Dockerfile
container_name: wardrobe_worker
restart: unless-stopped
command: arq app.workers.worker.WorkerSettings
extra_hosts:
- "host.docker.internal:host-gateway"
environment:
DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-wardrobe}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-wardrobe}
REDIS_URL: redis://redis:6379
STORAGE_PATH: /data/uploads
AI_BASE_URL: ${AI_BASE_URL:-http://host.docker.internal:4141/v1}
AI_VISION_MODEL: ${AI_VISION_MODEL:-gpt-4o}
AI_TEXT_MODEL: ${AI_TEXT_MODEL:-gpt-4o}
AI_TIMEOUT: ${AI_TIMEOUT:-120}
AI_MAX_RETRIES: ${AI_MAX_RETRIES:-3}
LOG_LEVEL: ${LOG_LEVEL:-INFO}
# Notifications
NTFY_SERVER: ${NTFY_SERVER:-}
NTFY_TOPIC: ${NTFY_TOPIC:-}
NTFY_TOKEN: ${NTFY_TOKEN:-}
APP_URL: ${APP_URL:-https://localhost:3000}
volumes:
- uploads_data:/data/uploads
dns:
- ${LOCAL_DNS:-8.8.8.8}
- 8.8.8.8
- 1.1.1.1
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- wardrobe_net
# Next.js Frontend
frontend:
build:
context: ./frontend
dockerfile: Dockerfile
args:
NEXT_PUBLIC_API_URL: ""
container_name: wardrobe_frontend
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
- "${OIDC_HOST:-localhost}:${OIDC_HOST_IP:-127.0.0.1}"
dns:
- ${LOCAL_DNS:-8.8.8.8}
environment:
NEXTAUTH_URL: ${NEXTAUTH_URL:-https://localhost:3000}
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:?Set NEXTAUTH_SECRET in .env}
NEXT_PUBLIC_API_URL: ""
# OIDC
OIDC_ISSUER_URL: ${OIDC_ISSUER_URL:-}
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-}
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-}
OIDC_END_SESSION_URL: ${OIDC_END_SESSION_URL:-}
# Trust self-signed certs for internal OIDC provider
NODE_TLS_REJECT_UNAUTHORIZED: "0"
depends_on:
- backend
healthcheck:
test: ["CMD", "node", "-e", "fetch('http://localhost:3000').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"]
interval: 30s
timeout: 10s
retries: 3
networks:
- wardrobe_net
# Nginx reverse proxy (internal routing)
# Auth is handled by external proxy (TinyAuth/Authentik/OIDC)
nginx:
image: nginx:alpine
container_name: wardrobe_nginx
restart: unless-stopped
ports:
- "127.0.0.1:8080:80"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
depends_on:
- frontend
- backend
networks:
- wardrobe_net
volumes:
postgres_data:
redis_data:
uploads_data:
networks:
wardrobe_net:
driver: bridge