gui.do / barazo-deploy
Barazo Docker Compose templates for self-hosting barazo.forum
fork atom
barazo-deploy / docker-compose.yml
at main 231 lines 7.9 kB view raw
Guido X Jansen fix(caddy): add docs.barazo.forum site block (#68)
72f480a1
1# Barazo Production Docker Compose -- Single Community 2# 3# Deploys a complete Barazo forum with automatic SSL via Caddy. 4# Only ports 80 and 443 are exposed externally. 5# 6# Usage: 7# cp .env.example .env 8# # Edit .env with your domain, passwords, and community settings 9# docker compose up -d 10# 11# Startup order: postgres -> valkey -> tap -> barazo-api -> barazo-web -> caddy 12 13x-logging: &default-logging 14 driver: json-file 15 options: 16 max-size: "10m" 17 max-file: "3" 18 19services: 20 # --------------------------------------------------------------------------- 21 # PostgreSQL 16 with pgvector (full-text + optional semantic search) 22 # --------------------------------------------------------------------------- 23 postgres: 24 image: pgvector/pgvector:pg16 25 restart: unless-stopped 26 logging: *default-logging 27 environment: 28 POSTGRES_USER: ${POSTGRES_USER} 29 POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 30 POSTGRES_DB: ${POSTGRES_DB} 31 volumes: 32 - pgdata:/var/lib/postgresql/data 33 networks: 34 - backend 35 healthcheck: 36 test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] 37 interval: 10s 38 timeout: 5s 39 retries: 5 40 # Uncomment to set resource limits: 41 # mem_limit: 1g 42 # cpus: 1.0 43 44 # --------------------------------------------------------------------------- 45 # Valkey 8 (Redis-compatible cache for sessions, rate limiting, queues) 46 # --------------------------------------------------------------------------- 47 valkey: 48 image: valkey/valkey:9-alpine 49 restart: unless-stopped 50 logging: *default-logging 51 command: > 52 valkey-server 53 --requirepass ${VALKEY_PASSWORD} 54 --rename-command FLUSHALL "" 55 --rename-command FLUSHDB "" 56 --rename-command CONFIG "" 57 --rename-command DEBUG "" 58 --rename-command KEYS "" 59 volumes: 60 - valkeydata:/data 61 networks: 62 - backend 63 healthcheck: 64 test: ["CMD", "valkey-cli", "-a", "${VALKEY_PASSWORD}", "ping"] 65 interval: 10s 66 timeout: 5s 67 retries: 3 68 # Uncomment to set resource limits: 69 # mem_limit: 512m 70 # cpus: 0.5 71 72 # --------------------------------------------------------------------------- 73 # Tap (AT Protocol firehose consumer -- filters forum.barazo.* records) 74 # --------------------------------------------------------------------------- 75 tap: 76 image: ghcr.io/bluesky-social/indigo/tap:latest 77 platform: linux/amd64 78 restart: unless-stopped 79 logging: *default-logging 80 environment: 81 TAP_RELAY_URL: ${RELAY_URL:-https://bsky.network} 82 TAP_SIGNAL_COLLECTION: forum.barazo.topic.post 83 TAP_COLLECTION_FILTERS: forum.barazo.topic.post,forum.barazo.topic.reply,forum.barazo.interaction.reaction,forum.barazo.interaction.vote 84 TAP_DATABASE_URL: sqlite:///data/tap.db 85 TAP_ADMIN_PASSWORD: ${TAP_ADMIN_PASSWORD} 86 volumes: 87 - tapdata:/data 88 networks: 89 - backend 90 # Uncomment to set resource limits: 91 # mem_limit: 512m 92 # cpus: 0.5 93 94 # --------------------------------------------------------------------------- 95 # Barazo API (AppView backend -- Fastify, REST API, firehose indexing) 96 # --------------------------------------------------------------------------- 97 barazo-api: 98 image: ghcr.io/singi-labs/barazo-api:${BARAZO_API_VERSION:-latest} 99 restart: unless-stopped 100 logging: *default-logging 101 environment: 102 NODE_ENV: production 103 DATABASE_URL: ${DATABASE_URL} 104 VALKEY_URL: redis://:${VALKEY_PASSWORD}@valkey:6379 105 TAP_URL: http://tap:2480 106 TAP_ADMIN_PASSWORD: ${TAP_ADMIN_PASSWORD} 107 SESSION_SECRET: ${SESSION_SECRET} 108 RELAY_URL: ${RELAY_URL:-wss://bsky.network} 109 COMMUNITY_DID: ${COMMUNITY_DID} 110 COMMUNITY_NAME: ${COMMUNITY_NAME} 111 COMMUNITY_MODE: ${COMMUNITY_MODE:-single} 112 HOSTING_MODE: ${HOSTING_MODE:-selfhosted} 113 CORS_ORIGINS: