bonfire/compose.yml

---
version: "3.8"

services:
  app:
    image: ${APP_DOCKER_IMAGE}
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "10"
    depends_on:
      - db
    environment:
      - POSTGRES_HOST=${STACK_NAME}_db
      - POSTGRES_USER=postgres
      - POSTGRES_DB=bonfire_db
      - PUBLIC_PORT=443
      - MIX_ENV=prod
      
      - HOSTNAME
      - INVITE_ONLY
      - INSTANCE_DESCRIPTION
      - DISABLE_DB_AUTOMIGRATION
      - UPLOAD_LIMIT
      - INVITE_KEY
      - LANG
      - SEEDS_USER
      - ERLANG_COOKIE
      - REPLACE_OS_VARS
      - LIVEVIEW_ENABLED
      - APP_NAME
      - PLUG_SERVER
      
      - DB_SLOW_QUERY_MS
      - DB_STATEMENT_TIMEOUT
      
      - MAIL_BACKEND
      - MAIL_DOMAIN
      - MAIL_FROM

      # for Mailgun
      - MAIL_KEY
      - MAIL_BASE_URI

      # for SMTP
      - MAIL_SERVER
      - MAIL_USER
      - MAIL_PASSWORD

      - SENTRY_DSN
      - OTEL_ENABLED
      - OTEL_SERVICE_NAME
      - OTEL_HONEYCOMB_API_KEY
      - OTEL_LIGHTSTEP_API_KEY
      
      - WEB_PUSH_SUBJECT
      - WEB_PUSH_PUBLIC_KEY
      - WEB_PUSH_PRIVATE_KEY
      
      - MAPBOX_API_KEY
      - GEOLOCATE_OPENCAGEDATA
      
      - GITHUB_TOKEN
      
      - UPLOADS_S3_BUCKET
      - UPLOADS_S3_ACCESS_KEY_ID
      - UPLOADS_S3_SECRET_ACCESS_KEY
      - UPLOADS_S3_REGION
      - UPLOADS_S3_HOST
      - UPLOADS_S3_SCHEME
      - UPLOADS_S3_URL
      
      - ORCID_CLIENT_ID
      - ORCID_CLIENT_SECRET
      
    secrets:
      - postgres_password
      - secret_key_base
      - signing_salt
      - encryption_salt
      - meili_master_key
      - seeds_pw
      - livebook_password
    volumes:
      - upload-data:/opt/app/data/uploads
    networks:
      - proxy
      - internal
    entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
        mode: 0555
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        #- "traefik.http.routers.${STACK_NAME}.middlewares=error-pages-middleware"
        #- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
    # healthcheck:
    #   test: ["CMD", "curl", "-f", "http://localhost"]
    #   interval: 30s
    #   timeout: 10s
    #   retries: 10
    #   start_period: 1m

  db:
    image: ${DB_DOCKER_IMAGE}
    environment:
      # - POSTGRES_PASSWORD
      - POSTGRES_USER=postgres
      - POSTGRES_DB=bonfire_db
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    secrets:
      - postgres_password
    volumes:
      - db-data:/var/lib/postgresql/data
      # - type: tmpfs
      #   target: /dev/shm
      #   tmpfs:
      #      size: 1096000000 # (about 1GB)
    networks:
      - internal
    # shm_size: ${DB_MEMORY_LIMIT}
    # tmpfs:
    #   - /tmp:size=${DB_MEMORY_LIMIT}
    #entrypoint: ['tail', '-f', '/dev/null'] # uncomment when the Postgres DB is corrupted and won't start


volumes:
  db-data:
  upload-data:

networks:
  proxy:
    external: true
  internal:

configs:
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  postgres_password:
    external: true
    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
  secret_key_base:
    external: true
    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
  signing_salt:
    external: true
    name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}
  encryption_salt:
    external: true
    name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}
  meili_master_key:
    external: true
    name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}
  seeds_pw:
    external: true
    name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}
  livebook_password:
    external: true
    name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}
initial draft 2022-03-08 22:24:27 +00:00			`---`
			`version: "3.8"`

