-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.prod.yml
More file actions
147 lines (142 loc) · 3.48 KB
/
docker-compose.prod.yml
File metadata and controls
147 lines (142 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Auth Service - Production Docker Compose
# Usage: docker compose -f docker-compose.prod.yml up -d
services:
auth:
build:
context: ..
dockerfile: auth/Dockerfile
args:
- GO_VERSION=1.23
container_name: ${COMPOSE_PROJECT_NAME:-auth}-service
env_file:
- .env
environment:
# Override for container networking
POSTGRES_HOST: auth-postgres
REDIS_HOST: auth-redis
expose:
- "${SERVER_PORT:-9001}"
depends_on:
auth-postgres:
condition: service_healthy
auth-redis:
condition: service_healthy
networks:
- auth-internal
- minisource-network
restart: unless-stopped
deploy:
resources:
limits:
cpus: '1'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${SERVER_PORT:-9001}/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp
auth-postgres:
image: postgres:16-alpine
container_name: ${COMPOSE_PROJECT_NAME:-auth}-postgres
env_file:
- .env
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB:-auth_db}
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=en_US.utf8"
# No ports exposed - internal network only
expose:
- "5432"
volumes:
- auth-postgres-data:/var/lib/postgresql/data
- ./scripts/init-db.sql:/docker-entrypoint-initdb.d/init.sql:ro
networks:
- auth-internal
restart: unless-stopped
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 256M
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB:-auth_db}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
security_opt:
- no-new-privileges:true
auth-redis:
image: redis:7-alpine
container_name: ${COMPOSE_PROJECT_NAME:-auth}-redis
command: >
redis-server
--appendonly yes
--maxmemory 512mb
--maxmemory-policy allkeys-lru
--requirepass ${REDIS_PASSWORD}
# No ports exposed - internal network only
expose:
- "6379"
volumes:
- auth-redis-data:/data
networks:
- auth-internal
restart: unless-stopped
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
security_opt:
- no-new-privileges:true
volumes:
auth-postgres-data:
driver: local
auth-redis-data:
driver: local
networks:
# Internal network for service-to-database communication
auth-internal:
driver: bridge
internal: true
# External network for service-to-service communication
minisource-network:
external: true