-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
123 lines (117 loc) · 3.83 KB
/
docker-compose.yml
File metadata and controls
123 lines (117 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# =============================================================================
# Hypostasia — docker-compose unique dev/prod
#
# Le comportement est determine par les variables dans .env :
# DEBUG=true → dev (sleep infinity, ports exposes, volumes locaux)
# DEBUG=false → prod (supervisord, reseau interne, volumes Docker)
#
# DEV :
# docker compose up -d
# docker exec -it hypostasia_web bash
# uv run python manage.py runserver 0.0.0.0:8123
#
# PROD — mise a jour rapide :
# docker exec -it hypostasia_web bash
# cd /app && git pull
# uv sync
# uv run python manage.py migrate
# supervisorctl -c /app/supervisord.conf restart gunicorn daphne celery_worker
# =============================================================================
services:
postgres:
image: postgres:17-alpine
container_name: hypostasia_postgres
environment:
POSTGRES_DB: ${POSTGRES_DB:-hypostasia}
POSTGRES_USER: ${POSTGRES_USER:-hypostasia}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-hypostasia}"]
interval: 5s
timeout: 3s
retries: 5
restart: unless-stopped
networks:
- hypostasia
redis:
image: redis:7-alpine
container_name: hypostasia_redis
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
restart: unless-stopped
networks:
- hypostasia
web:
build: .
container_name: hypostasia_web
# Utilise le meme uid:gid que l'utilisateur hote pour que les volumes
# montes (media/, logs/, tmp/) soient accessibles en ecriture.
# Par defaut 1000:1000 (premier user Linux). Surcharger dans .env si different.
# / Uses the same uid:gid as the host user so that mounted volumes
# / (media/, logs/, tmp/) are writable. Default 1000:1000 (first Linux user).
# user: "${UID:-1000}:${GID:-1000}"
env_file: .env
environment:
# Force le host PostgreSQL et Redis vers les noms de service Docker
# / Force PostgreSQL and Redis hosts to Docker service names
POSTGRES_HOST: postgres
CELERY_BROKER_URL: redis://redis:6379/0
REDIS_URL: redis://redis:6379/0
# Cache uv et home dans /app pour eviter les problemes de permissions
# / uv cache and home in /app to avoid permission issues
UV_CACHE_DIR: /app/.cache/uv
HOME: /app
volumes:
- .:/app
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
restart: unless-stopped
networks:
- hypostasia
# DEBUG=true → sleep infinity (on lance le serveur a la main)
# DEBUG=false → start.sh (supervisord : gunicorn:8001 + daphne:8000 + celery)
command: >
bash -c '
if [ "$DEBUG" = "true" ] || [ "$DEBUG" = "True" ]; then
echo "Mode dev — sleep infinity. Lancer le serveur manuellement."
sleep infinity
else
bash start.sh
fi
'
nginx:
image: nginx:alpine
container_name: hypostasia_nginx
volumes:
- ./nginx/${NGINX_CONF:-default.conf}:/etc/nginx/conf.d/default.conf
- ./staticfiles:/app/staticfiles:ro
- ./media:/app/media:ro
extra_hosts:
- "host.docker.internal:host-gateway"
depends_on:
- web
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.http.routers.hypostasia.tls.certresolver=myresolver"
- "traefik.http.services.hypostasia.loadbalancer.server.port=80"
- "traefik.http.routers.hypostasia.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.hypostasia.middlewares=crowdsec@file"
networks:
- frontend
- hypostasia
networks:
frontend:
external: true
hypostasia:
volumes:
pgdata: