GraphDone-Core/deployment/docker-compose.yml at main · GraphDone/GraphDone-Core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
version: '3.8'

services:
  graphdone-neo4j:
    container_name: graphdone-neo4j
    image: neo4j:5.26.12
    environment:
      NEO4J_AUTH: neo4j/graphdone_password
      NEO4J_PLUGINS: '["graph-data-science", "apoc"]'
      NEO4J_dbms_security_procedures_unrestricted: "gds.*,apoc.*"
      NEO4J_dbms_security_procedures_allowlist: "gds.*,apoc.*"
      NEO4J_server_config_strict__validation_enabled: "false"
    # Internal ports only - no external exposure in production
    expose:
      - "7474"  # HTTP
      - "7687"  # Bolt
    volumes:
      - neo4j_data:/data
      - logs:/logs
    healthcheck:
      test: ["CMD", "cypher-shell", "-u", "neo4j", "-p", "graphdone_password", "RETURN 1"]
      interval: 20s        # Check every 20 seconds (less frequent to reduce resource usage)
      timeout: 45s         # Allow 45 seconds per attempt (handles slow disk I/O)
      retries: 20          # 20 attempts = ~7 minutes total (handles slow Linux systems)
      start_period: 120s   # Wait 2 minutes before first check (allows initialization time)

  graphdone-redis:
    container_name: graphdone-redis
    image: redis:8-alpine
    # Internal port only - no external exposure in production
    expose:
      - "6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

  graphdone-api:
    container_name: graphdone-api
    image: gd-core-api:0.3.1-alpha
    build:
      context: ..
      dockerfile: packages/server/Dockerfile
    environment:
      - NODE_ENV=production
      - NEO4J_URI=bolt://graphdone-neo4j:7687
      - NEO4J_USER=neo4j
      - NEO4J_PASSWORD=graphdone_password
      - SSL_ENABLED=true
      - SSL_KEY_PATH=/app/certs/server-key.pem
      - SSL_CERT_PATH=/app/certs/server-cert.pem
      - HTTPS_PORT=4128
      - CORS_ORIGIN=https://localhost:3128
      - GRAPHDONE_START_TIME=${GRAPHDONE_START_TIME}
    # Internal port only - accessed via web container proxy
    expose:
      - "4128"  # HTTPS port
    depends_on:
      graphdone-neo4j:
        condition: service_healthy
      graphdone-redis:
        condition: service_healthy
    volumes:
      - ../packages/server/.env:/app/.env
      - logs:/app/logs
      - sqlite_auth_data:/app/data
      - ./certs:/app/certs:ro  # Mount SSL certificates
    healthcheck:
      test: ["CMD", "curl", "-k", "-f", "https://localhost:4128/health"]
      interval: 30s
      timeout: 10s
      retries: 3

  graphdone-web:
    container_name: graphdone-web
    image: gd-core-web:0.3.1-alpha
    build:
      context: ..
      dockerfile: packages/web/Dockerfile
      args:
        - VITE_GRAPHQL_URL=https://localhost:3128/api/graphql
        - VITE_GRAPHQL_WS_URL=wss://localhost:3128/api/graphql
    environment:
      - VITE_GRAPHQL_URL=https://localhost:3128/api/graphql
      - VITE_GRAPHQL_WS_URL=wss://localhost:3128/api/graphql
    ports:
      - "3128:3128"  # HTTPS port with HTTP redirect support
    depends_on:
      - graphdone-api
    volumes:
      - ../packages/web/.env:/app/.env
      - logs:/app/logs
      - ./certs/server-cert.pem:/etc/ssl/certs/server-cert.pem:ro
      - ./certs/server-key.pem:/etc/ssl/private/server-key.pem:ro

volumes:
  neo4j_data:
  redis_data:
  logs:
  sqlite_auth_data: