aljaz/enclava
1
0
Fork 0
mirror of https://github.com/aljazceru/enclava.git synced 2025-12-17 07:24:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

prod config docker

Browse Source
This commit is contained in:
Aljaz Ceru
2025-09-15 18:15:10 +02:00
parent 2876f0a608
commit 6efad75714
2 changed files with 236 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
backend/Dockerfile.prod Normal file
View File

@@ -0,0 +1,53 @@
FROM python:3.11-slim
# Set environment variables
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONPATH=/app
ENV NODE_ENV=production
ENV APP_ENV=production
# Set work directory
WORKDIR /app
# Install system dependencies
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
build-essential \
libpq-dev \
postgresql-client \
curl \
ffmpeg \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements and install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Optional: Install NLP requirements if needed
# COPY requirements-nlp.txt .
# RUN pip install --no-cache-dir -r requirements-nlp.txt
# Copy application code
COPY . .
# Copy and make migration script executable
COPY scripts/migrate.sh /usr/local/bin/migrate.sh
RUN chmod +x /usr/local/bin/migrate.sh
# Create non-root user for security
RUN useradd --create-home --shell /bin/bash app && \
chown -R app:app /app
USER app
# Create logs directory
RUN mkdir -p logs
# Expose port
EXPOSE 8000
# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Run the application in production mode
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

183
docker-compose.prod.yml Normal file
View File

@@ -0,0 +1,183 @@
version: '3.8'
services:
# Nginx reverse proxy - Internal routing only (since SSL is handled by host)
enclava-nginx:
image: nginx:alpine
ports:
- "50080:80" # Port for host reverse proxy to connect to
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- nginx-logs:/var/log/nginx
depends_on:
- enclava-backend
- enclava-frontend
networks:
- enclava-net
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
# Database migration service - runs once to apply migrations
enclava-migrate:
build:
context: ./backend
dockerfile: Dockerfile.prod
environment:
- DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@enclava-postgres:5432/${POSTGRES_DB}
depends_on:
- enclava-postgres
command: ["/usr/local/bin/migrate.sh"]
networks:
- enclava-net
restart: "no" # Run once and exit
# Main application backend - Production version
enclava-backend:
build:
context: ./backend
dockerfile: Dockerfile.prod
environment:
- DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@enclava-postgres:5432/${POSTGRES_DB}
- REDIS_URL=redis://enclava-redis:6379
- QDRANT_HOST=enclava-qdrant
- JWT_SECRET=${JWT_SECRET}
- PRIVATEMODE_API_KEY=${PRIVATEMODE_API_KEY}
- ADMIN_EMAIL=${ADMIN_EMAIL}
- ADMIN_PASSWORD=${ADMIN_PASSWORD}
- LOG_LLM_PROMPTS=${LOG_LLM_PROMPTS:-false}
- BASE_URL=${BASE_URL}
- NODE_ENV=production
- APP_ENV=production
depends_on:
- enclava-migrate
- enclava-postgres
- enclava-redis
- enclava-qdrant
- privatemode-proxy
volumes:
- ./logs:/app/logs
- ./plugins:/plugins
networks:
- enclava-net
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
# Next.js frontend - Production build
enclava-frontend:
build:
context: ./frontend
dockerfile: Dockerfile
target: runner # Use the production stage from multi-stage build
environment:
- BASE_URL=${BASE_URL}
- NEXT_PUBLIC_BASE_URL=${BASE_URL}
- BACKEND_INTERNAL_PORT=8000
- FRONTEND_INTERNAL_PORT=3000
- INTERNAL_API_URL=http://enclava-backend:8000
- NODE_ENV=production
- NEXT_TELEMETRY_DISABLED=1
depends_on:
- enclava-backend
networks:
- enclava-net
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 3
# PostgreSQL database
enclava-postgres:
image: postgres:16-alpine
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- enclava-postgres-data:/var/lib/postgresql/data
- ./postgres/postgresql.conf:/etc/postgresql/postgresql.conf:ro
- postgres-backups:/backups
networks:
- enclava-net
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
interval: 30s
timeout: 10s
retries: 5
# Redis for caching and message queue
enclava-redis:
image: redis:7-alpine
command: redis-server --appendonly yes --maxmemory 512mb --maxmemory-policy allkeys-lru
volumes:
- enclava-redis-data:/data
networks:
- enclava-net
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
# Qdrant vector database
enclava-qdrant:
image: qdrant/qdrant:v1.7.4
environment:
- QDRANT__SERVICE__HTTP_PORT=6333
- QDRANT__SERVICE__GRPC_PORT=6334
- QDRANT__LOG_LEVEL=INFO
volumes:
- enclava-qdrant-data:/qdrant/storage
- ./qdrant/config.yaml:/qdrant/config/production.yaml:ro
networks:
- enclava-net
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:6333/"]
interval: 30s
timeout: 10s
retries: 3
# Privatemode.ai service (optional - for confidential models)
privatemode-proxy:
image: ghcr.io/edgelesssys/privatemode/privatemode-proxy:latest
environment:
- PRIVATEMODE_API_KEY=${PRIVATEMODE_API_KEY}
- PRIVATEMODE_CACHE_MODE=${PRIVATEMODE_CACHE_MODE:-none}
- PRIVATEMODE_CACHE_SALT=${PRIVATEMODE_CACHE_SALT}
entrypoint: ["/bin/privatemode-proxy"]
command: [
"--apiKey=${PRIVATEMODE_API_KEY}",
"--port=8080"
]
networks:
- enclava-net
restart: unless-stopped
profiles:
- privatemode
volumes:
enclava-postgres-data:
driver: local
enclava-redis-data:
driver: local
enclava-qdrant-data:
driver: local
nginx-logs:
driver: local
networks:
enclava-net:
driver: bridge