mirror of
https://github.com/BetterCorp/BetterFrame.git
synced 2026-05-26 17:56:34 +00:00
88526095e2
sec-config.yaml is now generated at Docker build time from
sec-config.template.yaml via envsubst. Secrets come from Coolify
build args (set in UI, never in git). Template uses ${VAR:-default}
placeholders — safe to commit to public repo.
- sec-config.yaml removed from git, added to .gitignore
- sec-config.template.yaml added (public, no secrets)
- Dockerfile.server: ARGs for all config, envsubst generates config
at build time, result is chmod 444 (read-only)
- Coolify compose: removed sec-config volume mount (baked in now)
- For native installs: copy template to sec-config.yaml, fill values
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
99 lines
2.5 KiB
YAML
99 lines
2.5 KiB
YAML
# BetterFrame Coolify variant — Coolify's Traefik fronts the stack, so
|
|
# no host port is published from the compose. Angie still receives traffic
|
|
# from Traefik on container port 80 (via the betterframe network).
|
|
#
|
|
# Point Coolify resource at this file instead of docker-compose.yml.
|
|
#
|
|
# Server config is baked into the image at build time from
|
|
# sec-config.template.yaml + Coolify build args (secrets).
|
|
|
|
version: "3.8"
|
|
|
|
services:
|
|
server:
|
|
build:
|
|
context: .
|
|
dockerfile: deploy/docker/Dockerfile.server
|
|
args:
|
|
BF_SERVER_VERSION: ${BF_SERVER_VERSION:-${COOLIFY_GIT_COMMIT:-${SOURCE_COMMIT:-dev}}}
|
|
container_name: betterframe-server
|
|
restart: unless-stopped
|
|
environment:
|
|
- TZ=UTC
|
|
expose:
|
|
- "18080"
|
|
- "18081"
|
|
- "18082"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget -qO- http://localhost:18080/healthz || exit 1"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 30s
|
|
networks:
|
|
- betterframe
|
|
|
|
angie:
|
|
build:
|
|
context: .
|
|
dockerfile: deploy/docker/Dockerfile.angie
|
|
container_name: betterframe-angie
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- server
|
|
- nodered
|
|
# No `ports:` — Coolify's Traefik routes ${SERVICE_FQDN_ANGIE_80} → 80.
|
|
expose:
|
|
- "80"
|
|
networks:
|
|
- betterframe
|
|
|
|
nodered:
|
|
build:
|
|
context: .
|
|
dockerfile: deploy/docker/Dockerfile.nodered
|
|
container_name: betterframe-nodered
|
|
restart: unless-stopped
|
|
environment:
|
|
- TZ=UTC
|
|
volumes:
|
|
- nrdata:/data
|
|
expose:
|
|
- "1880"
|
|
healthcheck:
|
|
# Node-RED root admin path returns 200 once the runtime is up.
|
|
test: ["CMD-SHELL", "wget -q --spider http://localhost:1880/nrdp/ || exit 1"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 90s
|
|
networks:
|
|
- betterframe
|
|
|
|
postgres:
|
|
image: postgres:18-alpine
|
|
container_name: betterframe-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_USER=${BF_PG_USER:-betterframe}
|
|
- POSTGRES_PASSWORD=${BF_PG_PASSWORD:-betterframe}
|
|
- POSTGRES_DB=${BF_PG_DB:-betterframe}
|
|
volumes:
|
|
- pgdata:/var/lib/postgresql
|
|
expose:
|
|
- "5432"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${BF_PG_USER:-betterframe}"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 10s
|
|
networks:
|
|
- betterframe
|
|
|
|
networks:
|
|
betterframe:
|
|
driver: bridge
|