# Production stack for buildmymcpserver.com — Linux host only. # # Run with: # docker compose --env-file .env.production -f docker-compose.prod.yml up -d --build # # Topology — matches the house pattern on the shared Hetzner box: # - Bridge networking + per-app network, like every other app on the box. # - api / web / postgres / redis publish to 127.0.0.1 only. The host nginx # reverse-proxies the public domains to these loopback ports. Nothing here # binds 0.0.0.0:80/443 — the box's existing nginx owns those. # - generator uses host networking: it has no listening port of its own (no # collision risk) and it must allocate + probe host ports for the MCP # containers it spawns, which is only correct in the host namespace. # - api + generator mount the Docker socket: the API removes generated # containers, the generator builds + runs them as host siblings. # # Ports are picked to not collide with the other apps already on this box. name: buildmymcpserver services: postgres: image: postgres:16-alpine container_name: bmm-postgres restart: unless-stopped environment: POSTGRES_USER: ${POSTGRES_USER:-bmm} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD in .env.production} POSTGRES_DB: ${POSTGRES_DB:-bmm} ports: - "127.0.0.1:${POSTGRES_PORT:-5440}:5432" volumes: - bmm_pg:/var/lib/postgresql/data networks: [bmm-network] healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-bmm} -d ${POSTGRES_DB:-bmm}"] interval: 5s timeout: 5s retries: 20 redis: image: redis:7-alpine container_name: bmm-redis restart: unless-stopped command: ["redis-server", "--appendonly", "yes"] ports: - "127.0.0.1:${REDIS_PORT:-6390}:6379" volumes: - bmm_redis:/data networks: [bmm-network] healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 5s timeout: 5s retries: 20 # Restricted Docker API gateway for the control plane. The API only needs to # stop/remove generated containers (`docker rm -f`), so it talks to this proxy # — which exposes ONLY the containers endpoints + write methods — instead of # mounting the raw root-equivalent /var/run/docker.sock. A compromised API can # no longer build images, create privileged containers, exec, or mount host # paths. (INF-003) NOTE: the generator still mounts the raw socket because it # legitimately builds+runs containers (an inherently privileged operation); # that residual is tracked in the audit backlog (rootless buildkit / build VM). docker-socket-proxy: image: tecnativa/docker-socket-proxy:0.2.0 container_name: bmm-docker-proxy restart: unless-stopped environment: CONTAINERS: 1 POST: 1 # everything else stays at the image default (0 = blocked) IMAGES: 0 BUILD: 0 NETWORKS: 0 VOLUMES: 0 EXEC: 0 INFO: 0 AUTH: 0 SECRETS: 0 SWARM: 0 SYSTEM: 0 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: [bmm-network] api: build: context: . dockerfile: apps/api/Dockerfile container_name: bmm-api restart: unless-stopped env_file: .env.production environment: # Route docker CLI calls through the restricted proxy instead of a raw # socket mount. (INF-003) DOCKER_HOST: tcp://docker-socket-proxy:2375 ports: - "127.0.0.1:${API_PORT:-4000}:4000" volumes: - bmm_keys:/app/apps/api/keys # Per-runner nginx snippets — written by the generator, deleted by the # api when a server is removed. The host-side systemd watcher combines # them into runner-map.combined + reloads nginx. Without this mount the # snippet files land in an ephemeral container path and the path-routed # //* endpoints return 404 from nginx — breaking OAuth discovery # for every external MCP client. - /opt/buildmymcpserver/runner-map:/var/runner-map networks: [bmm-network] depends_on: postgres: condition: service_healthy redis: condition: service_healthy docker-socket-proxy: condition: service_started web: build: context: . dockerfile: apps/web/Dockerfile args: NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:?set NEXT_PUBLIC_API_URL in .env.production} # Publishable (not secret) — baked into the client bundle for embedded # checkout. Default empty so the build never fails when it's unset. NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: ${NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY:-} container_name: bmm-web restart: unless-stopped env_file: .env.production ports: - "127.0.0.1:${WEB_PORT:-4001}:3001" networks: [bmm-network] depends_on: - api generator: build: context: . dockerfile: apps/generator/Dockerfile container_name: bmm-generator restart: unless-stopped network_mode: host env_file: .env.production environment: # Host networking — reach the DBs via their published loopback ports # instead of the compose-network service names. DATABASE_URL: postgresql://${POSTGRES_USER:-bmm}:${POSTGRES_PASSWORD}@127.0.0.1:${POSTGRES_PORT:-5440}/${POSTGRES_DB:-bmm} REDIS_URL: redis://127.0.0.1:${REDIS_PORT:-6390} volumes: # SECURITY (INF-003): the generator mounts the RAW docker socket because it # builds images and runs containers — inherently root-equivalent on this # host, and a socket-proxy can't filter that (container-create with host # binds is the dangerous primitive it legitimately needs). It is NOT # internet-facing (driven only by the Redis build queue). Real remediation # = rootless buildkit or a dedicated build VM; tracked in the audit backlog. - /var/run/docker.sock:/var/run/docker.sock - bmm_build_context:/app/build-context # Same runner-map mount as the api — generator drops the snippet on # deploy, watcher concatenates, nginx reloads. - /opt/buildmymcpserver/runner-map:/var/runner-map depends_on: postgres: condition: service_healthy redis: condition: service_healthy networks: bmm-network: driver: bridge volumes: bmm_pg: bmm_redis: bmm_keys: bmm_build_context: