mirrors/at-container-registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
test
at-container-registry/deploy/docker-compose.prod.yml
Evan Jarrett 2d720e4154 remove extra docker volume in prod
2025-10-31 21:06:11 -05:00

201 lines
6.0 KiB
YAML
Raw Permalink Blame History

# ATCR Production Deployment with Caddy
# For UpCloud Rocky Linux deployment
#
# Usage:
# 1. Copy .env.prod.template to .env and fill in your values
# 2. docker compose -f deploy/docker-compose.prod.yml up -d
#
# Domains:
# - atcr.io → AppView (registry API + web UI)
# - hold01.atcr.io → Hold service (presigned URL generator)
# - blobs.atcr.io → S3 object storage (CNAME to UpCloud S3)
services:
caddy:
image: caddy:2-alpine
container_name: atcr-caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp" # HTTP/3
environment:
APPVIEW_DOMAIN: ${APPVIEW_DOMAIN:-atcr.io}
HOLD_DOMAIN: ${HOLD_DOMAIN:-hold01.atcr.io}
volumes:
- caddy_data:/data
- caddy_config:/config
configs:
- source: caddyfile
target: /etc/caddy/Caddyfile
networks:
- atcr-network
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:2019/metrics"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
atcr-appview:
build:
context: ..
dockerfile: Dockerfile.appview
image: atcr-appview:latest
container_name: atcr-appview
restart: unless-stopped
environment:
# Server configuration
ATCR_HTTP_ADDR: :5000
ATCR_BASE_URL: https://${APPVIEW_DOMAIN:-atcr.io}
ATCR_SERVICE_NAME: ${APPVIEW_DOMAIN:-atcr.io}
# Storage configuration (derived from HOLD_DOMAIN)
ATCR_DEFAULT_HOLD_DID: ${ATCR_DEFAULT_HOLD_DID:-did:web:${HOLD_DOMAIN:-hold01.atcr.io}}
# Authentication
ATCR_AUTH_KEY_PATH: /var/lib/atcr/auth/private-key.pem
ATCR_AUTH_CERT_PATH: /var/lib/atcr/auth/private-key.crt
ATCR_TOKEN_EXPIRATION: ${ATCR_TOKEN_EXPIRATION:-300}
# UI configuration
ATCR_UI_ENABLED: ${ATCR_UI_ENABLED:-true}
ATCR_UI_DATABASE_PATH: /var/lib/atcr/ui.db
# Logging
ATCR_LOG_LEVEL: ${ATCR_LOG_LEVEL:-info}
ATCR_LOG_FORMATTER: ${ATCR_LOG_FORMATTER:-text}
# Jetstream configuration
JETSTREAM_URL: ${JETSTREAM_URL:-wss://jetstream2.us-west.bsky.network/subscribe}
ATCR_BACKFILL_ENABLED: ${ATCR_BACKFILL_ENABLED:-true}
ATCR_RELAY_ENDPOINT: ${ATCR_RELAY_ENDPOINT:-https://relay1.us-east.bsky.network}
ATCR_BACKFILL_INTERVAL: ${ATCR_BACKFILL_INTERVAL:-1h}
volumes:
# Persistent data: auth keys, UI database, OAuth tokens, Jetstream cache
- atcr-appview-data:/var/lib/atcr
networks:
- atcr-network
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/v2/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
atcr-hold:
build:
context: ..
dockerfile: Dockerfile.hold
image: atcr-hold:latest
container_name: atcr-hold
restart: unless-stopped
environment:
# Hold service configuration (derived from HOLD_DOMAIN)
HOLD_PUBLIC_URL: ${HOLD_PUBLIC_URL:-https://${HOLD_DOMAIN:-hold01.atcr.io}}
HOLD_SERVER_ADDR: :8080
HOLD_ALLOW_ALL_CREW: ${HOLD_ALLOW_ALL_CREW:-false}
HOLD_PUBLIC: ${HOLD_PUBLIC:-false}
HOLD_OWNER: ${HOLD_OWNER:-}
HOLD_BLUESKY_POSTS_ENABLED: ${HOLD_BLUESKY_POSTS_ENABLED:-true}
# Embedded PDS configuration
HOLD_DATABASE_DIR: ${HOLD_DATABASE_DIR:-/var/lib/atcr-hold}
# HOLD_KEY_PATH: ${HOLD_KEY_PATH} # Optional, defaults to {HOLD_DATABASE_DIR}/signing.key
# Storage driver
STORAGE_DRIVER: ${STORAGE_DRIVER:-s3}
# S3/UpCloud Object Storage configuration
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-}
AWS_REGION: ${AWS_REGION:-us-chi1}
S3_BUCKET: ${S3_BUCKET:-atcr-blobs}
S3_ENDPOINT: ${S3_ENDPOINT:-}
S3_REGION_ENDPOINT: ${S3_REGION_ENDPOINT:-}
# Logging
ATCR_LOG_LEVEL: ${ATCR_LOG_LEVEL:-debug}
ATCR_LOG_FORMATTER: ${ATCR_LOG_FORMATTER:-text}
# Optional: Filesystem storage (comment out S3 vars above)
# STORAGE_DRIVER: filesystem
# STORAGE_ROOT_DIR: /var/lib/atcr/hold
volumes:
# PDS data (carstore SQLite + signing keys)
- atcr-hold-data:/var/lib/atcr-hold
networks:
- atcr-network
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
atcr-network:
driver: bridge
ipam:
config:
- subnet: 172.29.0.0/24
volumes:
caddy_data:
driver: local
caddy_config:
driver: local
atcr-appview-data:
driver: local
atcr-hold-data:
driver: local
configs:
caddyfile:
content: |
# ATCR AppView - Main registry + web UI
${APPVIEW_DOMAIN:-atcr.io} {
# Reverse proxy to AppView container
reverse_proxy atcr-appview:5000 {
# Preserve original host header
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
# Enable compression
encode gzip
# Logging
log {
output file /data/logs/appview.log {
roll_size 100mb
roll_keep 10
}
}
}
# ATCR Hold Service - Storage presigned URL generator
${HOLD_DOMAIN:-hold01.atcr.io} {
# Reverse proxy to Hold service container
reverse_proxy atcr-hold:8080 {
# Preserve original host header
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
# Enable compression
encode gzip
# Logging
log {
output file /data/logs/hold.log {
roll_size 100mb
roll_keep 10
}
}
}
Reference in New Issue View Git Blame Copy Permalink