Wheelz/Docker-Swarm-Services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4b1590107baf0cd12b0fada0a15a4d74e25e3470
Docker-Swarm-Services/proxcenter-compose.yml

164 lines
5.8 KiB
YAML
Raw Blame History

# ============================================
# ProxCenter Community Edition — Docker Swarm Stack
# ============================================
# Deploy (do NOT run until volumes/secrets exist):
# set -a; . ./proxcenter.env; set +a
# docker stack deploy -c proxcenter-compose.yml proxcenter
#
# Alternative if you prefer to render with docker compose first:
# docker compose --env-file proxcenter.env -f proxcenter-compose.yml config \
# | docker stack deploy -c - proxcenter
#
# Prerequisites — create external volumes before first deploy:
# docker volume create proxcenter_data
# docker volume create postgres_data
#
# Named volumes in Swarm are node-local by default. Both services are
# pinned to a labeled node so proxcenter_data and postgres_data stay on
# the same host. Label the intended primary Swarm node before deploying:
# docker node update --label-add proxcenter.storage=true <NODE_NAME>
# If you use a distributed volume driver (NFS/Longhorn/etc.), remove or
# change the placement constraints.
#
# Optional: use Docker Secrets instead of env vars for sensitive values.
# Create secrets before deploying, then uncomment the secrets: blocks:
# printf 'your-app-secret' | docker secret create app_secret -
# printf 'your-nextauth-secret' | docker secret create nextauth_secret -
# Then in the frontend service, swap the APP_SECRET / NEXTAUTH_SECRET
# env vars for APP_SECRET_FILE / NEXTAUTH_SECRET_FILE and uncomment
# the secrets: section on the service and at the bottom of this file.
# ============================================
services:
# ========================================
# Frontend (Next.js + WebSocket Proxy)
# ========================================
frontend:
image: ghcr.io/adminsyspro/proxcenter-frontend:${VERSION:-latest}
ports:
- "3000:3000"
environment:
- NODE_ENV=production
# Build the Postgres connection string from individual vars so
# POSTGRES_PASSWORD only needs to be set once (not duplicated in DATABASE_URL).
- DATABASE_URL=postgresql://${POSTGRES_USER:-proxcenter}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-proxcenter}?schema=public
- APP_SECRET=${APP_SECRET}
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
- NEXTAUTH_URL=${NEXTAUTH_URL:-http://localhost:3000}
- APP_URL=${APP_URL:-http://localhost:3000}
# Docker Secrets alternative — comment out APP_SECRET / NEXTAUTH_SECRET above
# and uncomment these if you prefer file-based secrets:
# - APP_SECRET_FILE=/run/secrets/app_secret
# - NEXTAUTH_SECRET_FILE=/run/secrets/nextauth_secret
volumes:
- proxcenter_data:/app/data
# secrets:
# - app_secret
# - nextauth_secret
networks:
- proxcenter
# depends_on is intentionally omitted: it is ignored by docker stack deploy.
# Swarm relies on healthcheck + restart_policy to handle startup ordering.
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
deploy:
replicas: 1
placement:
constraints:
# Keep the node-local proxcenter_data volume on the intended primary node.
- node.labels.proxcenter.storage == true
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
window: 120s
update_config:
parallelism: 1
delay: 10s
order: start-first
failure_action: rollback
rollback_config:
parallelism: 1
delay: 5s
# ========================================
# Postgres (application database)
# ========================================
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=${POSTGRES_USER:-proxcenter}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB:-proxcenter}
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
volumes:
- postgres_data:/var/lib/postgresql/data
# Port is intentionally not published. Postgres is reachable only
# over the internal overlay network. Uncomment to expose for debugging:
# ports:
# - "127.0.0.1:5432:5432"
networks:
- proxcenter
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-proxcenter} -d ${POSTGRES_DB:-proxcenter}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 20s
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
window: 120s
update_config:
parallelism: 1
delay: 10s
# stop-first so the old container releases its data dir before the new one starts
order: stop-first
failure_action: rollback
rollback_config:
parallelism: 1
delay: 5s
placement:
constraints:
# Keep the node-local postgres_data volume on the intended primary node.
- node.labels.proxcenter.storage == true
# ========================================
# Networks
# ========================================
networks:
proxcenter:
driver: overlay
attachable: true
# ========================================
# Volumes (must be created externally)
# ========================================
# docker volume create proxcenter_data
# docker volume create postgres_data
volumes:
proxcenter_data:
external: true
postgres_data:
external: true
# ========================================
# Secrets (uncomment after creating them)
# ========================================
# printf 'your-app-secret' | docker secret create app_secret -
# printf 'your-nextauth-secret' | docker secret create nextauth_secret -
#
# secrets:
# app_secret:
# external: true
# nextauth_secret:
# external: true
Reference in New Issue View Git Blame Copy Permalink