61 lines
1.8 KiB
YAML
61 lines
1.8 KiB
YAML
services:
|
|
app:
|
|
image: mitgliederverwaltung:latest
|
|
container_name: mv-prod-app
|
|
ports:
|
|
- "4001:4001"
|
|
environment:
|
|
# Database configuration using separate variables
|
|
# Use Docker service name for internal networking
|
|
DATABASE_HOST: "db-prod"
|
|
DATABASE_PORT: "5432"
|
|
DATABASE_USER: "postgres"
|
|
DATABASE_NAME: "mv_prod"
|
|
DATABASE_PASSWORD_FILE: "/run/secrets/db_password"
|
|
# Phoenix secrets via Docker secrets
|
|
SECRET_KEY_BASE_FILE: "/run/secrets/secret_key_base"
|
|
TOKEN_SIGNING_SECRET_FILE: "/run/secrets/token_signing_secret"
|
|
PHX_HOST: "${PHX_HOST:-localhost}"
|
|
PORT: "4001"
|
|
PHX_SERVER: "true"
|
|
# Rauthy OIDC config - use host.docker.internal to reach host services
|
|
OIDC_CLIENT_ID: "mv"
|
|
OIDC_BASE_URL: "http://host.docker.internal:8080/auth/v1"
|
|
OIDC_CLIENT_SECRET_FILE: "/run/secrets/oidc_client_secret"
|
|
OIDC_REDIRECT_URI: "http://localhost:4001/auth/user/rauthy/callback"
|
|
secrets:
|
|
- db_password
|
|
- secret_key_base
|
|
- token_signing_secret
|
|
- oidc_client_secret
|
|
depends_on:
|
|
- db-prod
|
|
restart: unless-stopped
|
|
|
|
db-prod:
|
|
image: postgres:16-alpine
|
|
container_name: mv-prod-db
|
|
environment:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
|
POSTGRES_DB: mv_prod
|
|
secrets:
|
|
- db_password
|
|
volumes:
|
|
- postgres_data_prod:/var/lib/postgresql/data
|
|
ports:
|
|
- "5001:5432"
|
|
restart: unless-stopped
|
|
|
|
secrets:
|
|
db_password:
|
|
file: ./secrets/db_password.txt
|
|
secret_key_base:
|
|
file: ./secrets/secret_key_base.txt
|
|
token_signing_secret:
|
|
file: ./secrets/token_signing_secret.txt
|
|
oidc_client_secret:
|
|
file: ./secrets/oidc_client_secret.txt
|
|
|
|
volumes:
|
|
postgres_data_prod:
|