Hamza/wasl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7306c473680e5ea747a624d0568c85ba0689388d
wasl/Backend/docker-compose.yml
Hamza-Ayed 7306c47368 Initial commit - WASL Digital Wallet
2026-06-20 21:55:06 +03:00

205 lines
7.9 KiB
YAML
Raw Blame History

# WASL Digital Wallet — Production-grade Docker setup
# Services on internal network; only nginx is exposed externally.
# Usage:
# docker compose up -d
# docker compose exec app composer install
# docker compose exec app php artisan migrate --force
# docker compose exec app php artisan octane:start --server=swoole --host=0.0.0.0 --port=8000
services:
# ───────────────────────────────────────────────────────────────
# Application (PHP 8.3 + Swoole + Octane)
# ───────────────────────────────────────────────────────────────
app:
build:
context: .
dockerfile: Dockerfile
target: production
container_name: wasl-app
restart: unless-stopped
working_dir: /var/www/html
volumes:
- ./:/var/www/html
- app_storage:/var/www/html/storage
- app_bootstrap_cache:/var/www/html/bootstrap/cache
networks:
- wasl-internal
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
- "PHP_OCTANE_SERVER=swoole"
- "DB_HOST=postgres"
- "REDIS_HOST=redis"
healthcheck:
test: ["CMD-SHELL", "php artisan octane:status || exit 1"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
# ───────────────────────────────────────────────────────────────
# Queue Worker (supervisor-managed)
# ───────────────────────────────────────────────────────────────
worker:
build:
context: .
dockerfile: Dockerfile
target: production
container_name: wasl-worker
restart: unless-stopped
working_dir: /var/www/html
volumes:
- ./:/var/www/html
- app_storage:/var/www/html/storage
networks:
- wasl-internal
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
command: ["php", "artisan", "queue:work", "redis", "--tries=3", "--backoff=10", "--max-time=3600"]
healthcheck:
test: ["CMD-SHELL", "php artisan horizon:status || php artisan queue:status || exit 0"]
interval: 60s
timeout: 10s
retries: 3
# ───────────────────────────────────────────────────────────────
# Nginx (Reverse Proxy + Load Balancer) — the ONLY exposed service
# ───────────────────────────────────────────────────────────────
nginx:
image: nginx:1.27-alpine
container_name: wasl-nginx
restart: unless-stopped
ports:
- "${NGINX_PORT:-8080}:80"
volumes:
- ./:/var/www/html
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- nginx_logs:/var/log/nginx
networks:
- wasl-internal
depends_on:
- app
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/up"]
interval: 30s
timeout: 5s
retries: 3
# ───────────────────────────────────────────────────────────────
# PostgreSQL 16 — Primary financial database
# ───────────────────────────────────────────────────────────────
postgres:
image: postgres:16-alpine
container_name: wasl-postgres
restart: unless-stopped
environment:
- "POSTGRES_DB=${DB_DATABASE:-wasl}"
- "POSTGRES_USER=${DB_USERNAME:-wasl}"
- "POSTGRES_PASSWORD=${DB_PASSWORD:-secret}"
- "POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./docker/postgres/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
networks:
- wasl-internal
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME:-wasl} -d ${DB_DATABASE:-wasl}"]
interval: 10s
timeout: 5s
retries: 5
# SECURITY: no ports exposed — only reachable from internal network
# ───────────────────────────────────────────────────────────────
# Redis 7 — Cache + Queue + Sessions + Throttling
# ───────────────────────────────────────────────────────────────
redis:
image: redis:7-alpine
container_name: wasl-redis
restart: unless-stopped
command: >
redis-server
--requirepass ${REDIS_PASSWORD:-secret}
--maxmemory 512mb
--maxmemory-policy allkeys-lru
--appendonly yes
--save 60 1000
volumes:
- redis_data:/data
networks:
- wasl-internal
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-secret}", "ping"]
interval: 10s
timeout: 5s
retries: 5
# SECURITY: no ports exposed
# ───────────────────────────────────────────────────────────────
# MinIO — S3-compatible storage for KYC documents (encrypted at rest)
# ───────────────────────────────────────────────────────────────
minio:
image: minio/minio:latest
container_name: wasl-minio
restart: unless-stopped
command: server /data --console-address ":9001"
environment:
- "MINIO_ROOT_USER=${AWS_ACCESS_KEY_ID:-minioadmin}"
- "MINIO_ROOT_PASSWORD=${AWS_SECRET_ACCESS_KEY:-minioadmin}"
volumes:
- minio_data:/data
networks:
- wasl-internal
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
# SECURITY: no ports exposed externally
# ───────────────────────────────────────────────────────────────
# MinIO Bootstrap — auto-create buckets on first run
# ───────────────────────────────────────────────────────────────
minio-bootstrap:
image: minio/mc:latest
container_name: wasl-minio-init
depends_on:
minio:
condition: service_healthy
networks:
- wasl-internal
entrypoint: >
/bin/sh -c "
sleep 5;
mc alias set wasl http://minio:9000 ${AWS_ACCESS_KEY_ID:-minioadmin} ${AWS_SECRET_ACCESS_KEY:-minioadmin};
mc mb wasl/${WASL_KYC_BUCKET:-wasl-kyc} --ignore-existing;
mc anonymous set none wasl/${WASL_KYC_BUCKET:-wasl-kyc};
exit 0;
"
networks:
wasl-internal:
driver: bridge
internal: false # set to `true` if you don't need outbound internet
volumes:
postgres_data:
driver: local
redis_data:
driver: local
minio_data:
driver: local
app_storage:
driver: local
app_bootstrap_cache:
driver: local
nginx_logs:
driver: local
Reference in New Issue View Git Blame Copy Permalink