Phil Skentelbery
01dcaba86b
Complete containerized deployment system with Docker/Podman support. Key features: - Multi-stage Dockerfile with Python 3.11-slim base - Docker Compose configurations for production and development - Nginx reverse proxy with security headers and rate limiting - Systemd service units for Docker, Podman, and docker-compose - Backup/restore scripts with integrity verification - Podman compatibility (ADR-009) All tests pass including Podman verification testing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
version: '3.8'
|
|
|
|
# Gondulf Production Configuration - nginx Reverse Proxy with TLS
|
|
# Usage: podman-compose -f docker-compose.yml -f docker-compose.production.yml up -d
|
|
# Or: docker-compose -f docker-compose.yml -f docker-compose.production.yml up -d
|
|
|
|
services:
|
|
gondulf:
|
|
# Remove direct port exposure in production (nginx handles external access)
|
|
ports: []
|
|
|
|
# Production environment settings
|
|
environment:
|
|
- GONDULF_HTTPS_REDIRECT=true
|
|
- GONDULF_SECURE_COOKIES=true
|
|
- GONDULF_TRUST_PROXY=true
|
|
- GONDULF_DEBUG=false
|
|
- GONDULF_LOG_LEVEL=INFO
|
|
|
|
nginx:
|
|
image: nginx:1.25-alpine
|
|
container_name: gondulf_nginx
|
|
restart: unless-stopped
|
|
|
|
# External ports
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
|
|
# Configuration and SSL certificates
|
|
volumes:
|
|
- ./deployment/nginx/conf.d:/etc/nginx/conf.d:ro
|
|
- ./deployment/nginx/ssl:/etc/nginx/ssl:ro
|
|
# Optional: Let's Encrypt challenge directory
|
|
# - ./deployment/nginx/certbot:/var/www/certbot:ro
|
|
|
|
# Wait for Gondulf to be healthy
|
|
depends_on:
|
|
gondulf:
|
|
condition: service_healthy
|
|
|
|
networks:
|
|
- gondulf_network
|
|
|
|
# nginx health check
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 5s
|