Set up Docker environment for local development and deployment
Configure Docker Compose, Dockerfiles for API and web servers, and a startup script to enable local development and deployment of the application. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 77cfe984-2c65-4152-bb7a-0df28274fe66 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 9b39e228-74f1-466d-ab5c-87a1e5e7ed07 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/c3c252e4-c83d-40ca-9fff-99a3ea60701e/77cfe984-2c65-4152-bb7a-0df28274fe66/kI0sxlu Replit-Helium-Checkpoint-Created: true
This commit is contained in:
+43
-136
@@ -1,175 +1,82 @@
|
||||
# Tx OS — production-style compose stack for a single VPS.
|
||||
#
|
||||
# Bring up: docker compose up -d
|
||||
# Migrate DB: docker compose run --rm migrate
|
||||
# Logs: docker compose logs -f api
|
||||
# Tear down: docker compose down
|
||||
#
|
||||
# All secrets (passwords, session secret, MinIO credentials) live in `.env`.
|
||||
# Copy `.env.example` to `.env` and edit before first boot.
|
||||
|
||||
name: tx-os
|
||||
|
||||
services:
|
||||
db:
|
||||
postgres:
|
||||
image: postgres:16-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
POSTGRES_USER: ${POSTGRES_USER:-tx}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-tx_dev_password}
|
||||
POSTGRES_DB: ${POSTGRES_DB:-tx}
|
||||
volumes:
|
||||
- db_data:/var/lib/postgresql/data
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
|
||||
interval: 10s
|
||||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-tx} -d ${POSTGRES_DB:-tx}"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
networks: [internal]
|
||||
retries: 20
|
||||
|
||||
minio:
|
||||
image: minio/minio:RELEASE.2025-01-20T14-49-07Z
|
||||
restart: unless-stopped
|
||||
command: server /data --console-address ":9001"
|
||||
environment:
|
||||
MINIO_ROOT_USER: ${S3_ACCESS_KEY_ID}
|
||||
MINIO_ROOT_PASSWORD: ${S3_SECRET_ACCESS_KEY}
|
||||
volumes:
|
||||
- minio_data:/data
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
|
||||
interval: 15s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
networks: [internal]
|
||||
|
||||
# One-shot: create the two buckets on first boot. Idempotent.
|
||||
minio-init:
|
||||
image: minio/mc:RELEASE.2025-01-17T23-25-50Z
|
||||
migrate:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: docker/api-server.Dockerfile
|
||||
image: tx-os/api-server:latest
|
||||
depends_on:
|
||||
minio:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
entrypoint: >
|
||||
/bin/sh -c "
|
||||
mc alias set local http://minio:9000 $${S3_ACCESS_KEY_ID} $${S3_SECRET_ACCESS_KEY} &&
|
||||
mc mb --ignore-existing local/${S3_BUCKET_PRIVATE} &&
|
||||
mc mb --ignore-existing local/${S3_BUCKET_PUBLIC} &&
|
||||
mc anonymous set download local/${S3_BUCKET_PUBLIC} ||
|
||||
true
|
||||
"
|
||||
environment:
|
||||
S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID}
|
||||
S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY}
|
||||
S3_BUCKET_PRIVATE: ${S3_BUCKET_PRIVATE}
|
||||
S3_BUCKET_PUBLIC: ${S3_BUCKET_PUBLIC}
|
||||
networks: [internal]
|
||||
NODE_ENV: production
|
||||
DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx}
|
||||
user: root
|
||||
entrypoint: ["/usr/bin/tini", "--"]
|
||||
command: ["/bin/bash", "/usr/local/bin/migrate.sh"]
|
||||
restart: "no"
|
||||
|
||||
api:
|
||||
build:
|
||||
context: .
|
||||
target: api
|
||||
image: tx-os/api:latest
|
||||
dockerfile: docker/api-server.Dockerfile
|
||||
image: tx-os/api-server:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
minio:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
migrate:
|
||||
condition: service_completed_successfully
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
PORT: "8080"
|
||||
DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
||||
SESSION_SECRET: ${SESSION_SECRET}
|
||||
ALLOWED_ORIGINS: ${ALLOWED_ORIGINS}
|
||||
PORT: 8080
|
||||
DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx}
|
||||
SESSION_SECRET: ${SESSION_SECRET:?SESSION_SECRET is required — copy .env.docker.example to .env and edit it}
|
||||
LOCAL_STORAGE_SIGNING_SECRET: ${LOCAL_STORAGE_SIGNING_SECRET:-${SESSION_SECRET}}
|
||||
LOCAL_STORAGE_ROOT: /app/storage
|
||||
STORAGE_DRIVER: ${STORAGE_DRIVER:-local}
|
||||
PRIVATE_OBJECT_DIR: ${PRIVATE_OBJECT_DIR:-/app/storage/private}
|
||||
PUBLIC_OBJECT_SEARCH_PATHS: ${PUBLIC_OBJECT_SEARCH_PATHS:-/app/storage/public}
|
||||
DEFAULT_OBJECT_STORAGE_BUCKET_ID: ${DEFAULT_OBJECT_STORAGE_BUCKET_ID:-tx-local}
|
||||
ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-http://localhost:${APP_PORT:-3000}}
