ExcaliDash/docker-compose.prod.yml at main · ZimengXiong/ExcaliDash · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
services:
  backend:
    image: zimengxiong/excalidash-backend:latest
    container_name: excalidash-backend
    environment:
      - DATABASE_URL=file:/app/prisma/dev.db
      - PORT=8000
      - NODE_ENV=production
      - AUTH_MODE=${AUTH_MODE:-local}
      # Keep disabled by default; only enable when a trusted proxy sanitizes forwarded headers.
      - TRUST_PROXY=false
      # Optional for single-instance deployments:
      # if unset, backend auto-generates and persists one in the volume.
      # Recommended to set explicitly for portability and multi-instance setups.
      - JWT_SECRET=${JWT_SECRET}
      - CSRF_SECRET=${CSRF_SECRET}
      # Optional OIDC settings (required for AUTH_MODE=hybrid or oidc_enforced)
      # - OIDC_PROVIDER_NAME=Authentik
      # - OIDC_ISSUER_URL=https://auth.example.com/application/o/excalidash/
      # - OIDC_CLIENT_ID=your-client-id
      # - OIDC_CLIENT_SECRET=your-client-secret
      # - OIDC_REDIRECT_URI=https://excalidash.example.com/api/auth/oidc/callback
    volumes:
      - backend-data:/app/prisma
    networks:
      - excalidash-network
    restart: unless-stopped
    healthcheck:
      # Use IPv4 loopback explicitly to avoid IPv6 localhost resolution issues.
      test:
        [
          "CMD",
          "node",
          "-e",
          "require('http').get('http://127.0.0.1:8000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))",
        ]
      interval: 30s
      timeout: 10s
      retries: 3

  frontend:
    image: zimengxiong/excalidash-frontend:latest
    container_name: excalidash-frontend
    ports:
      - "6767:80"
    depends_on:
      - backend
    networks:
      - excalidash-network
    restart: unless-stopped
    healthcheck:
      # Use IPv4 loopback explicitly to avoid IPv6 localhost resolution issues.
      test:
        [
          "CMD",
          "wget",
          "--quiet",
          "--tries=1",
          "--spider",
          "http://127.0.0.1:80",
        ]
      interval: 30s
      timeout: 10s
      retries: 3

networks:
  excalidash-network:
    driver: bridge

volumes:
  backend-data: