11 files changed,
250 insertions(+),
2 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed by:
GitHub
noreply@github.com
Committed at:
2025-09-12 14:41:21 +0300
Parent:
10fe031
A
deploy/README.md
··· 1 +# Deploy 2 + 3 +>[!IMPORTANT] Before deploying: 4 +> 1. Set the environment variables in `docker-compose.yml` and `docker-compose.monitoring.yml` before running them. 5 +> 1. Set your domain in `../infra/caddy/Caddyfile`. 6 + 7 +Building the frontend app, so it can be served: 8 +```bash 9 +./build.sh 10 +``` 11 + 12 +Run the containers: 13 +```bash 14 +docker compose up -d 15 +``` 16 + 17 +Run the monitoring suite: 18 +```bash 19 +docker compose up -d -f docker-compose.monitoring.yml 20 +``` 21 + 22 +The monitoring suite is not added to the Caddyfile, so you would need to be in the same network to access it.
A
deploy/docker-compose.monitoring.yml
··· 1 +services: 2 + prometheus: 3 + image: prom/prometheus:latest 4 + container_name: onasty-prometheus 5 + user: root 6 + volumes: 7 + - onasty-prometheus:/prometheus 8 + - ../infra/prometheus:/etc/prometheus 9 + ports: 10 + - 9090:9090 11 + networks: [onasty] 12 + restart: unless-stopped 13 + 14 + grafana: 15 + image: grafana/grafana:11.1.6 16 + container_name: onasty-grafana 17 + user: root 18 + environment: 19 + - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER:-admin} 20 + - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} 21 + volumes: 22 + - onasty-grafana:/var/lib/grafana 23 + - ../infra/grafana/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml 24 + - ../infra/grafana/dashboards.yml:/etc/grafana/provisioning/dashboards/dashboards.yml 25 + - ../infra/grafana/dashboards:/etc/grafana/provisioning/dashboards 26 + ports: 27 + - 3000:3000 28 + networks: [onasty] 29 + restart: unless-stopped 30 + depends_on: 31 + - prometheus 32 + 33 + loki: 34 + image: grafana/loki:3.2.0 35 + command: ["--pattern-ingester.enabled=true", "-config.file=/etc/loki/config.yaml"] 36 + ports: 37 + - 3100:3100 38 + volumes: 39 + - onasty-loki:/loki 40 + - ../infra/loki/config.yaml:/etc/loki/config.yaml:ro 41 + networks: [onasty] 42 + restart: unless-stopped 43 + 44 + promtail: 45 + image: grafana/promtail:3.0.0 46 + command: -config.file=/etc/promtail/config.yaml 47 + volumes: 48 + - ../infra/promtail/config.yaml:/etc/promtail/config.yaml:ro 49 + - /var/run/docker.sock:/var/run/docker.sock:ro 50 + - /var/lib/docker/containers:/var/lib/docker/containers:ro 51 + networks: [onasty] 52 + restart: unless-stopped 53 + depends_on: 54 + - loki 55 + 56 +networks: 57 + onasty: 58 + external: true 59 + 60 +volumes: 61 + onasty-prometheus: 62 + onasty-grafana: 63 + onasty-loki:
A
deploy/docker-compose.yml
··· 1 +services: 2 + caddy: 3 + image: caddy:2.7-alpine 4 + container_name: onasty-caddy-prod 5 + ports: 6 + - "80:80" 7 + - "443:443" 8 + volumes: 9 + - ../infra/caddy:/etc/caddy:ro 10 + - ./frontend:/srv/frontend # frontend dist 11 + - caddy_data:/data 12 + networks: [onasty] 13 + restart: unless-stopped 14 + depends_on: 15 + - core 16 + 17 + core: 18 + image: onasty:core # TODO: use registry link 19 + container_name: onasty-core-prod 20 + ports: 21 + - 8000:8000 22 + - 8001:8001 23 + environment: 24 + - APP_ENV=prod 25 + - APP_URL 26 + - NATS_URL=nats:4222 27 + - CORS_ALLOWED_ORIGINS 28 + - CORS_MAX_AGE 29 + - HTTP_PORT 30 + - HTTP_WRITE_TIMEOUT 31 + - HTTP_READ_TIMEOUT 32 + - HTTP_HEADER_MAX_SIZE_MB 33 + - POSTGRESQL_DSN 34 + - REDIS_ADDR 35 + - REDIS_PASSWORD 36 + - REDIS_DB 37 + - CACHE_NOTE_TTL 38 + - CACHE_USERS_TTL 39 + - PASSWORD_SALT 40 + - NOTE_PASSWORD_SALT 41 + - JWT_SIGNING_KEY 42 + - JWT_ACCESS_TOKEN_TTL 43 + - JWT_REFRESH_TOKEN_TTL 44 + - VERIFICATION_TOKEN_TTL 45 + - RESET_PASSWORD_TOKEN_TTL 46 + - CHANGE_EMAIL_TOKEN_TTL 47 + - GOOGLE_CLIENTID 48 + - GOOGLE_SECRET 49 + - GOOGLE_REDIRECTURL 50 + - GITHUB_CLIENTID 51 + - GITHUB_SECRET 52 + - GITHUB_REDIRECTURL 53 + - METRICS_PORT 54 + - METRICS_ENABLED 55 + - LOG_LEVEL 56 + - LOG_FORMAT 57 + - LOG_SHOW_LINE 58 + - RATELIMITER_TTL 59 + - RATELIMITER_RPS 60 + - RATELIMITER_BURST 61 + - SLOW_RATELIMITER_TTL 62 + - SLOW_RATELIMITER_RPS 63 + - SLOW_RATELIMITER_BURST 64 + restart: unless-stopped 65 + networks: [onasty] 66 + depends_on: 67 + - mailer 68 + - redis 69 + - postgres 70 + - nats 71 + 72 + mailer: 73 + image: onasty:mailer # TODO: use registry link 74 + container_name: onasty-mailer-prod 75 + ports: 76 + - 8002:8002 77 + environment: 78 + - APP_URL 79 + - FRONTEND_URL 80 + - NATS_URL 81 + - MAILGUN_FROM 82 + - MAILGUN_DOMAIN 83 + - MAILGUN_API_KEY 84 + - LOG_LEVEL 85 + - LOG_FORMAT 86 + - LOG_SHOW_LINE 87 + - METRICS_PORT 88 + - METRICS_ENABLED 89 + restart: unless-stopped 90 + networks: [onasty] 91 + depends_on: 92 + - nats 93 + 94 + nats: 95 + image: nats:2.10 96 + container_name: onasty-nats-prod 97 + ports: 98 + - 4222:4222 99 + restart: unless-stopped 100 + networks: [onasty] 101 + 102 + redis: 103 + image: redis:7.4-alpine 104 + container_name: onasty-redis-prod 105 + command: redis-server --appendonly yes 106 + ports: 107 + - 6379:6379 108 + restart: unless-stopped 109 + networks: [onasty] 110 + volumes: 111 + - onasty-redis:/data 112 + 113 + postgres: 114 + image: postgres:16-alpine 115 + container_name: onasty-postgres-prod 116 + environment: 117 + POSTGRES_USER: ${POSTGRES_USER} 118 + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 119 + POSTGRES_DB: onasty 120 + volumes: 121 + - onasty-postgres:/var/lib/postgresql/data 122 + ports: 123 + - 5432:5432 124 + networks: [onasty] 125 + restart: unless-stopped 126 + 127 +volumes: 128 + onasty-postgres: 129 + onasty-redis: 130 + caddy_data: 131 + 132 +networks: 133 + onasty:
M
docker-compose.yml
··· 18 18 container_name: onasty-core 19 19 build: 20 20 context: . 21 - dockerfile: Dockerfile 21 + dockerfile: core.Dockerfile 22 22 env_file: .env 23 23 ports: 24 24 - 8000:8000 ··· 35 35 container_name: onasty-mailer 36 36 build: 37 37 context: . 38 - dockerfile: ./mailer/Dockerfile 38 + dockerfile: mailer.Dockerfile 39 39 env_file: ./mailer/.env 40 40 depends_on: 41 41 - runtime ··· 66 66 67 67 nats: 68 68 image: nats:2.10 69 + container_name: onasty-nats 69 70 ports: 70 71 - 4222:4222 71 72
A
infra/caddy/Caddyfile
··· 1 +your.domain.name { 2 + encode gzip 3 + 4 + reverse_proxy /api/* core:8000 5 + 6 + root * /srv/frontend 7 + try_files {path} /index.html 8 + file_server 9 + 10 + header { 11 + Strict-Transport-Security max-age=31536000; 12 + X-Content-Type-Options nosniff 13 + X-Frame-Options DENY 14 + X-XSS-Protection "1; mode=block" 15 + } 16 +}