-
-
Notifications
You must be signed in to change notification settings - Fork 18
/
docker-compose-prod.yml
85 lines (74 loc) · 2.37 KB
/
docker-compose-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
services:
web:
image: nginx
container_name: th_web
restart: always
depends_on:
- app
ports:
- "80:80"
- "443:443"
volumes:
- ./docker/letsencrypt:/etc/letsencrypt:Z
- ./docker/nginx-conf/nginx.conf:/etc/nginx/nginx.conf:Z
- ./docker/nginx-conf/server-common.conf:/etc/nginx/server-common.conf:Z
- ./docker/nginx-html:/opt/nginx-html:Z
- rails-static:/opt/rails-static
app:
image: sbaird/tiddlyhost:latest
container_name: th_app
restart: always
depends_on:
- db
- cache
volumes:
- ./docker/log:/var/log/app:Z
- ./docker/secrets/master.key:/opt/app/config/master.key:Z,ro
- ./docker/secrets/credentials.yml.enc:/opt/app/config/credentials.yml.enc:Z,ro
- ./docker/config/settings_local.yml:/opt/app/config/settings_local.yml:Z,ro
- ./docker/config/prerelease.html:/opt/app/tw_content/empties/prerelease.html:Z
- rails-static:/opt/app/public
security_opt:
# Todo: Figure out what syscalls chrome sandbox really needs
# and use an appropriate policy
- "seccomp:unconfined"
build:
context: .
dockerfile: docker/Dockerfile.prod
jobs:
image: sbaird/tiddlyhost:latest
container_name: th_jobs
restart: always
depends_on:
- db
- cache
volumes:
- ./docker/log:/var/log/app:Z
- ./docker/secrets/master.key:/opt/app/config/master.key:Z,ro
- ./docker/secrets/credentials.yml.enc:/opt/app/config/credentials.yml.enc:Z,ro
- ./docker/config/settings_local.yml:/opt/app/config/settings_local.yml:Z,ro
command: /bin/start-delayed-job.sh
security_opt:
# Todo: Figure out what syscalls chrome sandbox really needs
# and use an appropriate policy
- "seccomp:unconfined"
cache:
image: memcached
container_name: th_cache
command: memcached -I 8M
db:
image: postgres:16
container_name: th_db
restart: always
environment:
# Relevant only when the container finds no existing database.
# If you are initializing a new db then change the password
# after the db is created, or modify this temporarily before
# starting it for the first time.
POSTGRES_PASSWORD: postgres
volumes:
- ./docker/postgresql-data/data16:/var/lib/postgresql/data:Z
volumes:
# Share rails public with nginx so it can serve static files directly
rails-static:
name: th_rails_static