194 lines
6.9 KiB
YAML
194 lines
6.9 KiB
YAML
version: "3.9"
|
|
|
|
services:
|
|
db:
|
|
image: mysql:8.0
|
|
container_name: honey-mysql
|
|
restart: always
|
|
# Database credentials are read from the secret file via backend container
|
|
# The backend will construct the connection URL from SPRING_DATASOURCE_* properties
|
|
# For MySQL container, we need to set these via environment or use a separate secret
|
|
# Option 1: Use environment variables (for MySQL container only)
|
|
# Note: MYSQL_USER cannot be "root" - root user is configured via MYSQL_ROOT_PASSWORD only
|
|
environment:
|
|
MYSQL_DATABASE: honey_db
|
|
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
|
|
# Option 2: Mount secret file and read values (more secure)
|
|
# This requires parsing the secret file or using a script
|
|
# For simplicity, we'll use environment variables for MySQL container
|
|
# The secret file is primarily for the backend application
|
|
# Do NOT expose MySQL port to host - only accessible within Docker network
|
|
# ports:
|
|
# - "3306:3306"
|
|
volumes:
|
|
- mysql_data:/var/lib/mysql
|
|
# Mount MySQL performance configuration (created on VPS at /opt/app/mysql/conf/my.cnf)
|
|
- /opt/app/mysql/conf/my.cnf:/etc/mysql/conf.d/my.cnf:ro
|
|
# Resource limits for MySQL (16GB buffer pool + 2GB overhead)
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '2.0'
|
|
memory: 18G
|
|
healthcheck:
|
|
# Use shell to access environment variable (Docker Compose doesn't interpolate in healthcheck arrays)
|
|
test: ["CMD-SHELL", "mysqladmin ping -h localhost -u root -p$$MYSQL_ROOT_PASSWORD || exit 1"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- honey-network
|
|
|
|
backend:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: honey-backend
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
# Expose backend port to localhost only (for Nginx on host to access)
|
|
# This is safe - only accessible from the host, not from internet
|
|
# Port 8080 is the primary/active backend
|
|
ports:
|
|
- "127.0.0.1:8080:8080"
|
|
# Labels for rolling update management
|
|
labels:
|
|
- "deployment.role=primary"
|
|
- "deployment.version=current"
|
|
volumes:
|
|
# Mount persistent avatar storage (absolute path for consistency)
|
|
- /opt/app/data/avatars:/app/data/avatars
|
|
# Mount secret configuration file (read-only)
|
|
- /run/secrets/honey-config.properties:/run/secrets/honey-config.properties:ro
|
|
# Mount logback config directory (editable on VPS without rebuilding)
|
|
# Note: File must exist on host before mounting. Run setup-logging.sh first.
|
|
- /opt/app/backend/config:/app/config:rw
|
|
# Mount logs directory (persistent storage)
|
|
- /opt/app/logs:/app/logs
|
|
environment:
|
|
# Java memory settings: 10GB heap (Xms/Xmx) + G1GC for low latency
|
|
# -Xms: Start with 10GB (prevents resizing overhead)
|
|
# -Xmx: Max limit 10GB
|
|
# -XX:+UseG1GC: Use G1 garbage collector (best for large heaps)
|
|
# -XX:MaxGCPauseMillis=200: Target max GC pause time
|
|
JAVA_OPTS: -Xms10g -Xmx10g -XX:+UseG1GC -XX:MaxGCPauseMillis=200
|
|
# Logging configuration (external logback-spring.xml)
|
|
LOGGING_CONFIG: /app/config/logback-spring.xml
|
|
LOG_DIR: /app/logs
|
|
# Resource limits for backend (10GB heap + 2GB overhead for stack/metaspace)
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '4.0'
|
|
memory: 12G
|
|
networks:
|
|
- honey-network
|
|
restart: always
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/actuator/health/liveness"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
|
|
backend-new:
|
|
# This service is used during rolling updates
|
|
# It will be started manually via deployment script
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: honey-backend-new
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
# Port 8082 is the new/standby backend during deployment (8081 is used by phpMyAdmin)
|
|
ports:
|
|
- "127.0.0.1:8082:8080"
|
|
profiles:
|
|
- rolling-update
|
|
# Labels for rolling update management
|
|
labels:
|
|
- "deployment.role=standby"
|
|
- "deployment.version=new"
|
|
volumes:
|
|
# Mount persistent avatar storage (absolute path for consistency)
|
|
- /opt/app/data/avatars:/app/data/avatars
|
|
# Mount secret configuration file (read-only)
|
|
- /run/secrets/honey-config.properties:/run/secrets/honey-config.properties:ro
|
|
# Mount logback config directory (editable on VPS without rebuilding)
|
|
# Note: File must exist on host before mounting. Run setup-logging.sh first.
|
|
- /opt/app/backend/config:/app/config:rw
|
|
# Mount logs directory (persistent storage)
|
|
- /opt/app/logs:/app/logs
|
|
environment:
|
|
# Java memory settings: 10GB heap (Xms/Xmx) + G1GC for low latency
|
|
# -Xms: Start with 10GB (prevents resizing overhead)
|
|
# -Xmx: Max limit 10GB
|
|
# -XX:+UseG1GC: Use G1 garbage collector (best for large heaps)
|
|
# -XX:MaxGCPauseMillis=200: Target max GC pause time
|
|
JAVA_OPTS: -Xms10g -Xmx10g -XX:+UseG1GC -XX:MaxGCPauseMillis=200
|
|
# Logging configuration (external logback-spring.xml)
|
|
LOGGING_CONFIG: /app/config/logback-spring.xml
|
|
LOG_DIR: /app/logs
|
|
# Resource limits for backend (10GB heap + 2GB overhead for stack/metaspace)
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '4.0'
|
|
memory: 12G
|
|
networks:
|
|
- honey-network
|
|
restart: always
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/actuator/health/liveness"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
|
|
|
|
phpmyadmin:
|
|
image: phpmyadmin:latest
|
|
container_name: honey-phpmyadmin
|
|
restart: always
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
# Expose phpMyAdmin to localhost only (Nginx will proxy it with path protection)
|
|
ports:
|
|
- "127.0.0.1:8081:80"
|
|
environment:
|
|
# Connect to MySQL service using Docker service name
|
|
PMA_HOST: db
|
|
PMA_PORT: 3306
|
|
# Use the same root password as MySQL container
|
|
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
|
|
# Security: Set upload limit
|
|
UPLOAD_LIMIT: 64M
|
|
# Configure absolute URI so phpMyAdmin generates correct URLs for assets
|
|
# This variable must be set from a secret file on the VPS (not in git)
|
|
# Example: export PMA_ABSOLUTE_URI="https://win-spin.live/your-secret-path"
|
|
PMA_ABSOLUTE_URI: ${PMA_ABSOLUTE_URI:-}
|
|
# Tell phpMyAdmin it's behind a proxy using HTTPS
|
|
PMA_SSL: "true"
|
|
# Trust proxy headers (X-Forwarded-Proto, etc.)
|
|
PMA_TRUSTED_PROXIES: "127.0.0.1"
|
|
networks:
|
|
- honey-network
|
|
# Resource limits for phpMyAdmin
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.0'
|
|
memory: 512M
|
|
|
|
volumes:
|
|
mysql_data:
|
|
driver: local
|
|
|
|
networks:
|
|
honey-network:
|
|
driver: bridge
|
|
|