Phil Skentelbery
c559f89a7f
Implements Phase 5 containerization specification: - Add /health endpoint for container monitoring - Create multi-stage Containerfile (Podman/Docker compatible) - Add compose.yaml for orchestration - Add Caddyfile.example for reverse proxy (auto-HTTPS) - Add nginx.conf.example as alternative - Update .env.example with container and RSS feed variables - Add gunicorn WSGI server to requirements.txt Container features: - Multi-stage build for smaller image size - Non-root user (starpunk:1000) - Health check with database connectivity test - Volume mount for data persistence - Resource limits and logging configuration - Security headers and HTTPS configuration examples Health check endpoint: - Tests database connectivity - Verifies filesystem access - Returns JSON with status, version, and environment Following Phase 5 design in docs/designs/phase-5-rss-and-container.md
108 lines
2.5 KiB
YAML
108 lines
2.5 KiB
YAML
# StarPunk Container Composition
|
|
# Podman Compose and Docker Compose compatible
|
|
#
|
|
# Usage:
|
|
# podman-compose up -d # Start in background
|
|
# podman-compose logs -f # Follow logs
|
|
# podman-compose down # Stop and remove
|
|
#
|
|
# Docker:
|
|
# docker compose up -d
|
|
# docker compose logs -f
|
|
# docker compose down
|
|
|
|
version: '3.8'
|
|
|
|
services:
|
|
starpunk:
|
|
# Container configuration
|
|
image: starpunk:0.6.0
|
|
container_name: starpunk
|
|
|
|
# Build configuration
|
|
build:
|
|
context: .
|
|
dockerfile: Containerfile
|
|
|
|
# Restart policy - always restart unless explicitly stopped
|
|
restart: unless-stopped
|
|
|
|
# Port mapping
|
|
# Only expose to localhost for security (reverse proxy handles external access)
|
|
ports:
|
|
- "127.0.0.1:8000:8000"
|
|
|
|
# Environment variables
|
|
# Load from .env file in project root
|
|
env_file:
|
|
- .env
|
|
|
|
# Override specific environment variables for container
|
|
environment:
|
|
# Flask configuration
|
|
- FLASK_APP=app.py
|
|
- FLASK_ENV=production
|
|
- FLASK_DEBUG=0
|
|
|
|
# Data paths (container internal)
|
|
- DATA_PATH=/data
|
|
- NOTES_PATH=/data/notes
|
|
- DATABASE_PATH=/data/starpunk.db
|
|
|
|
# Application metadata
|
|
- VERSION=0.6.0
|
|
- ENVIRONMENT=production
|
|
|
|
# Volume mounts for persistent data
|
|
# All application data stored in ./container-data on host
|
|
volumes:
|
|
- ./container-data:/data:rw
|
|
# Note: Use :Z suffix for SELinux systems (Fedora, RHEL, CentOS)
|
|
# - ./container-data:/data:rw,Z
|
|
|
|
# Health check configuration
|
|
healthcheck:
|
|
test: ["CMD", "python3", "-c", "import httpx; httpx.get('http://localhost:8000/health', timeout=2.0)"]
|
|
interval: 30s
|
|
timeout: 3s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
# Resource limits (optional but recommended)
|
|
# Adjust based on your server capacity
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.0'
|
|
memory: 512M
|
|
reservations:
|
|
cpus: '0.25'
|
|
memory: 128M
|
|
|
|
# Logging configuration
|
|
# Rotate logs to prevent disk space issues
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# Network configuration
|
|
networks:
|
|
- starpunk-net
|
|
|
|
# Network definition
|
|
networks:
|
|
starpunk-net:
|
|
driver: bridge
|
|
# Optional: specify subnet for predictable IPs
|
|
# ipam:
|
|
# config:
|
|
# - subnet: 172.20.0.0/16
|
|
|
|
# Optional: Named volumes for data persistence
|
|
# Uncomment if you prefer named volumes over bind mounts
|
|
# volumes:
|
|
# starpunk-data:
|
|
# driver: local
|