michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Update deployment configuration and documentation

Browse Source 
- Update Gitea configuration (remove DEFAULT_ACTIONS_URL)
- Fix deployment documentation
- Update Ansible playbooks
- Clean up deprecated files
- Add new deployment scripts and templates
This commit is contained in:
Michael Schiemer
2025-10-31 21:11:11 +01:00
parent cf4748f8db
commit 16d586ecdf
92 changed files with 4601 additions and 10524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

466
docker-compose.prod.yml
View File

@@ -1,466 +0,0 @@
# ==============================================================================
# Production Docker Swarm Stack with Traefik Load Balancer
# ==============================================================================
# Usage: docker stack deploy -c docker-compose.prod.yml framework
#
# This is a STANDALONE file - no merging with docker-compose.yml required.
# All services are production-ready with Swarm deployment configurations.
# ==============================================================================
version: '3.8'
# ==============================================================================
# Services
# ==============================================================================
services:
# ----------------------------------------------------------------------------
# Traefik - Reverse Proxy & Load Balancer
# ----------------------------------------------------------------------------
traefik:
image: traefik:v2.10
command:
# API & Dashboard
- "--api.dashboard=true"
- "--api.insecure=true"
# Docker Swarm Provider
- "--providers.docker=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedByDefault=false"
- "--providers.docker.network=framework_traefik-public"
# Entrypoints
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# HTTP → HTTPS Redirect
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# Access Logs
- "--accesslog=true"
- "--accesslog.filepath=/var/log/traefik/access.log"
# Metrics
- "--metrics.prometheus=true"
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./ssl:/ssl:ro
- traefik-logs:/var/log/traefik
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
labels:
# Dashboard
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# ----------------------------------------------------------------------------
# Web - PHP Application (Nginx + PHP-FPM)
# ----------------------------------------------------------------------------
web:
image: 94.16.110.151:5000/framework:latest
environment:
# Application
- APP_ENV=production
- APP_DEBUG=false
- APP_NAME=Michael Schiemer
- APP_TIMEZONE=Europe/Berlin
- APP_LOCALE=de
# Database
- DB_DRIVER=pgsql
- DB_HOST=db
- DB_PORT=5432
- DB_DATABASE=framework_prod
- DB_USERNAME=postgres
- DB_CHARSET=utf8
# Redis (Sessions & Cache)
- REDIS_HOST=redis
- REDIS_PORT=6379
- SESSION_DRIVER=redis
- CACHE_DRIVER=redis
# Security
- SECURITY_ALLOWED_HOSTS=localhost,michaelschiemer.de,www.michaelschiemer.de
- SECURITY_RATE_LIMIT_PER_MINUTE=60
- SESSION_LIFETIME=1800
- FORCE_HTTPS=true
# Performance
- OPCACHE_ENABLED=true
# Analytics
- ANALYTICS_ENABLED=true
- ANALYTICS_TRACK_PAGE_VIEWS=true
secrets:
- db_password
- app_key
- vault_encryption_key
- shopify_webhook_secret
- rapidmail_password
volumes:
- storage-logs:/var/www/html/storage/logs:rw
- storage-uploads:/var/www/html/storage/uploads:rw
networks:
- traefik-public
- backend
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
deploy:
replicas: 3
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
order: start-first
rollback_config:
parallelism: 1
delay: 5s
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
# Traefik Configuration
- "traefik.enable=true"
# HTTP Router
- "traefik.http.routers.web.rule=Host(`michaelschiemer.de`) || Host(`www.michaelschiemer.de`)"
- "traefik.http.routers.web.entrypoints=websecure"
- "traefik.http.routers.web.tls=true"
# Load Balancer
- "traefik.http.services.web.loadbalancer.server.port=80"
- "traefik.http.services.web.loadbalancer.sticky.cookie=true"
- "traefik.http.services.web.loadbalancer.sticky.cookie.name=PHPSESSID"
- "traefik.http.services.web.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.web.loadbalancer.sticky.cookie.httpOnly=true"
# Health Check
- "traefik.http.services.web.loadbalancer.healthcheck.path=/health"
- "traefik.http.services.web.loadbalancer.healthcheck.interval=30s"
- "traefik.http.services.web.loadbalancer.healthcheck.timeout=5s"
# ----------------------------------------------------------------------------
# Database - PostgreSQL
# ----------------------------------------------------------------------------
db:
image: postgres:16-alpine
environment:
- POSTGRES_DB=framework_prod
