Sentinel/docker-compose.yml at main · sidxz/Sentinel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
services:
  identity-postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: identity
      POSTGRES_USER: identity
      POSTGRES_PASSWORD: identity_dev
    # Copy TLS certs with correct ownership/permissions, then start with SSL
    entrypoint:
      - sh
      - -c
      - |
        cp /tls/server.crt /tmp/server.crt
        cp /tls/server.key /tmp/server.key
        chown postgres:postgres /tmp/server.crt /tmp/server.key
        chmod 600 /tmp/server.key
        exec docker-entrypoint.sh postgres \
          -c ssl=on \
          -c ssl_cert_file=/tmp/server.crt \
          -c ssl_key_file=/tmp/server.key
    ports:
      - "9001:5432"
    volumes:
      - identity_pg_data:/var/lib/postgresql/data
      - ./keys/tls:/tls:ro
    networks:
      - sentinel-network
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U identity"]
      interval: 5s
      timeout: 5s
      retries: 5

  identity-redis:
    image: redis:7-alpine
    command: >
      redis-server
      --requirepass sentinel_dev
      --tls-port 6379
      --port 0
      --tls-cert-file /tls/server.crt
      --tls-key-file /tls/server.key
      --tls-ca-cert-file /tls/ca.crt
      --tls-auth-clients no
    ports:
      - "9002:6379"
    volumes:
      - ./keys/tls:/tls:ro
    networks:
      - sentinel-network
    healthcheck:
      test: ["CMD", "redis-cli", "--tls", "--cacert", "/tls/ca.crt", "-a", "sentinel_dev", "ping"]
      interval: 5s
      timeout: 5s
      retries: 5

  sentinel:
    build:
      context: service
    ports:
      - "9003:9003"
    env_file:
      - service/.env
    environment:
      DEBUG: "true"
      DATABASE_URL: "postgresql+asyncpg://identity:identity_dev@identity-postgres:5432/identity?ssl=require"
      REDIS_URL: "rediss://:sentinel_dev@identity-redis:6379/0"
      REDIS_TLS_CA_CERT: "/keys/tls/ca.crt"
      ALLOWED_HOSTS: "localhost,sentinel"
      RATE_LIMIT_RPM: 10000
    volumes:
      - ./keys:/keys:ro
    depends_on:
      identity-postgres:
        condition: service_healthy
      identity-redis:
        condition: service_healthy
    networks:
      - sentinel-network

volumes:
  identity_pg_data:

networks:
  sentinel-network:
    driver: bridge