mirror of
https://github.com/AmruthPillai/Reactive-Resume.git
synced 2026-06-22 04:11:55 +10:00
Amruth Pillai
a42dbcd452
Add stricter URL and redirect validation, endpoint rate limiting, safer defaults for printer and compose config, and CSP protections across server and API surfaces. Made-with: Cursor
166 lines
4.2 KiB
YAML
166 lines
4.2 KiB
YAML
name: reactive_resume
|
|
|
|
services:
|
|
adminer:
|
|
image: adminer:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8080:8080"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
|
start_period: 10s
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
postgres:
|
|
image: postgres:latest
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: postgres
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql
|
|
ports:
|
|
- "5432:5432"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"]
|
|
start_period: 10s
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
browserless:
|
|
image: ${BROWSERLESS_IMAGE:-ghcr.io/browserless/chromium:latest}
|
|
restart: unless-stopped
|
|
ports:
|
|
- "4000:3000"
|
|
environment:
|
|
QUEUED: 10
|
|
HEALTH: "true"
|
|
CONCURRENT: 5
|
|
TOKEN: ${BROWSERLESS_TOKEN:-change-me}
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", 'curl -f "http://localhost:3000/pressure?token=${BROWSERLESS_TOKEN:-change-me}"']
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 10
|
|
|
|
# As an alternative to browserless, you can also use a lightweight image like chromedp/headless-shell:latest
|
|
# See https://docs.rxresu.me/self-hosting/docker#alternative-printer-options for more information.
|
|
chrome:
|
|
image: chromedp/headless-shell:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- "9222:9222"
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
|
|
seaweedfs:
|
|
image: chrislusf/seaweedfs:latest
|
|
restart: unless-stopped
|
|
command: server -s3 -filer -dir=/data -ip=0.0.0.0
|
|
environment:
|
|
AWS_ACCESS_KEY_ID: seaweedfs
|
|
AWS_SECRET_ACCESS_KEY: seaweedfs
|
|
volumes:
|
|
- seaweedfs_data:/data
|
|
ports:
|
|
- "8333:8333"
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8888"]
|
|
start_period: 10s
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
seaweedfs_create_bucket:
|
|
image: quay.io/minio/mc:latest
|
|
restart: on-failure
|
|
entrypoint: >
|
|
/bin/sh -c "
|
|
until mc alias set seaweedfs http://seaweedfs:8333 seaweedfs seaweedfs; do
|
|
echo 'Waiting for SeaweedFS...';
|
|
sleep 2;
|
|
done;
|
|
mc mb seaweedfs/reactive-resume --ignore-existing;
|
|
"
|
|
depends_on:
|
|
seaweedfs:
|
|
condition: service_healthy
|
|
|
|
mailpit:
|
|
image: axllent/mailpit:latest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- mailpit_data:/data
|
|
ports:
|
|
- "1025:1025"
|
|
- "8025:8025"
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8025/"]
|
|
start_period: 10s
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
web_app:
|
|
profiles: ["app"]
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.dev
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
PRINTER_APP_URL: http://web_app:3000
|
|
PRINTER_ENDPOINT: ws://browserless:3000?token=${BROWSERLESS_TOKEN:-change-me}
|
|
DATABASE_URL: postgresql://postgres:postgres@postgres:5432/postgres
|
|
SMTP_HOST: mailpit
|
|
S3_ENDPOINT: http://seaweedfs:8333
|
|
CHOKIDAR_INTERVAL: 100
|
|
WATCHPACK_POLLING: "true"
|
|
CHOKIDAR_USEPOLLING: "true"
|
|
volumes:
|
|
- ./:/app
|
|
- web_app_data:/app/data
|
|
- web_app_pnpm_store:/pnpm/store
|
|
- web_app_nitro_cache:/app/.nitro
|
|
- web_app_tanstack_cache:/app/.tanstack
|
|
- web_app_node_modules:/app/node_modules
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
browserless:
|
|
condition: service_healthy
|
|
seaweedfs:
|
|
condition: service_healthy
|
|
seaweedfs_create_bucket:
|
|
condition: service_completed_successfully
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
|
|
start_period: 10s
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
volumes:
|
|
mailpit_data:
|
|
postgres_data:
|
|
seaweedfs_data:
|
|
web_app_data:
|
|
web_app_pnpm_store:
|
|
web_app_nitro_cache:
|
|
web_app_node_modules:
|
|
web_app_tanstack_cache:
|