93161d3800
- Add healthcheck to Redis service in compose.yml and upgrade depends_on from service_started to service_healthy so backend and webhook-worker wait for Redis readiness. - Add HTTP security headers middleware (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy) to the FastAPI backend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
98 lines
2.9 KiB
YAML
98 lines
2.9 KiB
YAML
name: openclaw-mission-control
|
|
|
|
services:
|
|
db:
|
|
image: postgres:16-alpine
|
|
environment:
|
|
POSTGRES_DB: ${POSTGRES_DB:-mission_control}
|
|
POSTGRES_USER: ${POSTGRES_USER:-postgres}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
ports:
|
|
- "${POSTGRES_PORT:-5432}:5432"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 20
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
ports:
|
|
- "${REDIS_PORT:-6379}:6379"
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 5
|
|
|
|
backend:
|
|
build:
|
|
# Build from repo root so the backend image can include repo-level assets
|
|
# like `backend/templates/`.
|
|
context: .
|
|
dockerfile: backend/Dockerfile
|
|
env_file:
|
|
- ./backend/.env.example
|
|
environment:
|
|
# Override localhost defaults for container networking
|
|
DATABASE_URL: postgresql+psycopg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-mission_control}
|
|
CORS_ORIGINS: ${CORS_ORIGINS:-http://localhost:3000}
|
|
DB_AUTO_MIGRATE: ${DB_AUTO_MIGRATE:-true}
|
|
AUTH_MODE: ${AUTH_MODE}
|
|
LOCAL_AUTH_TOKEN: ${LOCAL_AUTH_TOKEN}
|
|
RQ_REDIS_URL: redis://redis:6379/0
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
ports:
|
|
- "${BACKEND_PORT:-8000}:8000"
|
|
|
|
frontend:
|
|
build:
|
|
context: ./frontend
|
|
args:
|
|
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:8000}
|
|
NEXT_PUBLIC_AUTH_MODE: ${AUTH_MODE}
|
|
# Optional, user-managed env file.
|
|
# IMPORTANT: do NOT load `.env.example` here because it contains non-empty
|
|
# placeholder Clerk keys, which can accidentally flip Clerk "on".
|
|
env_file:
|
|
- path: ./frontend/.env
|
|
required: false
|
|
environment:
|
|
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:8000}
|
|
NEXT_PUBLIC_AUTH_MODE: ${AUTH_MODE}
|
|
depends_on:
|
|
- backend
|
|
ports:
|
|
- "${FRONTEND_PORT:-3000}:3000"
|
|
|
|
webhook-worker:
|
|
build:
|
|
context: .
|
|
dockerfile: backend/Dockerfile
|
|
command: ["rq", "worker", "-u", "redis://redis:6379/0"]
|
|
env_file:
|
|
- ./backend/.env.example
|
|
depends_on:
|
|
redis:
|
|
condition: service_healthy
|
|
db:
|
|
condition: service_healthy
|
|
environment:
|
|
DATABASE_URL: postgresql+psycopg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-mission_control}
|
|
AUTH_MODE: ${AUTH_MODE}
|
|
LOCAL_AUTH_TOKEN: ${LOCAL_AUTH_TOKEN}
|
|
RQ_REDIS_URL: redis://redis:6379/0
|
|
RQ_QUEUE_NAME: ${RQ_QUEUE_NAME:-default}
|
|
RQ_DISPATCH_THROTTLE_SECONDS: ${RQ_DISPATCH_THROTTLE_SECONDS:-2.0}
|
|
RQ_DISPATCH_MAX_RETRIES: ${RQ_DISPATCH_MAX_RETRIES:-3}
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
postgres_data:
|