Initial setup, cleanup, VPS setup
All checks were successful
Deploy to VPS / deploy (push) Successful in 52s
All checks were successful
Deploy to VPS / deploy (push) Successful in 52s
This commit is contained in:
Tihon
193
docker-compose.prod.yml
Normal file
193
docker-compose.prod.yml
Normal file
@@ -0,0 +1,193 @@
|
||||
version: "3.9"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: mysql:8.0
|
||||
container_name: honey-mysql
|
||||
restart: always
|
||||
# Database credentials are read from the secret file via backend container
|
||||
# The backend will construct the connection URL from SPRING_DATASOURCE_* properties
|
||||
# For MySQL container, we need to set these via environment or use a separate secret
|
||||
# Option 1: Use environment variables (for MySQL container only)
|
||||
# Note: MYSQL_USER cannot be "root" - root user is configured via MYSQL_ROOT_PASSWORD only
|
||||
environment:
|
||||
MYSQL_DATABASE: honey_db
|
||||
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
|
||||
# Option 2: Mount secret file and read values (more secure)
|
||||
# This requires parsing the secret file or using a script
|
||||
# For simplicity, we'll use environment variables for MySQL container
|
||||
# The secret file is primarily for the backend application
|
||||
# Do NOT expose MySQL port to host - only accessible within Docker network
|
||||
# ports:
|
||||
# - "3306:3306"
|
||||
volumes:
|
||||
- mysql_data:/var/lib/mysql
|
||||
# Mount MySQL performance configuration (created on VPS at /opt/app/mysql/conf/my.cnf)
|
||||
- /opt/app/mysql/conf/my.cnf:/etc/mysql/conf.d/my.cnf:ro
|
||||
# Resource limits for MySQL (16GB buffer pool + 2GB overhead)
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '2.0'
|
||||
memory: 18G
|
||||
healthcheck:
|
||||
# Use shell to access environment variable (Docker Compose doesn't interpolate in healthcheck arrays)
|
||||
test: ["CMD-SHELL", "mysqladmin ping -h localhost -u root -p$$MYSQL_ROOT_PASSWORD || exit 1"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
networks:
|
||||
- honey-network
|
||||
|
||||
backend:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
container_name: honey-backend
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
# Expose backend port to localhost only (for Nginx on host to access)
|
||||
# This is safe - only accessible from the host, not from internet
|
||||
# Port 8080 is the primary/active backend
|
||||
ports:
|
||||
- "127.0.0.1:8080:8080"
|
||||
# Labels for rolling update management
|
||||
labels:
|
||||
- "deployment.role=primary"
|
||||
- "deployment.version=current"
|
||||
volumes:
|
||||
# Mount persistent avatar storage (absolute path for consistency)
|
||||
- /opt/app/data/avatars:/app/data/avatars
|
||||
# Mount secret configuration file (read-only)
|
||||
- /run/secrets/honey-config.properties:/run/secrets/honey-config.properties:ro
|
||||
# Mount logback config directory (editable on VPS without rebuilding)
|
||||
# Note: File must exist on host before mounting. Run setup-logging.sh first.
|
||||
- /opt/app/backend/config:/app/config:rw
|
||||
# Mount logs directory (persistent storage)
|
||||
- /opt/app/logs:/app/logs
|
||||
environment:
|
||||
# Java memory settings: 10GB heap (Xms/Xmx) + G1GC for low latency
|
||||
# -Xms: Start with 10GB (prevents resizing overhead)
|
||||
# -Xmx: Max limit 10GB
|
||||
# -XX:+UseG1GC: Use G1 garbage collector (best for large heaps)
|
||||
# -XX:MaxGCPauseMillis=200: Target max GC pause time
|
||||
JAVA_OPTS: -Xms10g -Xmx10g -XX:+UseG1GC -XX:MaxGCPauseMillis=200
|
||||
# Logging configuration (external logback-spring.xml)
|
||||
LOGGING_CONFIG: /app/config/logback-spring.xml
|
||||
LOG_DIR: /app/logs
|
||||
# Resource limits for backend (10GB heap + 2GB overhead for stack/metaspace)
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '4.0'
|
||||
memory: 12G
|
||||
networks:
|
||||
- honey-network
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/actuator/health/liveness"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
|
||||
backend-new:
|
||||
# This service is used during rolling updates
|
||||
# It will be started manually via deployment script
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
container_name: honey-backend-new
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
# Port 8082 is the new/standby backend during deployment (8081 is used by phpMyAdmin)
|
||||
ports:
|
||||
- "127.0.0.1:8082:8080"
|
||||
profiles:
|
||||
- rolling-update
|
||||
# Labels for rolling update management
|
||||
labels:
|
||||
- "deployment.role=standby"
|
||||
- "deployment.version=new"
|
||||
volumes:
|
||||
# Mount persistent avatar storage (absolute path for consistency)
|
||||
- /opt/app/data/avatars:/app/data/avatars
|
||||
# Mount secret configuration file (read-only)
|
||||
- /run/secrets/honey-config.properties:/run/secrets/honey-config.properties:ro
|
||||
# Mount logback config directory (editable on VPS without rebuilding)
|
||||
# Note: File must exist on host before mounting. Run setup-logging.sh first.
|
||||
- /opt/app/backend/config:/app/config:rw
|
||||
# Mount logs directory (persistent storage)
|
||||
- /opt/app/logs:/app/logs
|
||||
environment:
|
||||
# Java memory settings: 10GB heap (Xms/Xmx) + G1GC for low latency
|
||||
# -Xms: Start with 10GB (prevents resizing overhead)
|
||||
# -Xmx: Max limit 10GB
|
||||
# -XX:+UseG1GC: Use G1 garbage collector (best for large heaps)
|
||||
# -XX:MaxGCPauseMillis=200: Target max GC pause time
|
||||
JAVA_OPTS: -Xms10g -Xmx10g -XX:+UseG1GC -XX:MaxGCPauseMillis=200
|
||||
# Logging configuration (external logback-spring.xml)
|
||||
LOGGING_CONFIG: /app/config/logback-spring.xml
|
||||
LOG_DIR: /app/logs
|
||||
# Resource limits for backend (10GB heap + 2GB overhead for stack/metaspace)
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '4.0'
|
||||
memory: 12G
|
||||
networks:
|
||||
- honey-network
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/actuator/health/liveness"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
|
||||
|
||||
phpmyadmin:
|
||||
image: phpmyadmin:latest
|
||||
container_name: honey-phpmyadmin
|
||||
restart: always
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
# Expose phpMyAdmin to localhost only (Nginx will proxy it with path protection)
|
||||
ports:
|
||||
- "127.0.0.1:8081:80"
|
||||
environment:
|
||||
# Connect to MySQL service using Docker service name
|
||||
PMA_HOST: db
|
||||
PMA_PORT: 3306
|
||||
# Use the same root password as MySQL container
|
||||
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
|
||||
# Security: Set upload limit
|
||||
UPLOAD_LIMIT: 64M
|
||||
# Configure absolute URI so phpMyAdmin generates correct URLs for assets
|
||||
# This variable must be set from a secret file on the VPS (not in git)
|
||||
# Example: export PMA_ABSOLUTE_URI="https://win-spin.live/your-secret-path"
|
||||
PMA_ABSOLUTE_URI: ${PMA_ABSOLUTE_URI:-}
|
||||
# Tell phpMyAdmin it's behind a proxy using HTTPS
|
||||
PMA_SSL: "true"
|
||||
# Trust proxy headers (X-Forwarded-Proto, etc.)
|
||||
PMA_TRUSTED_PROXIES: "127.0.0.1"
|
||||
networks:
|
||||
- honey-network
|
||||
# Resource limits for phpMyAdmin
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '1.0'
|
||||
memory: 512M
|
||||
|
||||
volumes:
|
||||
mysql_data:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
honey-network:
|
||||
driver: bridge
|
||||
|
||||
Reference in New Issue
Block a user