71 lines
2.3 KiB
YAML
71 lines
2.3 KiB
YAML
# EncryptID Docker Compose
|
|
# Deploy with: docker compose -f docker-compose.encryptid.yml up -d
|
|
|
|
services:
|
|
encryptid:
|
|
build:
|
|
context: ..
|
|
dockerfile: rspace-online/Dockerfile.encryptid
|
|
container_name: encryptid
|
|
restart: unless-stopped
|
|
depends_on:
|
|
encryptid-db:
|
|
condition: service_healthy
|
|
environment:
|
|
- NODE_ENV=production
|
|
- PORT=3000
|
|
- JWT_SECRET=${JWT_SECRET}
|
|
- DATABASE_URL=postgres://encryptid:${ENCRYPTID_DB_PASSWORD}@encryptid-db:5432/encryptid
|
|
- SMTP_HOST=${SMTP_HOST:-mx.jeffemmett.com}
|
|
- SMTP_PORT=${SMTP_PORT:-587}
|
|
- SMTP_USER=${SMTP_USER:-noreply@jeffemmett.com}
|
|
- SMTP_PASS=${SMTP_PASS}
|
|
- SMTP_FROM=${SMTP_FROM:-EncryptID <noreply@jeffemmett.com>}
|
|
- RECOVERY_URL=${RECOVERY_URL:-https://encryptid.jeffemmett.com/recover}
|
|
labels:
|
|
# Traefik auto-discovery
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.encryptid.rule=Host(`encryptid.jeffemmett.com`)"
|
|
- "traefik.http.routers.encryptid.entrypoints=web"
|
|
- "traefik.http.services.encryptid.loadbalancer.server.port=3000"
|
|
# Also serve from root domain for .well-known
|
|
- "traefik.http.routers.encryptid-wellknown.rule=Host(`jeffemmett.com`) && PathPrefix(`/.well-known/webauthn`)"
|
|
- "traefik.http.routers.encryptid-wellknown.entrypoints=web"
|
|
networks:
|
|
- traefik-public
|
|
- encryptid-internal
|
|
healthcheck:
|
|
test: ["CMD", "bun", "-e", "fetch('http://localhost:3000/health').then(r => r.json()).then(d => process.exit(d.database ? 0 : 1)).catch(() => process.exit(1))"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 15s
|
|
|
|
encryptid-db:
|
|
image: postgres:16-alpine
|
|
container_name: encryptid-db
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_DB=encryptid
|
|
- POSTGRES_USER=encryptid
|
|
- POSTGRES_PASSWORD=${ENCRYPTID_DB_PASSWORD}
|
|
volumes:
|
|
- encryptid-pgdata:/var/lib/postgresql/data
|
|
networks:
|
|
- encryptid-internal
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U encryptid -d encryptid"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 10s
|
|
|
|
volumes:
|
|
encryptid-pgdata:
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|
|
encryptid-internal:
|
|
driver: bridge
|