mirror of
https://github.com/encounter/decomp.me.git
synced 2026-03-30 11:06:27 -07:00
Mark Street
111 lines
2.7 KiB
YAML
111 lines
2.7 KiB
YAML
services:
|
|
backend:
|
|
build:
|
|
context: backend
|
|
target: prod
|
|
cap_drop:
|
|
- all
|
|
cap_add:
|
|
- setuid
|
|
- setgid
|
|
- setfcap
|
|
env_file:
|
|
- docker.prod.env
|
|
ports:
|
|
- "8000:8000"
|
|
restart: on-failure
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
- seccomp=unconfined
|
|
volumes:
|
|
# persist compilers + libraries
|
|
- ./backend/compilers:/backend/compilers
|
|
- ./backend/libraries:/backend/libraries
|
|
# static files for django /admin control panel
|
|
- ./backend/static:/backend/static
|
|
tmpfs:
|
|
# Use a separate tmpfs to prevent a rogue jailed process
|
|
# from filling /tmp on the parent container
|
|
- /sandbox/tmp:exec,uid=1000,gid=1000,size=64M,mode=0700
|
|
networks:
|
|
- decompme
|
|
# uncommment for local testing
|
|
# entrypoint: tail -f /dev/null
|
|
|
|
frontend:
|
|
build:
|
|
context: frontend
|
|
target: prod
|
|
env_file:
|
|
- docker.prod.env
|
|
ports:
|
|
- "8080:8080"
|
|
restart: on-failure
|
|
networks:
|
|
- decompme
|
|
|
|
nginx:
|
|
build:
|
|
context: nginx
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
restart: on-failure
|
|
volumes:
|
|
# repo files
|
|
- ./nginx/production.conf:/etc/nginx/conf.d/default.conf:ro
|
|
- ./frontend/down.html:/var/www/decomp.me/down.html:ro
|
|
# certbot
|
|
- ./certbot:/var/www/certbot
|
|
- ./letsencrypt:/etc/letsencrypt
|
|
# NOTE: /media is a "Project" feature, currently unused
|
|
- ./backend/media:/media
|
|
# static files for django /admin control panel
|
|
- ./backend/static:/var/www/decomp.me/static
|
|
# TODO: mount static + public files from frontend
|
|
# BOOTSTRAP: allow nginx to start before backend/frontend containers are up
|
|
#extra_hosts:
|
|
# - "backend=172.17.0.1" # docker0 bridge
|
|
# - "frontend=172.17.0.1" # docker0 bridge
|
|
networks:
|
|
- decompme
|
|
|
|
certbot:
|
|
image: certbot/certbot
|
|
volumes:
|
|
- ./certbot:/var/www/certbot
|
|
- ./letsencrypt:/etc/letsencrypt
|
|
entrypoint: "/bin/sh -c"
|
|
command: >
|
|
"trap exit TERM; while :; do sleep 12h & wait $${!}; certbot renew --webroot -w /var/www/certbot; done"
|
|
networks:
|
|
- decompme
|
|
|
|
postgres:
|
|
image: postgres:17
|
|
env_file:
|
|
- docker.prod.env
|
|
# ports:
|
|
# - "5432:5432"
|
|
restart: on-failure
|
|
volumes:
|
|
- ./postgres:/var/lib/postgresql/data
|
|
# BOOTSTRAP: for dumping/restoring db
|
|
- ./pgdump:/pgdump
|
|
networks:
|
|
- decompme
|
|
command: >
|
|
postgres
|
|
-c shared_buffers=8GB
|
|
-c work_mem=128MB
|
|
-c maintenance_work_mem=2GB
|
|
-c effective_cache_size=16GB
|
|
-c wal_buffers=32MB
|
|
-c checkpoint_completion_target=0.9
|
|
-c random_page_cost=1.1
|
|
-c effective_io_concurrency=300
|
|
|
|
networks:
|
|
decompme:
|
|
driver: bridge
|