FilesExpand file tree

 main

/

compose.prod.yaml

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

123 lines (119 loc) · 3.34 KB

 main

/

compose.prod.yaml

Top

File metadata and controls

• Code
• Blame

123 lines (119 loc) · 3.34 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

# Production configuration

services:

php:

image: ${IMAGES_PREFIX:-}app-php

build:

context: .

target: frankenphp_prod

restart: unless-stopped

environment:

APP_ENV: ${APP_ENV:-prod}

SERVER_NAME: ${SERVER_NAME:-api.killerparty.app}, php:80

APP_SECRET: ${APP_SECRET}

SENTRY_DSN: ${SENTRY_DSN:-}

EXPO_DSN: ${EXPO_DSN:-}

DATABASE_URL: ${DATABASE_URL}

MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}

MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}

MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET}

MERCURE_URL: ${CADDY_MERCURE_URL:-http://php/.well-known/mercure}

MERCURE_PUBLIC_URL: ${CADDY_MERCURE_PUBLIC_URL:-https://${SERVER_NAME:-localhost}/.well-known/mercure}

volumes:

- caddy_data:/data

- caddy_config:/config

ports:

# HTTP

- target: 80

published: ${HTTP_PORT:-80}

protocol: tcp

# HTTPS

- target: 443

published: ${HTTPS_PORT:-443}

protocol: tcp

# HTTP/3

- target: 443

published: ${HTTP3_PORT:-443}

protocol: udp

depends_on:

database:

condition: service_healthy

###> symfony/mercure-bundle ###

mercure:

image: dunglas/mercure

restart: unless-stopped

environment:

MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}

MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}

MERCURE_EXTRA_DIRECTIVES: |

cors_origins "https://${SERVER_NAME:-api.killerparty.app}"

healthcheck:

test: ["CMD", "curl", "-f", "https://localhost/healthz"]

timeout: 5s

retries: 5

start_period: 60s

volumes:

- mercure_data:/data

- mercure_config:/config

###< symfony/mercure-bundle ###

###> doctrine/doctrine-bundle ###

database:

image: postgres:${POSTGRES_VERSION:-16}-alpine

restart: unless-stopped

environment:

POSTGRES_DB: ${POSTGRES_DB}

POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}

POSTGRES_USER: ${POSTGRES_USER}

# Enable connection pooling

POSTGRES_INITDB_ARGS: "-E UTF8 --locale=C"

volumes:

# Named volume for data persistence

- database_data:/var/lib/postgresql/data:rw

# Backup directory (bind mount)

- ./backups/db:/backups:rw

healthcheck:

test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-app} -d ${POSTGRES_DB:-app}"]

interval: 10s

timeout: 5s

retries: 5

start_period: 30s

# Security: run as non-root user

user: postgres

# Optimize for production

command:

- "postgres"

- "-c"

- "max_connections=200"

- "-c"

- "shared_buffers=256MB"

- "-c"

- "effective_cache_size=1GB"

- "-c"

- "maintenance_work_mem=64MB"

- "-c"

- "checkpoint_completion_target=0.9"

- "-c"

- "wal_buffers=16MB"

- "-c"

- "default_statistics_target=100"

- "-c"

- "random_page_cost=1.1"

- "-c"

- "effective_io_concurrency=200"

- "-c"

- "work_mem=1310kB"

- "-c"

- "min_wal_size=1GB"

- "-c"

- "max_wal_size=4GB"

###< doctrine/doctrine-bundle ###

volumes:

caddy_data:

caddy_config:

###> symfony/mercure-bundle ###

mercure_data:

mercure_config:

###< symfony/mercure-bundle ###

###> doctrine/doctrine-bundle ###

database_data:

driver: local

###< doctrine/doctrine-bundle ###