			`services:`
			`app:`
improve 2022-03-30 03:38:17 +00:00			`image: ${APP_DOCKER_IMAGE}`
logging limits 2023-10-10 10:53:46 +00:00			`logging:`
			`driver: "json-file"`
			`options:`
			`max-size: "10m"`
			`max-file: "10"`
initial draft 2022-03-08 22:24:27 +00:00			`depends_on:`
			`- db`
			`environment:`
			`- POSTGRES_HOST=${STACK_NAME}_db`
			`- POSTGRES_USER=postgres`
			`- POSTGRES_DB=bonfire_db`
			`- PUBLIC_PORT=443`
add more env 2022-03-09 06:21:20 +00:00			`- MIX_ENV=prod`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
initial draft 2022-03-08 22:24:27 +00:00			`- HOSTNAME`
add more env 2022-03-09 06:21:20 +00:00			`- INVITE_ONLY`
			`- INSTANCE_DESCRIPTION`
			`- DISABLE_DB_AUTOMIGRATION`
			`- UPLOAD_LIMIT`
			`- INVITE_KEY`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00			`- LANG`
			`- SEEDS_USER`
			`- ERLANG_COOKIE`
			`- REPLACE_OS_VARS`
			`- LIVEVIEW_ENABLED`
			`- APP_NAME`
PLUG_SERVER 2022-12-09 04:21:36 +00:00			`- PLUG_SERVER`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
make meilisearch optional 2024-02-16 20:07:01 +00:00			`- DB_SLOW_QUERY_MS`
			`- DB_STATEMENT_TIMEOUT`

add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00			`- MAIL_BACKEND`
add more env 2022-03-09 06:21:20 +00:00			`- MAIL_DOMAIN`
			`- MAIL_FROM`
Cleaned up comments 2022-07-31 19:20:31 +00:00
			`# for Mailgun`
			`- MAIL_KEY`
add MAIL_BASE_URI 2022-12-02 21:09:02 +00:00			`- MAIL_BASE_URI`
Cleaned up comments 2022-07-31 19:20:31 +00:00
			`# for SMTP`
			`- MAIL_SERVER`
			`- MAIL_USER`
			`- MAIL_PASSWORD`

add more env 2022-03-09 06:21:20 +00:00			`- SENTRY_DSN`
make meilisearch optional 2024-02-16 20:07:01 +00:00			`- OTEL_ENABLED`
			`- OTEL_SERVICE_NAME`
			`- OTEL_HONEYCOMB_API_KEY`
			`- OTEL_LIGHTSTEP_API_KEY`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
add more env 2022-03-09 06:21:20 +00:00			`- WEB_PUSH_SUBJECT`
			`- WEB_PUSH_PUBLIC_KEY`
			`- WEB_PUSH_PRIVATE_KEY`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
			`- MAPBOX_API_KEY`
add more env 2022-03-09 06:21:20 +00:00			`- GEOLOCATE_OPENCAGEDATA`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
add more env 2022-03-09 06:21:20 +00:00			`- GITHUB_TOKEN`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
add s3 config 2022-06-23 10:25:30 +00:00			`- UPLOADS_S3_BUCKET`
			`- UPLOADS_S3_ACCESS_KEY_ID`
			`- UPLOADS_S3_SECRET_ACCESS_KEY`
			`- UPLOADS_S3_REGION`
			`- UPLOADS_S3_HOST`
			`- UPLOADS_S3_SCHEME`
Add env for URI 2022-07-12 03:26:22 +00:00			`- UPLOADS_S3_URL`
add MAPBOX_API_KEY 2022-09-30 02:27:00 +00:00
misc 2024-04-01 17:57:17 +00:00			`- ORCID_CLIENT_ID`
			`- ORCID_CLIENT_SECRET`

Cleaned up comments 2022-07-31 19:20:31 +00:00			`secrets:`
all secrets 2022-03-09 02:16:28 +00:00			`- postgres_password`
			`- secret_key_base`
			`- signing_salt`
			`- encryption_salt`
			`- meili_master_key`
			`- seeds_pw`
			`- livebook_password`
initial draft 2022-03-08 22:24:27 +00:00			`volumes:`
			`- upload-data:/opt/app/data/uploads`
			`networks:`
			`- proxy`
			`- internal`
first working version :) 2022-03-09 05:36:53 +00:00			`entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]`
entrypoint for env vars 2022-03-09 02:36:58 +00:00			`configs:`
			`- source: app_entrypoint`
			`target: /docker-entrypoint.sh`
			`mode: 0555`
initial draft 2022-03-08 22:24:27 +00:00			`deploy:`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- "traefik.enable=true"`
first working version :) 2022-03-09 05:36:53 +00:00			`- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"`
domain and db pw 2022-03-08 22:30:50 +00:00			- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
initial draft 2022-03-08 22:24:27 +00:00			`- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"`
			`- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"`
env 2023-06-16 19:07:51 +00:00			`#- "traefik.http.routers.${STACK_NAME}.middlewares=error-pages-middleware"`
			`#- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"`
domain and db pw 2022-03-08 22:30:50 +00:00			`## Redirect from EXTRA_DOMAINS to DOMAIN`
initial draft 2022-03-08 22:24:27 +00:00			`#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"`
			`#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"`
domain and db pw 2022-03-08 22:30:50 +00:00			`#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"`
initial draft 2022-03-08 22:24:27 +00:00			`# healthcheck:`
			`# test: ["CMD", "curl", "-f", "http://localhost"]`
			`# interval: 30s`
			`# timeout: 10s`
			`# retries: 10`
			`# start_period: 1m`

			`db:`
			`image: ${DB_DOCKER_IMAGE}`
			`environment:`
			`# - POSTGRES_PASSWORD`
			`- POSTGRES_USER=postgres`
			`- POSTGRES_DB=bonfire_db`
all secrets 2022-03-09 02:16:28 +00:00			`- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password`
Cleaned up comments 2022-07-31 19:20:31 +00:00			`secrets:`
all secrets 2022-03-09 02:16:28 +00:00			`- postgres_password`
			`volumes:`
			`- db-data:/var/lib/postgresql/data`
env 2023-06-16 19:07:51 +00:00			`# - type: tmpfs`
			`# target: /dev/shm`
			`# tmpfs:`
			`# size: 1096000000 # (about 1GB)`
initial draft 2022-03-08 22:24:27 +00:00			`networks:`
			`- internal`
env 2023-06-16 19:07:51 +00:00			`# shm_size: ${DB_MEMORY_LIMIT}`
			`# tmpfs:`
			`# - /tmp:size=${DB_MEMORY_LIMIT}`
docker images 2023-07-31 19:03:54 +00:00			`#entrypoint: ['tail', '-f', '/dev/null'] # uncomment when the Postgres DB is corrupted and won't start`
Cleaned up comments 2022-07-31 19:20:31 +00:00
initial draft 2022-03-08 22:24:27 +00:00
			`volumes:`
			`db-data:`
			`upload-data:`

			`networks:`
			`proxy:`
			`external: true`
			`internal:`

entrypoint for env vars 2022-03-09 02:36:58 +00:00			`configs:`
			`app_entrypoint:`
			`name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}`
			`file: entrypoint.sh.tmpl`
			`template_driver: golang`

initial draft 2022-03-08 22:24:27 +00:00			`secrets:`
case matters 2022-03-08 22:40:51 +00:00			`postgres_password:`
initial draft 2022-03-08 22:24:27 +00:00			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}`
all secrets 2022-03-09 02:16:28 +00:00			`secret_key_base:`
			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}`
all secrets 2022-03-09 02:16:28 +00:00			`signing_salt:`
			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}`
all secrets 2022-03-09 02:16:28 +00:00			`encryption_salt:`
			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}`
all secrets 2022-03-09 02:16:28 +00:00			`meili_master_key:`
			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}`
all secrets 2022-03-09 02:16:28 +00:00			`seeds_pw:`
			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}`
all secrets 2022-03-09 02:16:28 +00:00			`livebook_password:`
			`external: true`
first working version :) 2022-03-09 05:36:53 +00:00			`name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}`