monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27f440385657274e69cb9ee8e7ccafe285371f7a
the-other-dude/docker-compose.prod.yml
Jason Staack 27f4403856 feat(infra): add nginx WebSocket proxy and SSH relay config to compose files 
- Add WebSocket upgrade map to nginx and proxy /ws/ssh to poller:8080
- Update CSP connect-src to allow ws: and wss: for terminal connections
- Add tunnel port range 49000-49100, SSH relay env vars, ulimits, and healthcheck to poller in both override and prod compose files
- Increase poller memory limit to 512M in prod for tunnel/SSH overhead

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-12 15:40:53 -05:00

102 lines
2.3 KiB
YAML
Raw Blame History

# docker-compose.prod.yml -- Production environment override
# Usage: docker compose -f docker-compose.yml -f docker-compose.prod.yml --env-file .env.prod up -d
services:
api:
build:
context: .
dockerfile: infrastructure/docker/Dockerfile.api
container_name: tod_api
env_file: .env.prod
environment:
ENVIRONMENT: production
LOG_LEVEL: info
GUNICORN_WORKERS: "2"
command: ["gunicorn", "app.main:app", "--config", "gunicorn.conf.py"]
volumes:
- ./docker-data/git-store:/data/git-store
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
nats:
condition: service_healthy
deploy:
resources:
limits:
memory: 512M
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
networks:
- tod
poller:
build:
context: ./poller
dockerfile: ./Dockerfile
container_name: tod_poller
env_file: .env.prod
environment:
ENVIRONMENT: production
LOG_LEVEL: info
TUNNEL_PORT_MIN: 49000
TUNNEL_PORT_MAX: 49100
TUNNEL_IDLE_TIMEOUT: 300
SSH_RELAY_PORT: 8080
SSH_IDLE_TIMEOUT: 900
SSH_MAX_SESSIONS: 200
SSH_MAX_PER_USER: 10
SSH_MAX_PER_DEVICE: 20
ports:
- "127.0.0.1:49000-49100:49000-49100"
ulimits:
nofile:
soft: 8192
hard: 8192
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
nats:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "wget --spider -q http://localhost:8080/healthz || exit 1"]
interval: 30s
timeout: 3s
retries: 3
deploy:
resources:
limits:
memory: 512M # increased from 256M for tunnel/SSH overhead
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
networks:
- tod
frontend:
build:
context: .
dockerfile: infrastructure/docker/Dockerfile.frontend
container_name: tod_frontend
ports:
- "80:80"
depends_on:
- api
deploy:
resources:
limits:
memory: 64M
restart: unless-stopped
networks:
- tod
Reference in New Issue View Git Blame Copy Permalink