Docker self-hosting improvements (#2177)

* shallow clone

* fix image tag locking example

* electric should use db url env var

* add htpasswd note

* use local driver with log rotation by default

* make worker urls more easily configurable

* configure dev otel endpoint via .env

* increase min recommended worker specs

* move worker url section

Author: nicktrn

docs/self-hosting/docker.mdx

@@ -49,8 +49,8 @@ This machine will host the webapp, postgres, redis, and related services.
 
 This machine will host the supervisor and all of the runs.
 
-- 2+ vCPU
-- 4+ GB RAM
+- 4+ vCPU
+- 8+ GB RAM
 
 How many workers and resources you need will depend on your workloads and concurrency requirements.
 
@@ -70,7 +70,7 @@ You may need to spin up multiple workers to handle peak concurrency. The good ne
 1. Clone the repository
 
 ```bash
-git clone https://github.com/triggerdotdev/trigger.dev
+git clone --depth=1 https://github.com/triggerdotdev/trigger.dev
 cd trigger.dev/hosting/docker
 ```
 
@@ -116,7 +116,7 @@ docker compose -f docker-compose.yml -f ../docker-compose.traefik.yml up -d
 1. Clone the repository
 
 ```bash
-git clone https://github.com/triggerdotdev/trigger.dev
+git clone --depth=1 https://github.com/triggerdotdev/trigger.dev
 cd trigger.dev/hosting/docker
 ```
 
@@ -212,6 +212,8 @@ The default settings for the registry are:
 
 You should change these before deploying to production, especially the password. You can find more information about how to do this in the official [registry docs](https://github.com/distribution/distribution/blob/735c161b53e7faf81a21ba94c55ac9edee081cd9/docs/deploying.md#native-basic-auth).
 
+**Note:** This will require modifying the default `.htpasswd` file located at `./hosting/docker/registry/auth.htpasswd` of the repo root.
+
 ### Logging in
 
 When self-hosting, builds run locally. You will have to login to the registry on every machine that runs the `deploy` command. You should only have to do this once:

hosting/docker/.env.example

@@ -18,6 +18,11 @@ MANAGED_WORKER_SECRET=447c29678f9eaf289e9c4b70d3dd8a7f
 # - See the docs for more information: https://trigger.dev/docs/self-hosting/docker
 # TRIGGER_WORKER_TOKEN=
 
+# Worker URLs
+# - In split setups, uncomment and set to the public URL of your webapp
+# TRIGGER_API_URL=https://trigger.example.com
+# OTEL_EXPORTER_OTLP_ENDPOINT=https://trigger.example.com/otel
+
 # Postgres
 # - Do NOT use these defaults in production
 # - Especially if you decide to expose the database to the internet
@@ -29,7 +34,7 @@ DIRECT_URL=postgresql://postgres:unsafe-postgres-pw@postgres:5432/main?schema=pu
 
 # Trigger image tag
 # - This is the version of the webapp and worker images to use, they should be locked to a specific version in production
-# - For example: TRIGGER_IMAGE_TAG=v4-beta.21
+# - For example: TRIGGER_IMAGE_TAG=v4.0.0-v4-beta.21
 TRIGGER_IMAGE_TAG=v4-beta
 
 # Webapp
@@ -38,6 +43,7 @@ TRIGGER_IMAGE_TAG=v4-beta
 APP_ORIGIN=http://localhost:8030
 LOGIN_ORIGIN=http://localhost:8030
 API_ORIGIN=http://localhost:8030
+DEV_OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:8030/otel
 # You may need to set this when testing locally or when using the combined setup
 # API_ORIGIN=http://webapp:3000
 
@@ -55,14 +61,14 @@ API_ORIGIN=http://localhost:8030
 # Docker Registry
 # - When testing locally, the default values should be fine
 # - When deploying to production, you will have to change these, especially the password and URL
-# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker
+# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker#registry-setup
 DOCKER_REGISTRY_URL=localhost:5000
 DOCKER_REGISTRY_USERNAME=registry-user
 DOCKER_REGISTRY_PASSWORD=very-secure-indeed
 
 # Object store
 # - You need to log into the Minio dashboard and create a bucket called "packets" 
-# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker
+# - See the docs for more information: https://trigger.dev/docs/self-hosting/docker#object-storage
 OBJECT_STORE_ACCESS_KEY_ID=admin
 OBJECT_STORE_SECRET_ACCESS_KEY=very-safe-password
 # You will have to uncomment and configure this for production
@@ -101,6 +107,13 @@ OBJECT_STORE_SECRET_ACCESS_KEY=very-safe-password
 # - Applies to all services, adjust as needed
 # RESTART_POLICY=unless-stopped
 
