48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
services:
|
|
rsocials:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: rsocials
|
|
restart: unless-stopped
|
|
environment:
|
|
# Infisical secret injection (replaces individual secret env vars)
|
|
- INFISICAL_CLIENT_ID=${INFISICAL_CLIENT_ID}
|
|
- INFISICAL_CLIENT_SECRET=${INFISICAL_CLIENT_SECRET}
|
|
- INFISICAL_PROJECT_SLUG=rsocials
|
|
- INFISICAL_ENV=prod
|
|
- INFISICAL_URL=http://infisical:8080
|
|
# Non-secret config
|
|
- DATA_DIR=/app/data
|
|
volumes:
|
|
- zine-data:/app/data
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.rsocials.rule=Host(`rsocials.online`) || Host(`www.rsocials.online`)"
|
|
- "traefik.http.routers.rsocials.entrypoints=web"
|
|
- "traefik.http.services.rsocials.loadbalancer.server.port=3000"
|
|
- "traefik.docker.network=traefik-public"
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 15s
|
|
networks:
|
|
- traefik-public
|
|
cap_drop:
|
|
- ALL
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
- /home/nextjs/.npm
|
|
|
|
volumes:
|
|
zine-data:
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|