forked from kubedoio/rustshare
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
127 lines (122 loc) · 5.17 KB
/
Copy pathdocker-compose.yml
File metadata and controls
127 lines (122 loc) · 5.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Base Docker Compose file for RustShare.
# For production deployments, use this file together with docker-compose.prod.yml:
# docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
services:
postgres:
image: postgres:16-alpine
environment:
POSTGRES_DB: rustshare
POSTGRES_USER: rustshare
# Must be set via env var or .env file — see .env.example
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "127.0.0.1:5432:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U rustshare"]
interval: 10s
timeout: 5s
retries: 5
rustfs:
image: rustfs/rustfs:latest
environment:
# Must be set via env var or .env file — see .env.example
RUSTFS_ROOT_USER: ${RUSTFS_ROOT_USER}
RUSTFS_ROOT_PASSWORD: ${RUSTFS_ROOT_PASSWORD}
RUSTFS_DATA_DIR: /data
RUSTFS_LOGS_DIR: /logs
volumes:
- rustfs_data:/data
- rustfs_logs:/logs
ports:
- "127.0.0.1:9000:9000"
- "127.0.0.1:9001:9001"
healthcheck:
test: ["CMD", "sh", "-c", "nc -z localhost 9000 && nc -z localhost 9001"]
interval: 10s
timeout: 5s
retries: 5
backend:
build:
context: .
dockerfile: docker/backend.Dockerfile
args:
VITE_API_URL: /api/v1
VITE_WS_URL: /api/ws
# Increase file descriptor limits to handle many concurrent WebSocket connections
ulimits:
nofile:
soft: 65536
hard: 65536
environment:
# Must be set via env var or .env file — see .env.example
DATABASE_URL: ${DATABASE_URL}
RUST_LOG: info,rustshare=debug
RUSTFS_ENDPOINT: http://rustfs:9000
RUSTFS_PUBLIC_ENDPOINT: http://localhost:9000
RUSTFS_REGION: us-east-1
RUSTFS_BUCKET: rustshare-files
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
# CRITICAL: Must be strong random values. Server refuses to start with weak secrets.
JWT_SECRET: ${JWT_SECRET}
RUSTSHARE_SECRET_ENCRYPTION_KEY: ${RUSTSHARE_SECRET_ENCRYPTION_KEY}
RUSTSHARE_CHAT_WEBHOOK_SECRET: ${RUSTSHARE_CHAT_WEBHOOK_SECRET}
RUSTSHARE_ADMIN_USERNAME: ${RUSTSHARE_ADMIN_USERNAME:-admin}
RUSTSHARE_ADMIN_EMAIL: ${RUSTSHARE_ADMIN_EMAIL:-admin@localhost}
RUSTSHARE_ADMIN_PASSWORD: ${RUSTSHARE_ADMIN_PASSWORD}
RUSTSHARE_DEMO_VIEWER_USERNAME: ${RUSTSHARE_DEMO_VIEWER_USERNAME:-viewer}
RUSTSHARE_DEMO_VIEWER_EMAIL: ${RUSTSHARE_DEMO_VIEWER_EMAIL:-viewer@localhost}
RUSTSHARE_DEMO_VIEWER_PASSWORD: ${RUSTSHARE_DEMO_VIEWER_PASSWORD}
RUSTSHARE_DEMO_VIEWER_DISPLAY_NAME: ${RUSTSHARE_DEMO_VIEWER_DISPLAY_NAME:-Viewer User}
PASSWORD_LOGIN_ENABLED: ${PASSWORD_LOGIN_ENABLED:-true}
OIDC_ISSUER_URL: ${OIDC_ISSUER_URL:-}
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-}
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-}
OIDC_REDIRECT_URL: ${OIDC_REDIRECT_URL:-}
OIDC_LOGIN_LABEL: ${OIDC_LOGIN_LABEL:-}
OIDC_SCOPES: ${OIDC_SCOPES:-openid profile email}
OIDC_MOBILE_CLIENT_ID: ${OIDC_MOBILE_CLIENT_ID:-}
OIDC_MOBILE_CLIENT_SECRET: ${OIDC_MOBILE_CLIENT_SECRET:-}
OIDC_MOBILE_REDIRECT_URIS: ${OIDC_MOBILE_REDIRECT_URIS:-}
RUSTSHARE_RATE_LIMIT_AUTH_LOGIN_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_AUTH_LOGIN_PER_MINUTE:-10}
RUSTSHARE_RATE_LIMIT_OIDC_LOGIN_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_OIDC_LOGIN_PER_MINUTE:-30}
RUSTSHARE_RATE_LIMIT_SHARE_SESSION_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_SHARE_SESSION_PER_MINUTE:-5}
RUSTSHARE_RATE_LIMIT_SHARE_INFO_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_SHARE_INFO_PER_MINUTE:-30}
RUSTSHARE_RATE_LIMIT_SHARE_DOWNLOAD_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_SHARE_DOWNLOAD_PER_MINUTE:-30}
RUSTSHARE_RATE_LIMIT_SHARE_UPLOAD_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_SHARE_UPLOAD_PER_MINUTE:-20}
RUSTSHARE_RATE_LIMIT_AUTHENTICATED_SHARE_ADMIN_PER_MINUTE: ${RUSTSHARE_RATE_LIMIT_AUTHENTICATED_SHARE_ADMIN_PER_MINUTE:-120}
RUSTSHARE_DEFAULT_STORAGE_QUOTA_BYTES: ${RUSTSHARE_DEFAULT_STORAGE_QUOTA_BYTES:-10737418240}
# Metadata backend configuration (postgres | rustfs | dual_write | rustfs_reads | localfs)
RUSTSHARE_METADATA_BACKEND: ${RUSTSHARE_METADATA_BACKEND:-postgres}
RUSTSHARE_METADATA_PREFIX: ${RUSTSHARE_METADATA_PREFIX:-apps/rustshare}
RUSTSHARE_METADATA_NAMESPACE: ${RUSTSHARE_METADATA_NAMESPACE:-default}
RUSTSHARE_METADATA_CACHE: ${RUSTSHARE_METADATA_CACHE:-true}
SERVER_HOST: 0.0.0.0
FRONTEND_DIST_DIR: /app/frontend-build
# Default to false for the HTTP base compose path; production overrides
# can explicitly set this to true when served over HTTPS.
SESSION_COOKIE_SECURE: ${SESSION_COOKIE_SECURE:-false}
depends_on:
postgres:
condition: service_healthy
rustfs:
condition: service_healthy
nginx:
image: nginx:alpine
ports:
- "80:80"
volumes:
- ./docker/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- backend
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://127.0.0.1/health"]
interval: 10s
timeout: 5s
retries: 3
volumes:
postgres_data:
rustfs_data:
rustfs_logs: