ScamScreener-API/docker-compose.yml at main · Tangos-Mods/ScamScreener-API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
services:
  scamscreener:
    build: .
    container_name: scamscreener
    env_file:
      - .env.production
    environment:
      SCAMSCREENER_EXTRA_TRUSTED_PROXIES: "172.31.255.10"
    volumes:
      - scamscreener_data:/app/data
    restart: unless-stopped
    init: true
    read_only: true
    tmpfs:
      - /tmp:rw,noexec,nosuid,nodev,size=64m
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    pids_limit: 256
    healthcheck:
      test:
        - CMD
        - python
        - -c
        - "import os, urllib.parse, urllib.request; port = os.getenv('PORT', os.getenv('TRAINING_HUB_PORT', '8080')); host = (os.getenv('TRAINING_HUB_ALLOWED_HOSTS', '').split(',')[0].strip() or urllib.parse.urlsplit(os.getenv('TRAINING_HUB_PUBLIC_BASE_URL', '')).hostname or '127.0.0.1'); request = urllib.request.Request(f'http://127.0.0.1:{port}/api/v1/health', headers={'Host': host, 'X-Forwarded-Proto': 'https'}); urllib.request.urlopen(request, timeout=3)"
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 20s
    networks:
      - scamscreener_net

  caddy:
    image: caddy:2.8
    container_name: scamscreener-caddy
    env_file:
      - .env.production
    depends_on:
      scamscreener:
        condition: service_healthy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    restart: unless-stopped
    read_only: true
    tmpfs:
      - /tmp:rw,noexec,nosuid,nodev,size=64m
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    security_opt:
      - no-new-privileges:true
    pids_limit: 256
    healthcheck:
      test:
        - CMD
        - caddy
        - validate
        - --config
        - /etc/caddy/Caddyfile
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    networks:
      scamscreener_net:
        ipv4_address: 172.31.255.10

volumes:
  scamscreener_data:
  caddy_data:
  caddy_config:

networks:
  scamscreener_net:
    ipam:
      config:
        - subnet: 172.31.255.0/24