116 lines
3.7 KiB
YAML
116 lines
3.7 KiB
YAML
# Secure Portal - Production Docker Compose
|
|
# Pull with: docker compose pull
|
|
# Start with: docker compose up -d
|
|
|
|
services:
|
|
# PostgreSQL Database
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
container_name: secure-portal-db
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_USER: ${POSTGRES_USER}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
POSTGRES_DB: ${POSTGRES_DB}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
# Redis Cache
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: secure-portal-redis
|
|
restart: unless-stopped
|
|
command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD}
|
|
volumes:
|
|
- redis_data:/data
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 5
|
|
|
|
# Backend API
|
|
backend:
|
|
image: git.unixweb.net/unixweb/secure-portal-backend:latest
|
|
container_name: secure-portal-backend
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
environment:
|
|
NODE_ENV: production
|
|
PORT: 3000
|
|
HOST: 0.0.0.0
|
|
DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?schema=public
|
|
REDIS_HOST: redis
|
|
REDIS_PORT: 6379
|
|
REDIS_PASSWORD: ${REDIS_PASSWORD}
|
|
JWT_ACCESS_SECRET: ${JWT_ACCESS_SECRET}
|
|
JWT_REFRESH_SECRET: ${JWT_REFRESH_SECRET}
|
|
PASSWORD_RESET_URL: ${PASSWORD_RESET_URL}
|
|
MAIL_PROVIDER: ${MAIL_PROVIDER:-brevo}
|
|
MAIL_FROM_EMAIL: ${MAIL_FROM_EMAIL}
|
|
MAIL_FROM_NAME: ${MAIL_FROM_NAME:-Secure Portal}
|
|
BREVO_API_KEY: ${BREVO_API_KEY}
|
|
ENCRYPTION_KEY: ${ENCRYPTION_KEY}
|
|
CORS_ORIGIN: ${CORS_ORIGIN}
|
|
FRONTEND_URL: ${FRONTEND_URL}
|
|
SMTP_HOST: ${SMTP_HOST}
|
|
SMTP_PORT: ${SMTP_PORT:-587}
|
|
SMTP_USER: ${SMTP_USER}
|
|
SMTP_PASSWORD: ${SMTP_PASSWORD}
|
|
SMTP_SECURE: ${SMTP_SECURE:-false}
|
|
LICENSE_SERVER_URL: ${LICENSE_SERVER_URL}
|
|
LICENSE_KEY: ${LICENSE_KEY}
|
|
ENABLE_REGISTER: ${ENABLE_REGISTER:-false}
|
|
CLAMAV_HOST: clamav
|
|
CLAMAV_PORT: 3310
|
|
CLAMAV_ENABLED: ${CLAMAV_ENABLED:-true}
|
|
UPLOAD_DIR: /app/uploads
|
|
volumes:
|
|
- backend_logs:/app/logs
|
|
- uploads_data:/app/uploads
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
command: sh -c "npx prisma migrate deploy && node dist/server.js"
|
|
|
|
# Frontend (Nginx)
|
|
frontend:
|
|
image: git.unixweb.net/unixweb/secure-portal-frontend:latest
|
|
container_name: secure-portal-frontend
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
environment:
|
|
VITE_API_URL: ${VITE_API_URL}
|
|
depends_on:
|
|
- backend
|
|
|
|
# ClamAV Virus Scanner
|
|
clamav:
|
|
image: clamav/clamav:latest
|
|
container_name: secure-portal-clamav
|
|
restart: unless-stopped
|
|
volumes:
|
|
- clamav_data:/var/lib/clamav
|
|
healthcheck:
|
|
test: ["CMD", "/usr/local/bin/clamdcheck.sh"]
|
|
interval: 60s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 120s
|
|
|
|
volumes:
|
|
postgres_data:
|
|
redis_data:
|
|
uploads_data:
|
|
clamav_data:
|
|
backend_logs:
|