Enhance the production compose file

[TheFrenchGhosty]

Follow up to #160 (comment)

Related to iv-org/invidious#2917 (wait for both to be ready - so that we can merge them at the same time)

Massively enhance the production compose:

• Make the production and development compose use the same (sane and clean) bases
• Change the restart policy for unless-stopped since always is bad practice
• Remove the network (that's completely useless)
• Remove the resources limiters (that's not really useful, and users should only use it if they need to)
• Remove the willfarrell/autoheal container: we can't vouch for it's usefulness, and its security (it has access to the docker socket, which is a massive security risk)
• Bump the postgres version to 14 since it's the latest and 10 EOL in 8 months and move to an Alpine-based Postgres image
• Layout change (service then DB)
• Enforce a container_name Edit: Enhance the production compose file #200 (comment)

It has been tested, and it's working

[unixfox]

• Don't advertise postgresql with alpine, it is known to have some issues. I can't find the github issue again but I remember it was better to use the more wide spread debian alternative for postgres docker image.
• willfarrell/autoheal is still useful for automatically restarting invidious in case of errors. I don't think we should remove it until we have a solution/replacement.

Also maybe we could add a comment for the ARM64 image like this:

invidious:
    #image: quay.io/invidious/invidious:latest-arm64 # for ARM - raspberry pi
    image: quay.io/invidious/invidious:latest

[TheFrenchGhosty]

@unixfox

Don't advertise postgresql with alpine, it is known to have some issues. I can't find the github issue again but I remember it was better to use the more wide spread debian alternative for postgres docker image.

It's what Nextcloud recommends: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml#L5

Also, after reading https://hub.docker.com/_/postgres/ they just warn that postgres on alpine has less features... that we don't use. It that really a problem? It saves a good amount of space, and doesn't break anything.

willfarrell/autoheal is still useful for automatically restarting invidious in case of errors. I don't think we should remove it until we have a solution/replacement.

As I said: "we can't vouch for it's usefulness, and its security (it has access to the docker socket, which is a massive security risk)", users can use it, but we shouldn't "enforce" or endorse it in any way.

[unixfox]

@unixfox

Don't advertise postgresql with alpine, it is known to have some issues. I can't find the github issue again but I remember it was better to use the more wide spread debian alternative for postgres docker image.

It's what Nextcloud recommends: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml#L5

Also, after reading hub.docker.com/_/postgres they just warn that postgres on alpine has less features... that we don't use. It that really a problem? It saves a good amount of space, and doesn't break anything.

I can't find the issue again on invidious but I remember that it was causing some issues. I'll search again.

willfarrell/autoheal is still useful for automatically restarting invidious in case of errors. I don't think we should remove it until we have a solution/replacement.

As I said: "we can't vouch for it's usefulness, and its security (it has access to the docker socket, which is a massive security risk)", users can use it, but we shouldn't "enforce" or endorse it in any way.

Comment it then? I don't exactly know how to recommend but not having it by default.

[TheFrenchGhosty]

Comment it then? I don't exactly know how to recommend but not having it by default.

Does it actual do anything compared to just the healthcheck though? Does it provides anything?

[unixfox]

Comment it then? I don't exactly know how to recommend but not having it by default.

Does it actual do anything compared to just the healthcheck though? Does it provides anything?

It restarts the container if the healthcheck fails.

[TheFrenchGhosty]

@unixfox

I can't find the issue again on invidious but I remember that it was causing some issues. I'll search again.

Did you find anything? What should I do? Stay on an Alpine image, or not risk anything and go back to the Debian one?

---

About willfarrell/autoheal:

After this PR is merged, I want to do some more minor changes to the document, so I'll mention that it can be used (this is out of scope for this PR)

[SamantazFox]

Did you find anything? What should I do? Stay on an Alpine image, or not risk anything and go back to the Debian one?

I think we should stay on debian for the moment (and maybe use postgres 13 rather than 14, as 13 is what's currently available on debian stable).

Also, I'm not sure that the ~130M image will do much against the gigabyte or two that our DB can take. And that's a compose file aimed at "noobs" anyway (more experienced people will edit it as they see fit).

[TheFrenchGhosty]

@SamantazFox

maybe use postgres 13 rather than 14, as 13 is what's currently available on debian stable

It really doesn't matters what ships on a distro for docker, 14 is the latest, so we should definitely go for it.

Also, I'm not sure that the ~130M image will do much against the gigabyte or two that our DB can take. And that's a compose file aimed at "noobs" anyway (more experienced people will edit it as they see fit).

Fair, let's go back to a Debian one then.

[unixfox]

I can't find the issue, but I just remembered, basically it was something like that:
If you use the docker postgresql alpine you won't be able to convert it straight into a classic postgresql on debian/ubuntu by copying the postgres folder due to the incompatibilities with musl and glibc. And the same issue occurs if you want to convert a classic postgresql from debian/ubuntu to docker postgresql alpine.

Obviously, you can do a pg_dump from the source database then import it back from the .sql but sometimes just copying the entire postgresql data folder is faster and you keep everything including the permissions.

Also related to #201, if we create a tutorial to upgrade postgresql on docker, I'm not sure if we can easily upgrade a docker postgres 10 with debian to a docker postgres 14 with alpine.
The "PoC" made by one of the maintainer of the postgres docker image is only for debian it seems like: https://github.com/tianon/docker-postgres-upgrade

[TheFrenchGhosty]

@unixfox That's a good point indeed!

PRs ready to merge then, unless you have any objection.