222 lines
6.8 KiB
YAML
222 lines
6.8 KiB
YAML
services:
|
|
# Sibedas Application Container (Internal)
|
|
app:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
target: production
|
|
container_name: sibedas_app
|
|
restart: unless-stopped
|
|
environment:
|
|
APP_ENV: ${APP_ENV:-production}
|
|
APP_DEBUG: ${APP_DEBUG:-false}
|
|
APP_KEY: ${APP_KEY}
|
|
APP_URL: ${APP_URL:-https://sibedas.yourdomain.com}
|
|
VITE_APP_URL: ${VITE_APP_URL:-https://sibedas.yourdomain.com}
|
|
|
|
# Database Configuration
|
|
DB_CONNECTION: ${DB_CONNECTION:-mariadb}
|
|
DB_HOST: db
|
|
DB_PORT: 3306
|
|
DB_DATABASE: ${DB_DATABASE:-sibedas}
|
|
DB_USERNAME: ${DB_USERNAME:-sibedas_user}
|
|
DB_PASSWORD: ${DB_PASSWORD}
|
|
|
|
# Cache Configuration (using database)
|
|
CACHE_DRIVER: ${CACHE_DRIVER:-database}
|
|
|
|
# Session Configuration (using database)
|
|
SESSION_DRIVER: ${SESSION_DRIVER:-database}
|
|
SESSION_LIFETIME: ${SESSION_LIFETIME:-120}
|
|
|
|
# Queue Configuration (using database)
|
|
QUEUE_CONNECTION: ${QUEUE_CONNECTION:-database}
|
|
|
|
# Mail Configuration
|
|
MAIL_MAILER: ${MAIL_MAILER:-smtp}
|
|
MAIL_HOST: ${MAIL_HOST}
|
|
MAIL_PORT: ${MAIL_PORT:-587}
|
|
MAIL_USERNAME: ${MAIL_USERNAME}
|
|
MAIL_PASSWORD: ${MAIL_PASSWORD}
|
|
MAIL_ENCRYPTION: ${MAIL_ENCRYPTION:-tls}
|
|
MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS}
|
|
MAIL_FROM_NAME: ${MAIL_FROM_NAME:-"Sibedas"}
|
|
|
|
# Google Sheets API
|
|
SPREAD_SHEET_ID: ${SPREAD_SHEET_ID}
|
|
volumes:
|
|
# Only mount specific directories for production security
|
|
- sibedas_app_storage:/var/www/storage
|
|
- sibedas_app_bootstrap_cache:/var/www/bootstrap/cache
|
|
- ./public:/var/www/public:ro
|
|
- ./docker/supervisor:/etc/supervisor/conf.d:ro
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
networks:
|
|
- sibedas_network
|
|
healthcheck:
|
|
test: ["CMD", "php", "-v"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 1G
|
|
cpus: "1.0"
|
|
reservations:
|
|
memory: 512M
|
|
cpus: "0.5"
|
|
# Use Supervisor for queue and scheduler
|
|
command:
|
|
["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
|
|
|
|
# Internal Nginx for Sibedas App
|
|
nginx-internal:
|
|
image: nginx:alpine
|
|
container_name: sibedas_nginx_internal
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./public:/var/www/public:ro
|
|
- ./docker/nginx/conf.d/sibedas-internal.conf:/etc/nginx/conf.d/default.conf:ro
|
|
- sibedas_nginx_internal_logs:/var/log/nginx
|
|
depends_on:
|
|
app:
|
|
condition: service_healthy
|
|
networks:
|
|
- sibedas_network
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"wget",
|
|
"--quiet",
|
|
"--tries=1",
|
|
"--spider",
|
|
"http://localhost/health-check",
|
|
]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 128M
|
|
cpus: "0.25"
|
|
|
|
# Reverse Proxy Nginx (Main Entry Point)
|
|
nginx-proxy:
|
|
build:
|
|
context: ./docker/nginx
|
|
dockerfile: Dockerfile
|
|
container_name: sibedas_nginx_proxy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${NGINX_HTTP_PORT:-80}:80"
|
|
- "${NGINX_HTTPS_PORT:-443}:443"
|
|
environment:
|
|
DOMAIN: ${DOMAIN:-sibedas.yourdomain.com}
|
|
EMAIL: ${EMAIL:-admin@yourdomain.com}
|
|
SSL_TYPE: ${SSL_TYPE:-self-signed}
|
|
volumes:
|
|
- sibedas_nginx_proxy_logs:/var/log/nginx
|
|
- sibedas_ssl_certs:/etc/nginx/ssl
|
|
- sibedas_letsencrypt:/etc/letsencrypt
|
|
depends_on:
|
|
nginx-internal:
|
|
condition: service_healthy
|
|
networks:
|
|
- sibedas_network
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"wget",
|
|
"--quiet",
|
|
"--tries=1",
|
|
"--spider",
|
|
"http://localhost/health-check",
|
|
]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 256M
|
|
cpus: "0.5"
|
|
|
|
db:
|
|
image: mariadb:10.6
|
|
container_name: sibedas_db
|
|
restart: unless-stopped
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
|
|
MYSQL_DATABASE: ${DB_DATABASE:-sibedas}
|
|
MYSQL_USER: ${DB_USERNAME:-sibedas_user}
|
|
MYSQL_PASSWORD: ${DB_PASSWORD}
|
|
MYSQL_INNODB_BUFFER_POOL_SIZE: ${MYSQL_INNODB_BUFFER_POOL_SIZE:-1G}
|
|
ports:
|
|
# Only expose if needed for external access
|
|
- "${DB_EXTERNAL_PORT:-3306}:3306"
|
|
volumes:
|
|
- sibedas_dbdata:/var/lib/mysql
|
|
- ./sibedas.sql:/docker-entrypoint-initdb.d/sibedas.sql:ro
|
|
- ./docker/mysql/conf.d:/etc/mysql/conf.d:ro
|
|
- sibedas_db_logs:/var/log/mysql
|
|
networks:
|
|
- sibedas_network
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"mysqladmin",
|
|
"ping",
|
|
"-h",
|
|
"localhost",
|
|
"-u",
|
|
"${DB_USERNAME:-sibedas_user}",
|
|
"-p${DB_PASSWORD}",
|
|
]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 2G
|
|
cpus: "1.0"
|
|
reservations:
|
|
memory: 1G
|
|
cpus: "0.5"
|
|
|
|
volumes:
|
|
sibedas_dbdata:
|
|
driver: local
|
|
sibedas_app_storage:
|
|
driver: local
|
|
sibedas_app_bootstrap_cache:
|
|
driver: local
|
|
sibedas_nginx_internal_logs:
|
|
driver: local
|
|
sibedas_nginx_proxy_logs:
|
|
driver: local
|
|
sibedas_db_logs:
|
|
driver: local
|
|
sibedas_ssl_certs:
|
|
driver: local
|
|
sibedas_letsencrypt:
|
|
driver: local
|
|
|
|
networks:
|
|
sibedas_network:
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.20.0.0/16
|