docker-compose.prod.yml

version: '3.4'

# envs https://medium.com/softonic-eng/docker-compose-from-development-to-production-88000124a57c

services:

  ingress:
    image: nginx
    network_mode: host
    volumes:
      - ./docker/nginx/config:/etc/nginx/conf.d
      - ./docker/nginx/ssl:/etc/nginx/ssl
      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf

  postgis:
    image: postgis/postgis:15-3.4-alpine
    container_name: postgis
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    expose:
      - 5433
    ports:
      - "5433:5432"
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - postgis

  feedless-agent:
    image: damoeb/feedless:agent-latest
#    deploy:
#      replicas: 2
    security_opt:
      - seccomp=./chrome.json
    restart: unless-stopped
    environment:
      - APP_EMAIL=${APP_ROOT_EMAIL}
      - APP_SECRET_KEY=${APP_ROOT_SECRET_KEY}
      - APP_HOST=feedless-core:8080
      - APP_PRERENDER_TIMEOUT_MILLIS=${APP_PRERENDER_TIMEOUT_MILLIS}
      - APP_HOST=feedless-core:8080
      - APP_SECURE=false
    logging:
      driver: json-file
      options:
        max-size: 10m
    ports:
      - "3000:3000"
#    healthcheck:
#      test: curl -f https://localhost:3000 || exit 1
    networks:
      - puppeteer
      - monitoring

  feedless-app:
    image: damoeb/feedless:app-latest
    restart: unless-stopped
    volumes:
      - ./docker/app-config.json:/usr/share/nginx/html/config.json
    ports:
      - "4200:80"

  feedless-core:
    image: damoeb/feedless:core-latest
    restart: unless-stopped
    healthcheck:
      test: curl -f http://localhost:8080
      interval: 60s
      timeout: 10s
      retries: 10
    depends_on:
      - postgis
    ports:
      - "8082:8080"
    volumes:
      - ./feedless.pem:/usr/feedless/feedless.pem
      - ./debug/:/usr/feedless/debug/ # heap dump directory
    env_file:
      - .env
    environment:
      - APP_DATABASE_URL=jdbc:postgresql://postgis:5432/${POSTGRES_DB}
      - APP_ACTIVE_PROFILES=saas
      - APP_PEM_FILE=./feedless.pem
      - APP_WHITELISTED_HOSTS=feedless-core,172.26.0.1
      - AUTH_TOKEN_ANONYMOUS_VALIDFORDAYS=3
      - app.cors.allowedOrigins=https://feedless.org
      - APP_PLAUSIBLE_URL=http://plausible:8000
    networks:
      - postgis
      - monitoring
      - puppeteer

  loki:
    image: grafana/loki:2.5.0
    volumes:
      - ./docker/loki:/etc/loki
    ports:
      - "3100:3100"
    command: -config.file=/etc/loki/loki.yml
    networks:
      - monitoring

  prometheus:
    image: prom/prometheus
    environment:
      - APP_ACTUATOR_PASSWORD=${APP_ACTUATOR_PASSWORD}
    volumes:
      - ./docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
    ports:
      - "9090:9090"
    networks:
      - monitoring

  grafana:
    image: grafana/grafana:latest
    ports:
      - "3000:3000"
    networks:
      - monitoring

  plausible_db:
    # Plausible v2.1.1 was tested against PostgreSQL versions 15 and 16
    # https://github.com/plausible/analytics/blob/v2.1.1/.github/workflows/elixir.yml#L21-L32
    image: postgres:16-alpine
    restart: always
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=postgres
    networks:
      - monitoring

  plausible_events_db:
    image: clickhouse/clickhouse-server:24.3.3.102-alpine
    restart: always
    volumes:
      - event-data:/var/lib/clickhouse
      - event-logs:/var/log/clickhouse-server
      - ./plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
      - ./plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
    ulimits:
      nofile:
        soft: 262144
        hard: 262144
    networks:
      - monitoring


  plausible:
    image: ghcr.io/plausible/community-edition:v2.1.1
    restart: always
    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
    depends_on:
      - plausible_db
      - plausible_events_db
    ports:
      - 8088:8000
    env_file:
      - docker/plausible/plausible-conf.env
    networks:
      - monitoring

volumes:
  db-data:
    driver: local
  event-data:
    driver: local
  event-logs:
    driver: local


secrets:
  TOKEN_SECRET:
    file: ./tokenSecret.txt

networks:
  postgis:
    driver: bridge
  monitoring:
    driver: bridge