+# Docker logging
+# - See the official docs: https://docs.docker.com/engine/logging/configure/
+# LOGGING_DRIVER=local
+# LOGGING_MAX_SIZE=20m
+# LOGGING_MAX_FILES=5
+# LOGGING_COMPRESS=true
+
 # Traefik
 # - Reverse proxy settings only serve as an example and require further configuration
 # - See the partial overrides in docker-compose.traefik.yml for more details

hosting/docker/webapp/docker-compose.yml

@@ -1,9 +1,17 @@
 name: trigger
 
+x-logging: &logging-config
+  driver: ${LOGGING_DRIVER:-local}
+  options:
+    max-size: ${LOGGING_MAX_SIZE:-20m}
+    max-file: ${LOGGING_MAX_FILES:-5}
+    compress: ${LOGGING_COMPRESS:-true}
+
 services:
   webapp:
     image: ghcr.io/triggerdotdev/trigger.dev:${TRIGGER_IMAGE_TAG:-v4-beta}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     ports:
       - ${WEBAPP_PUBLISH_IP:-0.0.0.0}:8030:3000
     depends_on:
@@ -39,7 +47,7 @@ services:
       REDIS_PORT: 6379
       REDIS_TLS_DISABLED: true
       APP_LOG_LEVEL: info
-      DEV_OTEL_EXPORTER_OTLP_ENDPOINT: http://localhost:8030/otel
+      DEV_OTEL_EXPORTER_OTLP_ENDPOINT: ${DEV_OTEL_EXPORTER_OTLP_ENDPOINT:-http://localhost:8030/otel}
       DEPLOY_REGISTRY_HOST: ${DOCKER_REGISTRY_URL:-localhost:5000}
       OBJECT_STORE_BASE_URL: ${OBJECT_STORE_BASE_URL:-http://minio:9000}
       OBJECT_STORE_ACCESS_KEY_ID: ${OBJECT_STORE_ACCESS_KEY_ID}
@@ -61,6 +69,7 @@ services:
   postgres:
     image: postgres:${POSTGRES_IMAGE_TAG:-14}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     ports:
       - ${POSTGRES_PUBLISH_IP:-127.0.0.1}:5433:5432
     volumes:
@@ -84,6 +93,7 @@ services:
   redis:
     image: redis:${REDIS_IMAGE_TAG:-7}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     ports:
       - ${REDIS_PUBLISH_IP:-127.0.0.1}:6389:6379
     volumes:
@@ -100,12 +110,13 @@ services:
   electric:
     image: electricsql/electric:${ELECTRIC_IMAGE_TAG:-1.0.13}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     depends_on:
       - postgres
     networks:
       - webapp
     environment:
-      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/main?schema=public&sslmode=disable
+      DATABASE_URL: ${DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/main?schema=public&sslmode=disable}
       ELECTRIC_INSECURE: true
       ELECTRIC_USAGE_REPORTING: false
     healthcheck:
@@ -118,6 +129,7 @@ services:
   clickhouse:
     image: bitnami/clickhouse:${CLICKHOUSE_IMAGE_TAG:-latest}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     ports:
       - ${CLICKHOUSE_PUBLISH_IP:-127.0.0.1}:9090:9000
     environment:
@@ -138,6 +150,7 @@ services:
   registry:
     image: registry:${REGISTRY_IMAGE_TAG:-2}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     ports:
       - ${REGISTRY_PUBLISH_IP:-127.0.0.1}:5000:5000
     networks:
@@ -159,6 +172,7 @@ services:
   minio:
     image: minio/minio:${MINIO_IMAGE_TAG:-latest}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     ports:
       - ${MINIO_PUBLISH_IP:-127.0.0.1}:9000:9000
       - ${MINIO_PUBLISH_IP:-127.0.0.1}:9001:9001
@@ -190,4 +204,4 @@ networks:
   supervisor:
     name: supervisor
   webapp:
-    name: webapp
+    name: webapp

hosting/docker/worker/docker-compose.yml

@@ -1,9 +1,17 @@
 name: trigger
 
+x-logging: &logging-config
+  driver: ${LOGGING_DRIVER:-local}
+  options:
+    max-size: ${LOGGING_MAX_SIZE:-20m}
+    max-file: ${LOGGING_MAX_FILES:-5}
+    compress: ${LOGGING_COMPRESS:-true}
+
 services:
   supervisor:
     image: ghcr.io/triggerdotdev/supervisor:${TRIGGER_IMAGE_TAG:-v4-beta}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     depends_on:
       - docker-proxy
     networks:
@@ -22,10 +30,8 @@ services:
       # Use the bootstrap token created by the webapp
       TRIGGER_WORKER_TOKEN: file:///home/node/shared/worker_token
       MANAGED_WORKER_SECRET: ${MANAGED_WORKER_SECRET}
-      # Point this at the webapp in prod
-      TRIGGER_API_URL: http://webapp:3000
-      # Point this at the OTel collector or the webapp in prod
-      OTEL_EXPORTER_OTLP_ENDPOINT: http://webapp:3000/otel
+      TRIGGER_API_URL: ${TRIGGER_API_URL:-http://webapp:3000}
+      OTEL_EXPORTER_OTLP_ENDPOINT: ${OTEL_EXPORTER_OTLP_ENDPOINT:-http://webapp:3000/otel}
       TRIGGER_WORKLOAD_API_DOMAIN: supervisor
       TRIGGER_WORKLOAD_API_PORT_EXTERNAL: 8020
       # Optional settings
@@ -48,6 +54,7 @@ services:
   docker-proxy:
     image: tecnativa/docker-socket-proxy:${DOCKER_PROXY_IMAGE_TAG:-latest}
     restart: ${RESTART_POLICY:-unless-stopped}
+    logging: *logging-config
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     networks: