michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
02e4dc93380d667a900a927f21a9bab28bc6e8b1
michaelschiemer/docker-compose.local.yml
Michael Schiemer 02e4dc9338 feat(local-secrets): introduce unified local secrets management and documentation 
- Add example secret files for `app_key`, `db_user_password`, and `redis_password`.
- Introduce `local.vault.yml.example` for Ansible Vault encryption of local secrets.
- Create migration and setup scripts for transitioning from `.env.local` to secrets files.
- Update `docker-compose.local.yml` to adopt Docker Secrets and `_FILE` pattern for local configurations.
- Add deployment playbooks and enhanced logging configurations for local development.
2025-11-04 11:06:21 +01:00

220 lines
7.5 KiB
YAML
Raw Blame History

# Local Development Override
# Usage: docker-compose -f docker-compose.base.yml -f docker-compose.local.yml up
#
# This file overrides base configuration with local development settings:
# - Development ports (8888:80, 443:443, 5433:5432)
# - Host-mounted volumes for live code editing
# - Debug flags enabled (APP_DEBUG, Xdebug)
# - Redis with password (Docker Secrets)
# - Docker Secrets via *_FILE pattern (consistent with staging/production)
# - Development-friendly restart policies
services:
web:
container_name: web
ports:
- "8888:80"
- "443:443" # HTTPS auf Standard-Port 443 für direkten Zugriff via https://localhost
environment:
- APP_ENV=${APP_ENV:-development}
volumes:
- ./:/var/www/html:${VOLUME_MODE:-cached}
- ./ssl:/var/www/ssl:ro
restart: ${RESTART_POLICY:-unless-stopped}
# NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
# Environment variables are loaded by EncryptedEnvLoader in the PHP application
logging:
driver: "${LOG_DRIVER:-local}"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-2}"
healthcheck:
start_period: ${HEALTHCHECK_START_PERIOD:-10s}
deploy:
resources:
limits:
memory: ${WEB_MEMORY_LIMIT:-256M}
cpus: ${WEB_CPU_LIMIT:-0.5}
reservations:
memory: ${WEB_MEMORY_RESERVATION:-128M}
cpus: ${WEB_CPU_RESERVATION:-0.25}
php:
container_name: php
user: "${PHP_USER:-1000:1000}"
volumes:
# Host-Mounts für direkten Zugriff (Development-friendly)
- ./:/var/www/html:${VOLUME_MODE:-cached}
- ./storage/logs:/var/www/html/storage/logs:rw
- ./storage/uploads:/var/www/html/storage/uploads:rw
- ./storage/analytics:/var/www/html/storage/analytics:rw
environment:
- PHP_IDE_CONFIG=${PHP_IDE_CONFIG:-serverName=docker}
- APP_ENV=${APP_ENV:-development}
- APP_DEBUG=${APP_DEBUG:-true}
- XDEBUG_MODE=${XDEBUG_MODE:-debug}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
- DB_PASSWORD_FILE=/run/secrets/db_user_password
- REDIS_PASSWORD_FILE=/run/secrets/redis_password
- APP_KEY_FILE=/run/secrets/app_key
secrets:
- db_user_password
- redis_password
- app_key
restart: ${RESTART_POLICY:-unless-stopped}
# NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
# Environment variables are loaded by EncryptedEnvLoader in the PHP application
logging:
driver: "${LOG_DRIVER:-local}"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-2}"
deploy:
resources:
limits:
memory: ${PHP_MEMORY_LIMIT:-512M}
cpus: ${PHP_CPU_LIMIT:-1.0}
reservations:
memory: ${PHP_MEMORY_RESERVATION:-256M}
cpus: ${PHP_CPU_RESERVATION:-0.5}
php-test:
volumes:
- ./:/var/www/html:${VOLUME_MODE:-cached}
# NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
db:
container_name: db
ports:
- "${DB_EXTERNAL_PORT:-5433}:5432"
# Override environment to remove POSTGRES_PASSWORD (we use Docker Secrets via entrypoint)
environment:
POSTGRES_DB: ${DB_DATABASE:-michaelschiemer}
POSTGRES_USER: ${DB_USERNAME:-postgres}
# POSTGRES_PASSWORD is NOT set here - it's read from Docker Secret in entrypoint
# Performance & Connection Settings
POSTGRES_INITDB_ARGS: "-E UTF8 --locale=C"
PGDATA: /var/lib/postgresql/data/pgdata
secrets:
- db_user_password
# Use entrypoint to read password from Docker Secret
# This overrides the base.yml POSTGRES_PASSWORD environment variable
entrypoint: ["/bin/sh", "-c"]
command:
- |
POSTGRES_PASSWORD=$$(cat /run/secrets/db_user_password 2>/dev/null || echo '')
if [ -n "$$POSTGRES_PASSWORD" ]; then
export POSTGRES_PASSWORD
exec /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql/postgresql.conf
else
echo "⚠️ Warning: db_user_password secret not found, PostgreSQL may fail to start"
exec /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql/postgresql.conf
fi
restart: ${RESTART_POLICY:-unless-stopped}
logging:
driver: "${LOG_DRIVER:-local}"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-2}"
deploy:
resources:
limits:
memory: ${DB_MEMORY_LIMIT:-1G}
cpus: ${DB_CPU_LIMIT:-1.0}
reservations:
memory: ${DB_MEMORY_RESERVATION:-512M}
cpus: ${DB_CPU_RESERVATION:-0.5}
redis:
container_name: redis
restart: ${RESTART_POLICY:-unless-stopped}
secrets:
- redis_password
command: >
sh -c "redis-server
--requirepass $$(cat /run/secrets/redis_password)
--maxmemory 256mb
--maxmemory-policy allkeys-lru
--save 900 1
--save 300 10
--save 60 10000
--appendonly yes
--appendfsync everysec"
healthcheck:
test: ["CMD", "sh", "-c", "redis-cli --no-auth-warning -a $$(cat /run/secrets/redis_password) ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
logging:
driver: "${LOG_DRIVER:-local}"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-2}"
deploy:
resources:
limits:
memory: ${REDIS_MEMORY_LIMIT:-256M}
cpus: ${REDIS_CPU_LIMIT:-0.5}
reservations:
memory: ${REDIS_MEMORY_RESERVATION:-128M}
cpus: ${REDIS_CPU_RESERVATION:-0.25}
queue-worker:
container_name: queue-worker
user: "1000:1000" # Same user ID as PHP container
volumes:
- ./:/var/www/html:cached
- ./storage/logs:/var/www/html/storage/logs:rw
environment:
- APP_ENV=${APP_ENV:-development}
- WORKER_DEBUG=${WORKER_DEBUG:-false}
- WORKER_SLEEP_TIME=${WORKER_SLEEP_TIME:-100000}
- WORKER_MAX_JOBS=${WORKER_MAX_JOBS:-1000}
# Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
- DB_PASSWORD_FILE=/run/secrets/db_user_password
- REDIS_PASSWORD_FILE=/run/secrets/redis_password
secrets:
- db_user_password
- redis_password
restart: unless-stopped
# NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
deploy:
resources:
limits:
memory: 1G
reservations:
memory: 512M
minio:
container_name: minio
ports:
- "${MINIO_API_PORT:-9000}:9000"
- "${MINIO_CONSOLE_PORT:-9001}:9001"
restart: ${RESTART_POLICY:-unless-stopped}
logging:
driver: "${LOG_DRIVER:-local}"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-2}"
deploy:
resources:
limits:
memory: ${MINIO_MEMORY_LIMIT:-512M}
cpus: ${MINIO_CPU_LIMIT:-0.5}
reservations:
memory: ${MINIO_MEMORY_RESERVATION:-256M}
cpus: ${MINIO_CPU_RESERVATION:-0.25}
networks:
backend:
internal: ${NETWORK_BACKEND_INTERNAL:-false}
cache:
internal: ${NETWORK_CACHE_INTERNAL:-false}
# Docker Secrets Configuration
# Secrets are stored in ./secrets/ directory (relative to this file)
# Note: Secrets are already defined in docker-compose.base.yml, but we activate them here
# for local development. The base.yml defines the secret sources.
Reference in New Issue View Git Blame Copy Permalink