|
||||
PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:${APP_PORT:-3000}}
|
||||
LOG_LEVEL: ${LOG_LEVEL:-info}
|
||||
PUBLIC_BASE_URL: ${PUBLIC_BASE_URL}
|
||||
# Storage — S3 driver against MinIO.
|
||||
STORAGE_DRIVER: s3
|
||||
S3_ENDPOINT: http://minio:9000
|
||||
S3_REGION: ${S3_REGION:-us-east-1}
|
||||
S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID}
|
||||
S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY}
|
||||
S3_FORCE_PATH_STYLE: "true"
|
||||
PRIVATE_OBJECT_DIR: /${S3_BUCKET_PRIVATE}/private
|
||||
PUBLIC_OBJECT_SEARCH_PATHS: /${S3_BUCKET_PUBLIC}/public
|
||||
# Email (optional — leave SMTP_HOST blank to disable mail).
|
||||
SMTP_HOST: ${SMTP_HOST:-}
|
||||
SMTP_PORT: ${SMTP_PORT:-}
|
||||
SMTP_USER: ${SMTP_USER:-}
|
||||
SMTP_PASS: ${SMTP_PASS:-}
|
||||
SMTP_SECURE: ${SMTP_SECURE:-}
|
||||
SMTP_FROM: ${SMTP_FROM:-}
|
||||
ports:
|
||||
# API — exposed on host :8080 for direct curl/integration access. In
|
||||
# a public-facing deployment this should be bound to 127.0.0.1 only
|
||||
# (e.g. "127.0.0.1:8080:8080") so only the edge proxy reaches it.
|
||||
- "${API_PORT:-8080}:8080"
|
||||
networks: [internal]
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:8080/api/healthz', r => process.exit(r.statusCode===200?0:1)).on('error', () => process.exit(1))\""]
|
||||
interval: 15s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
SMTP_SECURE: ${SMTP_SECURE:-}
|
||||
volumes:
|
||||
- app_storage:/app/storage
|
||||
|
||||
web:
|
||||
build:
|
||||
context: .
|
||||
target: web
|
||||
dockerfile: docker/tx-os.Dockerfile
|
||||
image: tx-os/web:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
api:
|
||||
condition: service_healthy
|
||||
- api
|
||||
ports:
|
||||
# SPA — exposed on host :3000. Front this with an operator-managed
|
||||
# TLS terminator (Caddy / Nginx / Traefik) for production HTTPS.
|
||||
- "${WEB_PORT:-3000}:80"
|
||||
networks: [internal]
|
||||
|
||||
# Component preview server. Dev-only — used to iterate on isolated
|
||||
# React components in an iframe-friendly preview at /__mockup. Not part
|
||||
# of the production user surface; kept under the `dev` profile so a
|
||||
# normal `docker compose up -d` does NOT start it. Run with:
|
||||
# docker compose --profile dev up -d mockup-sandbox
|
||||
mockup-sandbox:
|
||||
build:
|
||||
context: .
|
||||
target: mockup
|
||||
image: tx-os/mockup:latest
|
||||
profiles: ["dev"]
|
||||
environment:
|
||||
NODE_ENV: development
|
||||
PORT: "8081"
|
||||
BASE_PATH: /__mockup
|
||||
ports:
|
||||
- "${MOCKUP_PORT:-8081}:8081"
|
||||
networks: [internal]
|
||||
|
||||
# One-shot DB migrate + seed. Run on first boot:
|
||||
# docker compose run --rm migrate
|
||||
migrate:
|
||||
build:
|
||||
context: .
|
||||
target: migrate
|
||||
image: tx-os/migrate:latest
|
||||
profiles: ["tools"]
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
||||
NODE_ENV: production
|
||||
SEED_ADMIN_PASSWORD: ${SEED_ADMIN_PASSWORD}
|
||||
SEED_USER_PASSWORD: ${SEED_USER_PASSWORD}
|
||||
# Single canonical entrypoint — wraps `pnpm --filter db push` + seed.
|
||||
command: ["pnpm", "--filter", "@workspace/api-server", "run", "migrate"]
|
||||
networks: [internal]
|
||||
- "${APP_PORT:-3000}:80"
|
||||
|
||||
volumes:
|
||||
db_data:
|
||||
minio_data:
|
||||
|
||||
networks:
|
||||
internal:
|
||||
driver: bridge
|
||||
postgres_data:
|
||||
app_storage:
|
||||
|
||||
Reference in New Issue
Block a user