FilesExpand file tree

 main

/

docker-compose.yml

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

147 lines (127 loc) · 4.38 KB

 main

/

docker-compose.yml

Top

File metadata and controls

• Code
• Blame

147 lines (127 loc) · 4.38 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

# Docker Compose - Production configuration for SmartFolio

# Target: Ubuntu 24.04.2 LTS on NUC with Docker

# Features: Redis cache/streaming, auto-start, healthchecks, optimized volumes

version: '3.8'

services:

# Redis service - Cache & streaming backend

redis:

image: redis:7-alpine

container_name: smartfolio-redis

restart: always

command: >

redis-server

--appendonly yes

--appendfsync everysec

--maxmemory 512mb

--maxmemory-policy allkeys-lru

volumes:

- redis_data:/data # Named volume for persistence

networks:

- smartfolio-net

healthcheck:

test: ["CMD", "redis-cli", "ping"]

interval: 10s

timeout: 3s

retries: 3

start_period: 10s

logging:

driver: "json-file"

options:

max-size: "10m"

max-file: "3"

# SmartFolio API service

smartfolio:

build:

context: .

dockerfile: Dockerfile.prod

args:

PORT: ${PORT:-8080}

WORKERS: 1

container_name: smartfolio-api

restart: always

depends_on:

redis:

condition: service_healthy

ports:

- "${PORT:-8080}:${PORT:-8080}" # LAN accessible

environment:

# Core settings

DEBUG: ${DEBUG:-true}

ENVIRONMENT: ${ENVIRONMENT:-development}

PORT: ${PORT:-8080}

HOST: 0.0.0.0 # Must be 0.0.0.0 for container networking

# Redis connection (use service name as hostname)

REDIS_URL: redis://redis:6379/0

# API Base URL for internal HTTP calls (backend calling itself)

# In Docker, use localhost:PORT since it's the same container

API_BASE_URL: ${API_BASE_URL:-http://localhost:8080}

# Feature flags

RUN_SCHEDULER: ${RUN_SCHEDULER:-1}

CRYPTO_TOOLBOX_NEW: 1

RISK_SCORE_V2_ENABLED: ${RISK_SCORE_V2_ENABLED:-true}

# Rate limiting - Token Bucket System

RATE_LIMIT_ENABLED: ${RATE_LIMIT_ENABLED:-true}

# Token bucket configuration (mapped to SecurityConfig via SECURITY_ prefix)

SECURITY_RATE_LIMIT_REFILL_RATE: ${SECURITY_RATE_LIMIT_REFILL_RATE:-20.0}

SECURITY_RATE_LIMIT_BURST_SIZE: ${SECURITY_RATE_LIMIT_BURST_SIZE:-50}

# Logging

LOG_LEVEL: ${LOG_LEVEL:-INFO}

# Uvicorn Network Settings (allow LAN access)

FORWARDED_ALLOW_IPS: "*" # Allow access from any IP (dev mode)

# Security (optional, for dev/debug)

DEBUG_TOKEN: ${DEBUG_TOKEN:-}

ADMIN_KEY: ${ADMIN_KEY:-}

# HTTPS Redirect (set to true only if you have SSL certificate)

SECURITY_FORCE_HTTPS: ${SECURITY_FORCE_HTTPS:-false}

# Data sources

ALLOW_STUB_SOURCES: ${ALLOW_STUB_SOURCES:-false}

COMPUTE_ON_STUB_SOURCES: ${COMPUTE_ON_STUB_SOURCES:-false}

# CORS (dev only)

CORS_ORIGINS: ${CORS_ORIGINS:-}

# SaxoBank OAuth2 credentials (read from .env)

SAXO_SIM_CLIENT_ID: ${SAXO_SIM_CLIENT_ID}

SAXO_SIM_CLIENT_SECRET: ${SAXO_SIM_CLIENT_SECRET}

SAXO_LIVE_CLIENT_ID: ${SAXO_LIVE_CLIENT_ID}

SAXO_LIVE_CLIENT_SECRET: ${SAXO_LIVE_CLIENT_SECRET}

SAXO_ENVIRONMENT: ${SAXO_ENVIRONMENT:-sim}

SAXO_REDIRECT_URI: ${SAXO_REDIRECT_URI}

volumes:

# Only mount data and logs directories (not entire project)

# This prevents issues with venv/, __pycache__, etc.

- ./data:/app/data:rw # User data, portfolios, cache

- ./logs:/app/logs:rw # Application logs

# Note: Code is baked into image (not mounted) for production

# To update code: rebuild image with --build flag

networks:

- smartfolio-net

healthcheck:

test: ["CMD", "curl", "-f", "http://localhost:${PORT:-8080}/docs"]

interval: 30s

timeout: 10s

retries: 3

start_period: 60s # Playwright needs time to initialize

logging:

driver: "json-file"

options:

max-size: "10m"

max-file: "3"

# Optional: Resource limits (recommended for stability)

# Adjust based on NUC usage patterns

# deploy:

# resources:

# limits:

# cpus: '2.0' # Max 2 cores

# memory: 4G # Max 4GB RAM

# reservations:

# cpus: '0.5' # Min 0.5 core

# memory: 512M # Min 512MB RAM

# Named volume for Redis persistence

volumes:

redis_data:

driver: local

name: smartfolio-redis-data

# Internal network for service communication

networks:

smartfolio-net:

driver: bridge

name: smartfolio-network