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
- POSTGRES_INITDB_ARGS=-E UTF8 --locale=C
- PGDATA=/var/lib/postgresql/data/pgdata
secrets:
- db_password
volumes:
- db-data:/var/lib/postgresql/data
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d framework_prod"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
cpus: '0.5'
# ----------------------------------------------------------------------------
# Redis - Cache & Sessions
# ----------------------------------------------------------------------------
redis:
image: redis:7-alpine
command: >
redis-server
--appendonly yes
--appendfsync everysec
--maxmemory 256mb
--maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
networks:
- backend
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 3s
retries: 3
start_period: 10s
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
delay: 5s
resources:
limits:
memory: 256M
cpus: '0.5'
reservations:
memory: 128M
cpus: '0.25'
# ----------------------------------------------------------------------------
# Queue Worker - Background Jobs
# ----------------------------------------------------------------------------
queue-worker:
image: 94.16.110.151:5000/framework:latest
command: ["php", "/var/www/html/worker.php"]
environment:
- APP_ENV=production
- APP_DEBUG=false
- DB_HOST=db
- DB_DATABASE=framework_prod
- REDIS_HOST=redis
- WORKER_DEBUG=false
- WORKER_SLEEP_TIME=100000
- WORKER_MAX_JOBS=1000
secrets:
- db_password
- app_key
volumes:
- storage-logs:/var/www/html/storage/logs:rw
- storage-queue:/var/www/html/storage/queue:rw
networks:
- backend
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
resources:
limits:
memory: 512M
reservations:
memory: 256M
stop_grace_period: 30s
# ----------------------------------------------------------------------------
# Prometheus - Metrics Collection
# ----------------------------------------------------------------------------
prometheus:
image: prom/prometheus:latest
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
- '--storage.tsdb.retention.time=30d'
volumes:
- prometheus-data:/prometheus
- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
networks:
- traefik-public
- backend
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
cpus: '0.25'
labels:
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=Host(`prometheus.michaelschiemer.de`)"
- "traefik.http.routers.prometheus.entrypoints=websecure"
- "traefik.http.routers.prometheus.tls=true"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
# ----------------------------------------------------------------------------
# Grafana - Metrics Visualization
# ----------------------------------------------------------------------------
grafana:
image: grafana/grafana:latest
environment:
- GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_ROOT_URL=https://grafana.michaelschiemer.de
- GF_INSTALL_PLUGINS=
secrets:
- grafana_admin_password
volumes:
- grafana-data:/var/lib/grafana
networks:
- traefik-public
- backend
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
cpus: '0.25'
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.michaelschiemer.de`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
# ----------------------------------------------------------------------------
# Portainer - Container Management
# ----------------------------------------------------------------------------
portainer:
image: portainer/portainer-ce:latest
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer-data:/data
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
resources:
limits:
memory: 256M
cpus: '0.25'
reservations:
memory: 128M
cpus: '0.1'
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.michaelschiemer.de`)"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
# ==============================================================================
# Networks
# ==============================================================================
networks:
traefik-public:
driver: overlay
attachable: true
backend:
driver: overlay
internal: true
# ==============================================================================
# Volumes
# ==============================================================================
volumes:
traefik-logs:
storage-logs:
storage-uploads:
storage-queue:
db-data:
redis-data:
prometheus-data:
grafana-data:
portainer-data:
# ==============================================================================
# Secrets (to be created before deployment)
# ==============================================================================
secrets:
db_password:
external: true
app_key:
external: true
vault_encryption_key:
external: true
shopify_webhook_secret:
external: true
rapidmail_password:
external: true
grafana_admin_password:
external: true