https://${COMMUNITY_DOMAIN} 114 PUBLIC_URL: https://${COMMUNITY_DOMAIN} 115 OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID} 116 OAUTH_REDIRECT_URI: ${OAUTH_REDIRECT_URI} 117 PLUGINS_ENABLED: ${PLUGINS_ENABLED:-true} 118 PLUGIN_REGISTRY_URL: ${PLUGIN_REGISTRY_URL:-https://registry.npmjs.org} 119 EMBEDDING_URL: ${EMBEDDING_URL:-} 120 AI_EMBEDDING_DIMENSIONS: ${AI_EMBEDDING_DIMENSIONS:-768} 121 AI_ENCRYPTION_KEY: ${AI_ENCRYPTION_KEY:-} 122 FEATURE_CROSSPOST_FRONTPAGE: ${FEATURE_CROSSPOST_FRONTPAGE:-false} 123 GLITCHTIP_DSN: ${GLITCHTIP_DSN:-} 124 LOG_LEVEL: ${LOG_LEVEL:-info} 125 volumes: 126 - plugins:/app/plugins 127 - ./plugins.json:/app/plugins.json:ro 128 - ./scripts/install-plugins.sh:/app/install-plugins.sh:ro 129 networks: 130 - frontend 131 - backend 132 depends_on: 133 postgres: 134 condition: service_healthy 135 valkey: 136 condition: service_healthy 137 healthcheck: 138 test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3000/api/health || exit 1"] 139 interval: 30s 140 timeout: 10s 141 retries: 3 142 start_period: 30s 143 # Uncomment to set resource limits: 144 # mem_limit: 1g 145 # cpus: 1.0 146 147 # --------------------------------------------------------------------------- 148 # Barazo Web (Next.js frontend) 149 # --------------------------------------------------------------------------- 150 barazo-web: 151 image: ghcr.io/singi-labs/barazo-web:${BARAZO_WEB_VERSION:-latest} 152 restart: unless-stopped 153 logging: *default-logging 154 environment: 155 NODE_ENV: production 156 API_INTERNAL_URL: http://barazo-api:3000 157 NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_SITE_URL} 158 networks: 159 - frontend 160 depends_on: 161 barazo-api: 162 condition: service_healthy 163 healthcheck: 164 test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3001/api/health || exit 1"] 165 interval: 30s 166 timeout: 10s 167 retries: 3 168 start_period: 20s 169 # Uncomment to set resource limits: 170 # mem_limit: 512m 171 # cpus: 0.5 172 173 # --------------------------------------------------------------------------- 174 # Caddy (reverse proxy with automatic SSL via Let's Encrypt) 175 # --------------------------------------------------------------------------- 176 caddy: 177 image: caddy:2-alpine 178 restart: unless-stopped 179 logging: *default-logging 180 environment: 181 COMMUNITY_DOMAIN: ${COMMUNITY_DOMAIN} 182 ports: 183 - "80:80" 184 - "443:443" 185 - "443:443/udp" # HTTP/3 (QUIC) 186 volumes: 187 - ./Caddyfile:/etc/caddy/Caddyfile:ro 188 - caddydata:/data 189 - caddyconfig:/config 190 - /var/www/docs.barazo.forum:/var/www/docs.barazo.forum:ro 191 networks: 192 - frontend 193 depends_on: 194 barazo-api: 195 condition: service_healthy 196 barazo-web: 197 condition: service_healthy 198 healthcheck: 199 test: ["CMD", "caddy", "version"] 200 interval: 30s 201 timeout: 5s 202 retries: 3 203 # Uncomment to set resource limits: 204 # mem_limit: 256m 205 # cpus: 0.25 206 207# ============================================================================= 208# Networks -- two-network segmentation 209# ============================================================================= 210# 211# frontend: Caddy, barazo-web, barazo-api (external-facing services) 212# backend: barazo-api, PostgreSQL, Valkey, Tap (database-connected services) 213# 214# barazo-api bridges both networks. PostgreSQL and Valkey are NOT reachable 215# from Caddy or barazo-web. Only Caddy is exposed externally (ports 80, 443). 216 217networks: 218 frontend: 219 backend: 220 221# ============================================================================= 222# Volumes -- persistent data 223# ============================================================================= 224 225volumes: 226 pgdata: # PostgreSQL data (critical -- back up regularly) 227 valkeydata: # Valkey cache (low priority -- regenerated on restart) 228 tapdata: # Tap firehose cursor + SQLite DB 229 caddydata: # SSL certificates (medium priority) 230 caddyconfig: # Caddy configuration cache 231 plugins: # Installed plugin npm packages