git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-04-24 13:54:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1fbf1a55b3cc0c19d5bfa6d040eb860fd372d942
metabuilder/frontends/workflowui/docker-compose.prod.yml
johndoe6345789 862cc29457 various changes
2026-03-09 22:30:41 +00:00

163 lines
3.6 KiB
YAML
Raw Blame History

# Production-grade Docker Compose configuration
# Usage: docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
version: '3.8'
services:
workflowui:
# Image from container registry
image: ghcr.io/yourusername/metabuilder/workflowui:latest
# Resource limits
mem_limit: 2g
memswap_limit: 4g
cpus: '2.0'
# Restart policy
restart: always
# Enhanced health check
healthcheck:
test: ["CMD", "sh", "-c", "wget --quiet --tries=1 --spider http://localhost:3000/api/health && wget --quiet --tries=1 --spider http://localhost:5000/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
# Logging
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "service=workflowui"
# Security options
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
# Read-only root filesystem (for base OS)
read_only: false # Set to true after testing - backend needs write access to /app/data and /app/logs
# User context
user: "1000:1000" # Non-root user (if configured in Dockerfile)
# Environment
environment:
- NODE_ENV=production
- FLASK_ENV=production
- NEXTAUTH_URL=https://workflowui.example.com
- NEXTAUTH_SECRET_FILE=/run/secrets/nextauth_secret
- DATABASE_URL=/app/data/workflows.db
# Secrets (use Docker Secrets in Swarm mode)
secrets:
- nextauth_secret
# Volumes with read-only options where possible
volumes:
- workflowui-data:/app/data
- workflowui-logs:/app/logs
# Network
networks:
- metabuilder-network
# Labels for monitoring/orchestration
labels:
app: "workflowui"
version: "1.0"
environment: "production"
monitoring: "true"
smtp-relay:
# Use stable tag for production
image: ghcr.io/yourusername/metabuilder/smtp-relay:latest
# Resource limits
mem_limit: 512m
memswap_limit: 1g
cpus: '0.5'
# Restart policy
restart: always
# Health check
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 20s
# Logging
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "2"
labels: "service=smtp-relay"
# Security options
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
# Environment
environment:
- SMTP_LISTEN_HOST=0.0.0.0
- SMTP_LISTEN_PORT=2525
- HTTP_LISTEN_HOST=127.0.0.1 # Only expose to localhost in production
- HTTP_LISTEN_PORT=8080
- GMAIL_USERNAME=${GMAIL_USERNAME}
- GMAIL_APP_PASSWORD=${GMAIL_APP_PASSWORD}
- FORWARD_TO=${FORWARD_TO}
- ALLOW_ANY_RCPT=false
- ADD_X_HEADERS=true
- MAX_STORE=1000
# Network
networks:
- metabuilder-network
# Labels
labels:
app: "smtp-relay"
version: "1.0"
environment: "production"
volumes:
workflowui-data:
driver: local
driver_opts:
type: tmpfs # Use local storage
o: size=1gb
labels:
backup: "daily"
retention: "30d"
workflowui-logs:
driver: local
driver_opts:
type: tmpfs
o: size=500m
networks:
metabuilder-network:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1500
labels:
environment: "production"
secrets:
nextauth_secret:
external: true # Created separately: echo "your-secret" | docker secret create nextauth_secret -
Reference in New Issue View Git Blame Copy Permalink