a45ba22c7c
Production Deployment Setup:
- docker-compose.prod.yml with optimized production settings
- PostgreSQL 15 Alpine with connection pooling and backups
- Redis 7 Alpine with persistence and LRU eviction
- FastAPI with health checks and logging
- Nginx reverse proxy with SSL/TLS, rate limiting, security headers
Nginx Configuration:
- HTTPS with Let's Encrypt SSL certificates
- HTTP to HTTPS redirect
- Rate limiting on auth endpoints (5 req/s) and API (10 req/s)
- Gzip compression for responses
- Security headers (HSTS, CSP, X-Frame-Options, etc.)
- Upstream load balancing with keepalive
- Access logging and error handling
- Health check endpoint on port 8080
Deployment Guide (comprehensive):
- Pre-deployment checklist
- Step-by-step deployment instructions
- SSL certificate setup (Let's Encrypt)
- Database migrations
- Automatic backups (30-day retention)
- Monitoring and health checks
- Resource optimization
- Troubleshooting guide
- Security best practices
- Scaling and load balancing
- CI/CD integration examples
- Quick reference commands
Ready for production deployment to nexus-vector:
Domain: mtd.runfoo.run
Server: nexus-vector (100.95.3.92)
Ports: 80 (HTTP), 443 (HTTPS), 8000 (API), 8080 (health)
Job ID: MTAD-IMPL-2025-11-18-CL
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
152 lines
3.6 KiB
YAML
152 lines
3.6 KiB
YAML
version: '3.8'
|
|
|
|
# Production deployment configuration for nexus-vector
|
|
# Job ID: MTAD-IMPL-2025-11-18-CL
|
|
# Domain: mtd.runfoo.run
|
|
# Deployment: nexus-vector (100.95.3.92)
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:15-alpine
|
|
container_name: mtad-postgres
|
|
restart: always
|
|
environment:
|
|
POSTGRES_USER: ${DB_USER:-admin}
|
|
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
|
POSTGRES_DB: morethanadiagnosis
|
|
POSTGRES_INITDB_ARGS: >
|
|
-c shared_preload_libraries=pg_stat_statements
|
|
-c max_connections=100
|
|
-c shared_buffers=256MB
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
- ./backups:/backups
|
|
networks:
|
|
- mtad-network
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-admin} -d morethanadiagnosis"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: mtad-redis
|
|
restart: always
|
|
ports:
|
|
- "6379:6379"
|
|
volumes:
|
|
- redis_data:/data
|
|
networks:
|
|
- mtad-network
|
|
command: >
|
|
redis-server
|
|
--appendonly yes
|
|
--appendfsync everysec
|
|
--requirepass ${REDIS_PASSWORD}
|
|
--maxmemory 512mb
|
|
--maxmemory-policy allkeys-lru
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
api:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: mtad-api
|
|
restart: always
|
|
environment:
|
|
ENV: production
|
|
DEBUG: "false"
|
|
DATABASE_URL: postgresql://${DB_USER:-admin}:${DB_PASSWORD}@postgres:5432/morethanadiagnosis
|
|
REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379/0
|
|
SECRET_KEY: ${SECRET_KEY}
|
|
ALGORITHM: HS256
|
|
ACCESS_TOKEN_EXPIRE_MINUTES: 15
|
|
REFRESH_TOKEN_EXPIRE_DAYS: 30
|
|
PASSWORD_HASHING_ALGORITHM: argon2
|
|
CORS_ORIGINS: '["https://mtd.runfoo.run", "http://localhost:3000"]'
|
|
CORS_CREDENTIALS: "true"
|
|
CORS_METHODS: '["*"]'
|
|
CORS_HEADERS: '["*"]'
|
|
API_VERSION: v1
|
|
API_TITLE: MoreThanADiagnosis API
|
|
API_DESCRIPTION: Community Hub for Chronically/Terminally Ill Individuals
|
|
LOG_LEVEL: INFO
|
|
LOG_FORMAT: json
|
|
JAEGER_ENABLED: "false"
|
|
RATE_LIMIT_ENABLED: "true"
|
|
RATE_LIMIT_REQUESTS: 100
|
|
RATE_LIMIT_PERIOD: 60
|
|
ports:
|
|
- "8000:8000"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
networks:
|
|
- mtad-network
|
|
volumes:
|
|
- ./app:/app/app:ro
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 10s
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "10"
|
|
|
|
nginx:
|
|
image: nginx:alpine
|
|
container_name: mtad-nginx
|
|
restart: always
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
|
- ./ssl:/etc/nginx/ssl:ro
|
|
- ./certbot/conf:/etc/letsencrypt:ro
|
|
- ./certbot/www:/var/www/certbot:ro
|
|
networks:
|
|
- mtad-network
|
|
depends_on:
|
|
- api
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
networks:
|
|
mtad-network:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
postgres_data:
|
|
driver: local
|
|
redis_data:
|
|
driver: local
|