nightlio/docker-compose.prod.yml at master · shirsakm/nightlio · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Production Docker Compose for Nightlio
# Use this for production deployments with better security and performance

services:
  api:
    image: ${API_IMAGE:-ghcr.io/shirsakm/nightlio-api:latest}
    container_name: nightlio-api-prod
    restart: unless-stopped
    environment:
      - RAILWAY_ENVIRONMENT=production
      - SECRET_KEY=${SECRET_KEY}
      - JWT_SECRET=${JWT_SECRET}
      - CORS_ORIGINS=https://yourdomain.com
      - ENABLE_GOOGLE_OAUTH=${ENABLE_GOOGLE_OAUTH:-0}
      - DEFAULT_SELF_HOST_ID=${DEFAULT_SELF_HOST_ID:-selfhost_default_user}
      - DATABASE_PATH=/app/data/nightlio.db
      - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID:-}
      - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:-}
      - GOOGLE_CALLBACK_URL=${GOOGLE_CALLBACK_URL:-}
      - PORT=5000
    volumes:
      - nightlio_data:/app/data
    networks:
      - nightlio-network
    # Only expose to internal network in production
    expose:
      - "5000"
    healthcheck:
      test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:5000/api/')"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    deploy:
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M

  frontend:
    image: ${WEB_IMAGE:-ghcr.io/shirsakm/nightlio-frontend:latest}
    container_name: nightlio-frontend-prod
    restart: unless-stopped
    # Only expose to internal network in production
    expose:
      - "80"
    depends_on:
      api:
        condition: service_healthy
    networks:
      - nightlio-network
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/"]
      interval: 30s
      timeout: 3s
      retries: 3
    deploy:
      resources:
        limits:
          memory: 128M
        reservations:
          memory: 64M

  # Reverse proxy for production
  nginx:
    image: nginx:alpine
    container_name: nightlio-nginx-prod
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx-prod.conf:/etc/nginx/conf.d/default.conf:ro
      - ./ssl:/etc/nginx/ssl:ro  # Mount SSL certificates here
    depends_on:
      - frontend
      - api
    networks:
      - nightlio-network
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/"]
      interval: 30s
      timeout: 3s
      retries: 3

networks:
  nightlio-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  nightlio_data:
    driver: local