sesame-orchestrator/docker-compose.prod.yml at main · Libertech-FR/sesame-orchestrator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Exemple de déploiement production Sesame Orchestrator (API + Web dans un seul conteneur).
# Les volumes listés correspondent au catalogue affiché dans Paramètres → Configuration.
#
# Prérequis :
#   docker network create sesame
#   docker network create reverse   # si reverse-proxy externe
#
# Socket.IO : le client utilise `/api/socket.io` (même origine que le front).
# WebSocket prod : NUXT_PUBLIC_SOCKET_IO_POLLING_ONLY=false (défaut si NODE_ENV=production au build).
# Reverse-proxy (Nginx / Apache) : voir docs/reverse-proxy.md
# Router tout le trafic (HTTP + WebSocket) vers le port Nuxt (3000) ;
# Nuxt proxifie `/api/**` vers l'API interne (SESAME_APP_API_URL=http://127.0.0.1:4000).
#
# Test WebSocket avant prod :
#   SESAME_SOCKET_IO_POLLING_ONLY=0 yarn workspace @libertech-fr/sesame-orchestrator_web build
#   node apps/web/.output/server/index.mjs
#   → panneau debug Socket.IO : transport "websocket"
#
# Démarrage :
#   docker compose -f docker-compose.prod.yml up -d

name: sesame

services:
  sesame-orchestrator:
    container_name: sesame-orchestrator
    image: ghcr.io/libertech-fr/sesame-orchestrator:${DOCKER_TAG:-latest}
    restart: unless-stopped
    env_file:
      - .env
      - ./apps/api/.env
      - ./apps/web/.env
    depends_on:
      sesame-mongo:
        condition: service_healthy
      sesame-redis:
        condition: service_healthy
    environment:
      NODE_ENV: production
      SESAME_CONTAINER_NAME: sesame-orchestrator
      SESAME_API_ROOT_DIR: /data/apps/api
      GIT_BRANCH: ${GIT_BRANCH:-unknown}
      GIT_COMMIT: ${GIT_COMMIT:-unknown}
      DOCKER_TAG: ${DOCKER_TAG:-latest}
      SESAME_REDIS_URI: redis://sesame-redis:6379/0
      SESAME_MONGO_URI: mongodb://sesame-mongo:27017/sesame
      SESAME_MONGO_CONTAINER_NAME: sesame-mongo
      SESAME_REDIS_CONTAINER_NAME: sesame-redis
    labels:
      com.docker.compose.project: sesame
      com.docker.compose.service: sesame-orchestrator
      libertech.sesame.component: orchestrator
    volumes:
      # Socket Docker (lecture seule) : inspection des volumes/labels dans Paramètres → Configuration
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Volumes API (orchestrator)
      - ./configs/sesame-orchestrator/jsonforms:/data/apps/api/configs/identities/jsonforms
      - ./configs/sesame-orchestrator/lifecycle:/data/apps/api/configs/lifecycle
      - ./configs/sesame-orchestrator/cron:/data/apps/api/configs/cron
      - ./configs/sesame-orchestrator/storage:/data/apps/api/storage
      - ./configs/sesame-orchestrator/logs:/data/apps/api/logs
      - ./configs/sesame-orchestrator/mail-templates:/data/apps/api/templates
      - ./configs/sesame-orchestrator/validations:/data/apps/api/configs/identities/validations
      # Volumes Web (app-manager / frontal Nuxt)
      - ./configs/sesame-app-manager/config:/data/apps/web/config
      - ./configs/sesame-app-manager/statics:/data/apps/web/src/public/config
      # Certificats TLS partagés
      - ./certificates:/data/certificates
    expose:
      - "3000" # Web (Nuxt)
      - "4000" # API (NestJS)
    # Décommenter si pas de reverse-proxy sur le réseau « reverse » :
    # ports:
    #   - "127.0.0.1:3002:3000"
    #   - "127.0.0.1:4002:4000"
    healthcheck:
      test:
        - CMD
        - node
        - -e
        - "require('http').get('http://127.0.0.1:4000/health',(r)=>process.exit(r.statusCode===200?0:1)).on('error',()=>process.exit(1))"
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 60s
    networks:
      - sesame
      - reverse

  sesame-mongo:
    image: mongo:7.0
    container_name: sesame-mongo
    restart: unless-stopped
    command: --wiredTigerCacheSizeGB 1.5
    labels:
      com.docker.compose.project: sesame
      com.docker.compose.service: sesame-mongo
      libertech.sesame.component: mongodb
    volumes:
      - ./db:/data/db
    ports:
      - "127.0.0.1:27017:27017"
    healthcheck:
      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 20s
    networks:
      - sesame

  sesame-redis:
    image: redis:7-alpine
    container_name: sesame-redis
    restart: unless-stopped
    command: redis-server --appendonly yes
    labels:
      com.docker.compose.project: sesame
      com.docker.compose.service: sesame-redis
      libertech.sesame.component: redis
    volumes:
      - sesame-redis-data:/data
    ports:
      - "127.0.0.1:6379:6379"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 3s
      retries: 5
      start_period: 10s
    networks:
      - sesame

volumes:
  sesame-redis-data:

networks:
  sesame:
    external: true
  reverse:
    external: true