GamePulse/docker-compose.prod.yml at main · thephilipjones/GamePulse · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# Production overrides for docker-compose.yml
# Usage: docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
#
# This file:
# - Adds Traefik proxy with Let's Encrypt SSL
# - Excludes dev-only services (adminer, mailcatcher, playwright)

services:
  backend:
    # Override development command with production-optimized settings
    # Uses single worker (optimal for t2.micro) and removes --reload flag
    command:
      - fastapi
      - run
      - --workers
      - "1"
      - app/main.py
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-f",
          "http://localhost:8000/api/v1/health",
        ]
      interval: 60s
      timeout: 5s
      retries: 5
      start_period: 20s

  db:
    # Tune Postgres for 1GB RAM environment
    command:
      - "postgres"
      - "-c"
      - "shared_buffers=128MB"
      - "-c"
      - "max_connections=20"
      - "-c"
      - "work_mem=4MB"
      - "-c"
      - "effective_cache_size=512MB"
      - "-c"
      - "maintenance_work_mem=64MB"
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "pg_isready -U $${POSTGRES_USER:-postgres} -d $${POSTGRES_DB:-app}",
        ]
      interval: 60s
      timeout: 5s
      retries: 5
      start_period: 30s

  dagster-daemon:
    healthcheck:
      test: ["CMD-SHELL", "dagster instance info || exit 1"]
      interval: 120s # Check only every 2 mins
      timeout: 20s
      retries: 3
      start_period: 60s

  dagster-webserver:
    environment:
      # Increase heartbeat tolerance from 20s to 60s
      - DAGSTER_GRPC_HEARTBEAT_TTL=60
      # Increase startup timeout for cold starts on t2.micro
      - DAGSTER_GRPC_STARTUP_TIMEOUT=180
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:3000/server-info || exit 1"]
      interval: 120s
      timeout: 20s
      retries: 3
      start_period: 60s

  proxy:
    image: traefik:v3.0
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certificates:/certificates
    ports:
      - "80:80"
      - "443:443"
    command:
      # Enable Docker provider
      - --providers.docker=true
      - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
      - --providers.docker.exposedbydefault=false

      # Entrypoints
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443

      # Let's Encrypt / ACME configuration
      - --certificatesresolvers.le.acme.email=heyitsphilip@gmail.com
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.httpchallenge=true
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=http

      # Logging
      - --accesslog=false # reduce CPU usage
      - --log=true
      - --log.level=ERROR # INFO

      # API (disabled for security in production)
      - --api=false
    labels:
      - traefik.enable=true
      - traefik.constraint-label=traefik-public

      # Global HTTP to HTTPS redirect middleware
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
    networks:
      - traefik-public
      - default

  # Disable dev-only services in production
  # Note: mailcatcher and playwright are only in docker-compose.override.yml,
  # so they won't be loaded when we explicitly use -f flags
  adminer:
    deploy:
      replicas: 0

volumes:
  traefik-certificates:

networks:
  traefik-public:
    external: true