services:
sockudo:
environment:
- RUST_LOG=info,sockudo=info
- DEBUG=false
- SSL_ENABLED=true
- SSL_CERT_PATH=/app/ssl/fullchain.pem
- SSL_KEY_PATH=/app/ssl/privkey.pem
- SSL_REDIRECT_HTTP=true
- SSL_HTTP_PORT=80
- SOCKUDO_DEFAULT_APP_ENABLED=false
ports:
- "80:80" - "443:6001" - "9601:9601"
deploy:
resources:
limits:
memory: 1G
cpus: "2.0"
reservations:
memory: 512M
cpus: "1.0"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
volumes:
- ./config:/app/config:ro
- ./logs:/app/logs
- ./ssl:/app/ssl:ro
- /etc/letsencrypt/live/${DOMAIN:-localhost}:/app/ssl:ro
healthcheck:
test: ["CMD", "curl", "-f", "-k", "https://localhost:6001/up/health"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
redis:
command: >
sh -c "
redis-server
--requirepass $${REDIS_PASSWORD}
--appendonly yes
--appendfsync everysec
--maxmemory 512mb
--maxmemory-policy allkeys-lru
--save 900 1
--save 300 10
--save 60 10000
--tcp-keepalive 60
--timeout 0
"
ports: []
deploy:
resources:
limits:
memory: 512M
cpus: "1.0"
reservations:
memory: 256M
cpus: "0.5"
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
mysql:
image: mysql:8.0
container_name: sockudo-mysql-prod
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=sockudo
- MYSQL_USER=sockudo
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
ports: []
command: >
--default-authentication-plugin=mysql_native_password
--innodb-buffer-pool-size=256M
--innodb-log-file-size=64M
--innodb-flush-log-at-trx-commit=2
--max-connections=200
--thread-cache-size=16
--query-cache-size=32M
--query-cache-type=1
--slow-query-log=1
--long-query-time=2
volumes:
- mysql-data:/var/lib/mysql
- ./sql/init-prod.sql:/docker-entrypoint-initdb.d/init.sql:ro
- ./mysql/conf.d:/etc/mysql/conf.d:ro
deploy:
resources:
limits:
memory: 1G
cpus: "2.0"
reservations:
memory: 512M
cpus: "1.0"
healthcheck:
test:
[
"CMD",
"mysqladmin",
"ping",
"-h",
"localhost",
"-u",
"sockudo",
"-p${MYSQL_PASSWORD}",
]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
networks:
- sockudo-network
prometheus:
image: prom/prometheus:latest
container_name: sockudo-prometheus-prod
restart: unless-stopped
ports:
- "9090:9090"
volumes:
- ./monitoring/prometheus-prod.yml:/etc/prometheus/prometheus.yml:ro
- ./monitoring/rules:/etc/prometheus/rules:ro
- prometheus-data:/prometheus
command:
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus"
- "--web.console.libraries=/etc/prometheus/console_libraries"
- "--web.console.templates=/etc/prometheus/consoles"
- "--storage.tsdb.retention.time=30d"
- "--web.enable-lifecycle"
- "--web.enable-admin-api"
deploy:
resources:
limits:
memory: 512M
cpus: "1.0"
networks:
- sockudo-network
grafana:
image: grafana/grafana:latest
container_name: sockudo-grafana-prod
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SECURITY_DISABLE_GRAVATAR=true
- GF_ANALYTICS_REPORTING_ENABLED=false
- GF_INSTALL_PLUGINS=grafana-piechart-panel
ports:
- "3000:3000"
volumes:
- grafana-data:/var/lib/grafana
- ./monitoring/grafana/dashboards:/etc/grafana/provisioning/dashboards:ro
- ./monitoring/grafana/datasources:/etc/grafana/provisioning/datasources:ro
deploy:
resources:
limits:
memory: 256M
cpus: "0.5"
networks:
- sockudo-network
nginx:
image: nginx:alpine
container_name: sockudo-nginx-prod
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx-prod.conf:/etc/nginx/nginx.conf:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
- /etc/letsencrypt:/etc/letsencrypt:ro
depends_on:
- sockudo
deploy:
resources:
limits:
memory: 128M
cpus: "0.5"
healthcheck:
test:
[
"CMD",
"wget",
"--quiet",
"--tries=1",
"--spider",
"http://localhost/health",
]
interval: 30s
timeout: 10s
retries: 3
networks:
- sockudo-network
volumes:
mysql-data:
driver: local
prometheus-data:
driver: local
grafana-data:
driver: local
networks:
sockudo-network:
driver: bridge