markdown-ticket/docker-compose.prod.yml at main · andkirby/markdown-ticket · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Production environment overrides for docker-compose.yml
# Includes resource limits, production builds, and security hardening
#
# Usage:
#   docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d

services:
  frontend:
    build:
      target: production # Use production stage from Dockerfile
    environment:
      - NODE_ENV=production
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M
    # Production logging
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: '3'

  backend:
    build:
      target: production # Use production stage from Dockerfile
    volumes: []
    # Mount specific projects (add to array above)
    # - /path/to/projects/project-a:/projects/project-a
    # - /path/to/projects/project-b:/projects/project-b
    environment:
      - NODE_ENV=production
      - CHOKIDAR_USEPOLLING=true
      - PORT=3001
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M
    # Production logging
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: '3'

  mcp:
    build:
      target: production # Use production stage from Dockerfile
    environment:
      # Core MCP Configuration
      - NODE_ENV=production
      - MCP_HTTP_ENABLED=true
      - MCP_HTTP_PORT=3002
      - MCP_BIND_ADDRESS=0.0.0.0
      - LOG_LEVEL=info

      # Cache Configuration
      - MCP_CACHE_TIMEOUT=300

      # Phase 2 Security (enable as needed)
      # - MCP_SECURITY_ORIGIN_VALIDATION=true
      # - MCP_ALLOWED_ORIGINS=https://yourdomain.com
      # - MCP_SECURITY_RATE_LIMITING=true
      # - MCP_RATE_LIMIT_MAX=100
      # - MCP_RATE_LIMIT_WINDOW_MS=60000
      # - MCP_SECURITY_AUTH=true
      # - MCP_AUTH_TOKEN=${MCP_AUTH_TOKEN}  # Set in .env file
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M
    # Production logging
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: '3'

# Production Tips:
# 1. Use .env file for production secrets:
#    - MCP_AUTH_TOKEN=your-secret-token
#    - Database credentials (if applicable)
#
# 3. Enable Phase 2 security features as needed
#
# 4. Monitor resource usage and adjust limits accordingly
#
# 5. Set up log rotation and monitoring for production deployments
#
# 6. Consider adding Nginx reverse proxy for SSL termination:
#    - Single entry point (port 443)
#    - SSL/TLS certificates
#    - Load balancing (if scaling)