Add production Docker Compose deployment configurations#162
Open
bobbyhyam wants to merge 11 commits intoMng-dev-ai:mainfrom
Open
Add production Docker Compose deployment configurations#162bobbyhyam wants to merge 11 commits intoMng-dev-ai:mainfrom
bobbyhyam wants to merge 11 commits intoMng-dev-ai:mainfrom
Conversation
- docker-compose.traefik.yml: Full production with Traefik reverse proxy, auto-SSL via Let's Encrypt, isolated networks - docker-compose.simple.yml: Simple HTTP deployment with direct port access - frontend/Dockerfile.prod: Multi-stage build with nginx serving static assets - frontend/nginx.conf: SPA routing, gzip compression, caching, security headers - .env.traefik.example and .env.simple.example: Example environment files Key production features: - PostgreSQL 17-alpine with 600 max connections - Redis 7-alpine with AOF persistence - Named volumes instead of mounted code directories - Resource limits and health checks with start_period - Isolated networks for security Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enable ping and add --ping flag to Traefik healthcheck - Set providers.docker.network to avoid arbitrary network selection for multi-network containers - Fix frontend healthcheck to use 127.0.0.1 instead of localhost (IPv6 mismatch on Alpine) - Add explicit network name to claudex-proxy to avoid project-name prefix issues Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add GitHub Actions workflows for building backend and frontend images
- Replace hardcoded image references with ${IMAGE_OWNER:-mng-dev-ai} in
both compose files so forks can use their own GHCR images
- Update frontend Dockerfile.prod to use placeholder-based build args
with runtime env var injection via docker-entrypoint.sh
- Add IMAGE_OWNER to .env example files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Upgrade Traefik v3.0 → v3.4 to fix incompatibility with Docker Engine 29.x (requires API v1.44+). Add ALLOWED_ORIGINS for the cross-origin traefik setup where frontend and API are on different subdomains. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v3.4 still uses Docker API v1.24; the auto-negotiation fix landed in v3.6.1. Verified on cldx-test.bobbyhyam.com with Docker Engine 29.2.1. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Environment variables are the preferred configuration method for Traefik in Docker Compose, avoiding shell escaping issues with CLI args. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drop docker-compose.simple.yml from the repo and rewrite the deployment section to clarify the two supported modes (localhost dev vs internet-facing server) and the current requirement for public domain with wildcard DNS. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
No longer needed after dropping the simple compose configuration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #130
docker-compose.traefik.yml) — automatic Let's Encrypt SSL, HTTP→HTTPS redirect, per-service routing (DOMAINfor frontend,api.DOMAINfor API). Requires wildcard DNS..env.traefik.examplewith documented configurationIMAGE_OWNERenv var (defaults tomng-dev-ai) so forks can use their own GHCR imagesWhat changed
docker-compose.traefik.yml— pulls pre-built images from GHCR, services behind Traefik with HTTPS, HTTP→HTTPS redirect, and per-service routing. Traefik configured via environment variables. Includes postgres, redis, celery workers, and sandbox setup.frontend/Dockerfile.prod— multi-stage build producing an nginx image; uses placeholder build args (__VITE_API_BASE_URL__,__VITE_WS_URL__) replaced at runtime bydocker-entrypoint.shfrontend/docker-entrypoint.sh— sed-replaces placeholders in built JS with actual env vars at container startfrontend/nginx.conf— serves the SPA with/healthendpoint.github/workflows/build-backend.yml/build-frontend.yml— build multi-arch (amd64/arm64) images on push to main or manual dispatch, push toghcr.io/${{ github.repository_owner }}/...README.md— added Docker Compose deployment section with Traefik configuration instructionsTest plan
docker compose configresolves correctly with default and customIMAGE_OWNERdocker-compose.traefik.yml— all services come up healthy with fork images, SSL via Let's Encrypt, HTTP→HTTPS redirect verified on live domain🤖 Generated with Claude Code